git auto pull on bitnami with php

Auto pull script

<?php
echo exec('whoami');
$output=shell_exec('/home/bitnami/stack/git/bin/git pull 2>&1');
echo "<pre>$output</pre>";

This script will tell us who the apache user is (e.g. daemon, www-data or www) and if it has permission to execute shell commands.

Apache user

Next step is to make sure you’re apache user has read and write access to the entire repository.

sudo chown -R ssh_user:daemon repository/
sudo chmod -R g+wrx repository/

SSH key

The apache user needs to have a key to talk to the server.

sudo -u daemon ssh-keygen -t rsa

ssh-keygen will tell us where it’s creating the keys.
Make sure your apache user is the owner of the .ssh directory that the keys are being created in.

Copy public key to your project host

Allow the project host to access the server.
(e.g. repository settings > deployment keys)

Test apache user in the shell.

This step is super important.

sudo -u daemon git pull

Then test your apache user in the browser.

Webhook

Go to your project host and setup your webhook to point to your php auto pull script.

Change the shell_exec to:

<?php 
$output=shell_exec('/home/bitnami/stack/git/bin/git pull');
echo "<pre>$output</pre>";

Security

Setup the htaccess restriction in your repo to only allow your project host to access your php auto pull script. Those IPs are bitbuckets.

<FilesMatch "autopull.php$">
    Order deny,allow
    Deny from all
    Allow from 104.192.143.192/28 104.192.143.208/28
</FilesMatch>

Thank you

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s