Setup Git deployment on push to remote origin with post-update hook


1. Generate SSH keys pair.
Use ssh-keygen command to generate SSH keys pair.
Example usage:

$ ssh-keygen -t rsa -b 4096 -C ""
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tarasius/.ssh/id_rsa):

2. Setup SSH key authorization.
To setup autorization by SSH key add contents of your public key
($HOME/.ssh/ to $HOME/.ssh/authorized_keys file.
For example:

$ cat $HOME/.ssh/ >> $HOME/.ssh/authorized_keys

Or use command ssh-copy-id command like:

$ ssh-copy-id -i $HOME/.ssh/
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys's password:

3. Setup working copy Git repository.

$ cd $HOME/web/
$ git init
Initialized empty Git repository in $HOME/web/

4. Setup bare Git repository.

$ cd
$ git init --bare remote2.git
Initialized empty Git repository in /home/tarasius/remote2.git/

5. Git web hook script.

$ cp -fvp /home/tarasius/remote2.git/hooks/post-update.sample /home/tarasius/remote2.git/hooks/post-update
$ vim /home/tarasius/remote2.git/hooks/post-update

# An example hook script to prepare a packed repository for use over
# dumb transports.
# To enable this hook, rename this file to "post-update".
# exec git update-server-info


export GIT_WORK_TREE=/home/tarasius/web/
export GIT_DIR=/home/tarasius/remote2.git/

/usr/bin/git checkout -f


6. Add remote origin
To view list or remote origins:

$ git remote -v

To add remote origin:

$ git remote add origin

7. To deploy changes
To deploy your changes push commit:

$ git push origin master

In this example:

/home/tarasius - example user home directory $HOME or ~
/home/tarasius/web/ - folder with application working copy
/home/tarasius/remote2.git/ - bare Git repository - host name of server with git repositories

mysql and mysqldump –defaults-file without a password

MySQL has an amazing option called –defaults-file. It can be used to store credentials in configuration file as it shown in example below:


Make sure you did not store such configration files anywhere inside public_html accessible via HTTP or HTTPS on your website. It is real security breach. Do not do it. Consider to change –defaults-file ../some_secure_path_outside_www/ permissions as low as 600 only accessible to user to read/write it. Nobody other should have access to it. Store such files outside of any virtual host htdocs, www or public_html folders.

With such configation files you can skip authorization when using mysql, mysqldump commands.
Example commands are:
1. To make db backup you can run command like:

# mysqldump --defaults-file=../some_secure_path_outside_www/ db1 > db1.sql

2. To restore db from SQL dump file you can execute command below:

# mysql --defaults-file=../some_secure_path_outside_wwwpath/ db1 < db1.sql

You could also use my PHP cli scripts to generate such .cnf configuration files automatically from a popular CMS and frameworks at:

Example usage of command below:

# php get_create_my_cnf.php /home/taras/public_html >../some_secure_path_outside_www/

Please, also look at documentation for more details: