Deploy Your Static Or Dynamic Websites Using Git In Public Cloud   BLOG General

Like most versatile engineers, we host websites of side projects in EC2 or DigitalOcean. It might be Boostrap, php, python, nodejs, or anything charming.
We definitely want to have a quick setup, and keep routine maintenance minimum. Here are some pratical tips. Check it out!

Deploy Your Static Or Dynamic Websites Using Git In Public Cloud

Update Per Audience Feedback:
  • Thanks to Rob Larsen: We should try our best to avoid using root OS user.

Don't Want To Start VMs In Public Cloud

If you want to save some pennies or just for a quick demo, you don't necessarily need to rent a VM. You can run websites directly in your laptop, linux or mac. (Pity for windows users.) Then export your laptop to the internet.

Allow Git Clone By SSH Key, And Run Git Pull Every 10 Min

  • Configure github/bitbucket ssh key.
I assume you're familiar with git clone by ssh. Probably like lots of developers, you will use your own private key. I highly diagree with that. Too dangerous! Your ssh private key can unlock lots of precious treasures, far more than this git repo. Right?

Git deploy key

How to improve? Create a readonly git deploy key in github/bitbucket repo setting. To do that, we need create a new ssh key pair. So it's new and isolated. And git deploy key has a nice limitation: we can't use the same deploy key for multiple repos. It adds extra security.
For simplicity or reasonable security compromise, some people may still use their private key. I admit, it makes sense to some extent. Then protect your ssh key with passphrase. It's easy and simple.
For simplicity, here we use root to checkout code and setup website. To improve the security, try with an ordinary OS user.
# Update ssh key to below
vim /root/git_deploy_key

# ssh private key can't be widely open
chmod 400 /root/git_deploy_key
  • Specify ssh key for git clone
vim /root/.ssh/config

     StrictHostKeyChecking no
     User git
     IdentityFile /root/git_deploy_key
  • Run git clone to get the repo.
# Run with correct parameters.
cd /var/www/
git clone
  • Create crontab for periodical git pull. Thus no need for manul login and update anymore.
crontab -e

# Change file path
*/10 * * * * cd /var/www/denny_www; git pull

For Static Websites, Create Apache Vhost

For static websites of plain html, we can don't need to run it in our own server. It can be done by Github Pages.[1] See more discussion here.[2]
Well, Github Pages only solves 80% of the problem. If you're in China, the accessibility of Github is not gurantee. Or you want to use your own domain, instead of Use apache2 or nginx to serve the requests.
  • Apache vhost example. And nginx is pretty similar.
# Install apache
apt-get install -y apache2

# Define vhost
vim /etc/apache2/sites-enabled/my-static.conf

<VirtualHost *:80>
    DocumentRoot /var/www/denny_www
    <Directory '/var/www/denny_www'>
        Options All
        AllowOverride All
        Require all granted
    ErrorLog /var/log/apache2/my-error.log
    CustomLog /var/log/apache2/my.log common

# Reload apache
service apache2 reload
  • Verify setting.

For Dynamic Websites, Use Apache For HTTP Reverse Proxy

Let's say your dynamic website listens on port 8082. And you want to open by or
  • Configure DNS setting properly or /etc/hosts is properly changed.
  • Enable apache modules for http reverse proxy
a2enmod proxy
a2enmod proxy_http

# Restart apache to load modules
service apache2 restart
  • Define vhost
vim /etc/apache2/sites-enabled/dynamic.conf
<VirtualHost *:80>
ErrorLog /var/log/apache2/dynamic_error_log
TransferLog /var/log/apache2/dynamic_access_log
DocumentRoot /var/www
ProxyPass /
ProxyPassReverse /
  • If necessary, configure firewall to allow the traffic.
ufw allow 80/tcp

# Some URI might has port number attached
ufw allow 8082/tcp
  • Verify setting
curl -I

Add Password Protection To Your Existing Websites

Sometime you may only want certain people to visit your websites. With apache htpasswd[3], we can create username-password pair easily. People will need to input the credential first in web browser, before the actual pages load.
  • Create an user credential
apt-get install -y apache2-utils

# create password file for a new user
/etc/apache2/.htpasswd $username
  • Update vhost setting to enforce the authentication
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory "/var/www/html">
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory "/var/www/html">
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user

Enforce username and password for apache

Monitor Your Websites with Free SaaS Monitoring

Keep checking URL like every 5 minutes. If url doesn't return HTTP 200 OK or tcp ports down, we get alerts.
From my years' experience, I highly recommend uptimerobot[4]. It's a very reliable and light-weight SaaS monitoring service. And It's totally free. You can even integrate the alert notification with slack via a slack email robot.
More Reading: Effectively Technical Writing In GitHub.



Author: (

Created: 2016-11-17 Thu 20:15