Intro

In the previous post, Setting up Jekyll with Dreamhost. I detailed how I was able to get a Jekyll site working on a shared server in dreamhost. Within this post, the objective is to demonstrate the backend configuration for publishing.

Setting up repositories

We now need to setup the repositories.

To avoid confusion, for this section I’ve opted to use: * server( to indicate tasks that must be done on the server / remote. * local) to indicate an operation that should be done on your pc.

First, we’ll create a bare repository on the remote server.

server$ git --bare init REPO_NAME.git

Now, locally, we’ll create a git repository.

local$ mkdir ~/local_repo && cd ~/local_repo
local$ git init
local$ git add .
local$ git commit -m "Established Local Repository"

Now, let’s make the local repository able to push into the remote repository.

local$ git remote set-url origin --add ssh://USERNAME@MACHINENAME.dreamhost.com/home/USERNAME/REPO_NAME.git
local$ git push 

Make sure to replace: “USERNAME”, “MACHINENAME”, and “REPO_NAME” with your information!

Optional: Set up a redundant copy in a private GitHub repository

If you have a private GitHub account, then you should consider backing up your repository at GitHub.

WARNING: MAKE SURE TO SET THE REPOSITORY CREATED BELOW AS PRIVATE! Otherwise, anyone on github will have access to your site’s source!

To take a local repository and put it on GitHub use the following:

local$ git remote set-url origin git@github.com:USERNAME/REPO_NAME.git
local$ git push --force origin master

To clone from GitHub to local use:

local$ cd ~/local_repo
local$ git clone git@github.com:USERNAME/REPO_NAME.git

Auto-publish

It’s really nice when you push the repository to the server that Jekyll is able to auto-build the website. To do so, we need to use git’s hook system. I’ve modified the auto-deploy recipe Jekyll has provided.

Specifically, we’ll be using the post-receive hook.

First, let’s create the post-receive file

touch ~/REPO_NAME.git/post-receive

Open the file with:

vim ~/REPO_NAME.git/post-receive

Now, place the following into the post-receive file.

#!/bin/sh
DOMAIN="domain.com"
GIT_REPO="$HOME/REPO_NAME.git"
TMP_GIT_CLONE="$HOME/tmp/$DOMAIN"
PUBLIC_WWW="$HOME/$DOMAIN"

git clone $GIT_REPO $TMP_GIT_CLONE
jekyll build --source $TMP_GIT_CLONE --destination $PUBLIC_WWW
cd ~ 
rm -rf $TMP_GIT_CLONE
exit

Note: domain.com should be updated to what your domain is.

Finally, we need to give the file the appropriate permissions to execute.

# Restricted permissions
chmod ug+x ~/REPO_NAME.git/post-receive

# If that doesn't work...
# DANGEROUS: grant all permissions
chmod +x ~/REPO_NAME.git/post-receive

Error?

Running into an error with publishing? e.g.

local$ git push
Counting objects: 4, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 413 bytes | 0 bytes/s, done.
Total 4 (delta 2), reused 0 (delta 0)
remote: Cloning into '/home/user/tmp/domain.com'...
remote: done.
remote: hooks/post-receive: line 8: jekyll: command not found
To ssh://user@machine.dreamhost.com/home/user/REPO_NAME.git
   fb284e7..ba895a3  master -> master

This indicates the path from ruby is not set correctly on the remote host (e.g. the server).

Please open .bash_profile via:

vim ~/.bash_profile

The contents should be:


[[ -s "$HOME/.profile" ]] && source "$HOME/.profile" # Load the default .profile

[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*
source $HOME/.rvm/scripts/rvm
~

Copy this into .bashrc via:

vim ~/.bashrc

So, the contents should look like:

[[ -s "$HOME/.profile" ]] && source "$HOME/.profile" # Load the default .profile

[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*
source $HOME/.rvm/scripts/rvm

export PATH="$PATH:$HOME/.rvm/bin" # Add RVM to PATH for scripting

This should resolve the issue.

Passwordless login

I opted to also enable passwordless login using a public ssh key. The instructions to do so are available on the dreamhost wiki.

For conciseness, I’ve included them here.

# To generate an SSH key type:
local$ ssh-keygen -t rsa

Note For the next phase, you will need to press enter after inputting the required information each time.

Next it will prompt you to enter where the key is e.g.:

local$ Enter the file in which you wish to save they key (i.e., /home/username/.ssh/id_rsa).

Then it will ask for a passphrase to protect the key

local$ Enter a passphrase (leave empty for no passphrase).

And, of course, it’ll ask for confirmation

local$ Enter same passphrase again:

This should lead to the following:

# Your identification has been saved in /home/username/.ssh/id_rsa
# Your public key has been saved in /home/username/.ssh/id_sra.pub
#
# The key fingerprint is:
# SHA256:fingerprint string here e.g. KzocIdoa...DAZ username@servername
#
# The key’s randomart image is:
# Pretty picture here

Depending on your system you will have to add it to your dreamhost account in two different ways:

# Copy it to the server via Windows (Cygwin) + Linux
local$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@domain.com

# Copy it to the server when on OS X
local$ cat ~/.ssh/id_rsa.pub | ssh [user@]host "cat >> ~/.ssh/authorized_keys"

Bonus! Add it to your ssh-agent

Using an ssh-agent allows you to avoid re-entering your passphrase multiple times in the same session.

# Start the ssh-agent
local$ ssh-agent -s

# add the key
local$ ssh-add ~/.ssh/id_rsa

Misc

Securing repositories

One of the many weaknesses of websites is leaving their versioning control systems open to intruders to look at. I would suggest prevent the control system from being displayed by using a .htaccess file in the main directory of the website. Within the .htaccess file write:

So, if they attempt to access your git repository or gitignore file, they will receive a 404 stating it does not exist.

Now, if you are a dreamhost customer, placing it outside of the domain.com/ folder will effectively hide the version control system from the public.

More?

More to come as I work on enabling different Jekyll features…