v5rsyq
Last Updated: February 25, 2016
·
969
· magnetikonline

Hide your git on web servers

Deploying your sites via a git pull is the new black these days - which is all cool, but you don't want the public snooping your .git/, .gitignore and .gitmodules areas over your web server.

For nginx, add the following location to your sites managed under this method to 403 such requests:

location ~ "\.git($|/|attributes$|ignore$|modules$)" {
    return 404;
}

Stay safe!

1 Response
Add your response

4071

Alternatively, it can make sense to init your repo one level above your web server root. Most hostings have the following subdirectories for each virtual host:

cgi-bin   # not accessible via http
tmp        # not accessible via http
www      # web root

Because you may have some scripts (e.g. cron jobs) running outside of www that are also part of the project.

over 1 year ago ·
Filed Under