/etc/caddy/Caddyfile
# Global options block
{
- email you@example.com # <<<< change this
- on_demand_tls {
- ask http://localhost/check
- }
+ email you@example.com # <<<< CHANGE THIS <<<<
+ on_demand_tls {
+ ask http://localhost/check
+ }
}
-omitted.webhooks.subdomain.tld { # <<<< change this
- reverse_proxy localhost:9000
+# Webhooks
+https://webhooks.subdomain.here.tld { <<<< CHANGE THIS <<<<
+ reverse_proxy localhost:9000
}
+# Filter for which SSL certs we will create. Prevents abuse.
http://localhost {
- handle /check {
- root * /var/www
- @deny not file /{query.domain}/
- respond @deny 404
- }
+ handle /check {
+ root * /var/www
+ @deny not file /{query.domain}/
+ respond @deny 404
+ }
}
+# This automatically handles upgrading http:// requests with a redirect
https:// {
- tls {
- on_demand
- }
- root /var/www
- rewrite /{host}{uri}
- # Block files that start with a .
- @forbidden {
- path /.*
- }
- respond @forbidden 404
- file_server
+ tls {
+ on_demand
+ }
+ root /var/www
+ rewrite /{host}{uri}
+ @forbidden {
+ path /.*
+ }
+ respond @forbidden 404
+ file_server
}
# Refer to the Caddy docs for more information:
@@ -221,207 +223,127 @@ https:// {
chown -R joshua:joshua /var/www since the webhooks will run
as my login account.
-
- Webhook
+
+
+ Webhooks
-
- I altered the systemd service definition for webhook so I
- could organize the hook definitions into separate files. I also set
- User=joshua and Group=joshua so the commands
- run as my user instead of root.
-
- sudo mkdir /etc/webhook.conf.d/
- /lib/systemd/system/webhook.service
- [Unit]
-Description=Small server for creating HTTP endpoints (hooks)
-Documentation=https://github.com/adnanh/webhook/
-ConditionPathExists=/etc/webhook.conf
-
-[Service]
-ExecStart=/usr/bin/webhook -nopanic -hooks /etc/webhook.conf.d/*.conf
-
-User=joshua
-Group=joshua
-
-[Install]
-WantedBy=multi-user.target
-
-
- If you are debugging your webhook output, consider adding
- -debug next to -nopanic for more useful logs.
-
-
- After changing the service definition, reload systemd to run the updated
- service:
-
- sudo systemctl daemon-reload
-
- Then you can remove the now-unused config file:
- sudo rm /etc/webhook.conf
-
- Here are the three hook definitions:
-
-
- Create pages
-
- /etc/webhook.conf.d/create-pages.conf
- [
- {
- "id": "create-pages",
- "execute-command": "/home/joshua/webhooks/create-pages.sh",
- "command-working-directory": "/var/www",
- "pass-arguments-to-command":
- [
- {
- "source": "payload",
- "name": "repository.name"
- },
- {
- "source": "payload",
- "name": "clone_url",
- }
- ],
- "trigger-rule":
- {
- "and":
- [
- {
- "match":
- {
- "type": "payload-hmac-sha256",
- "secret": "(omitted)",
- "parameter":
- {
- "source": "header",
- "name": "X-Forgejo-Signature"
- }
- }
- }
- ]
- }
- }
-]
-
-
-
- Remove pages
-
- /etc/webhook.conf.d/remove-pages.conf
- [
- {
- "id": "remove-pages",
- "execute-command": "/home/joshua/webhooks/remove-pages.sh",
- "command-working-directory": "/var/www",
- "pass-arguments-to-command":
- [
- {
- "source": "payload",
- "name": "repository.name"
- },
- ],
- "trigger-rule":
- {
- "and":
- [
- {
- "match":
- {
- "type": "payload-hmac-sha256",
- "secret": "(omitted)",
- "parameter":
- {
- "source": "header",
- "name": "X-Forgejo-Signature"
- }
- }
- }
- ]
- }
- }
-]
-
-
-
- Update pages
-
- /etc/webhook.conf.d/update-pages.conf
- [
- {
- "id": "update-pages",
- "execute-command": "/home/joshua/webhooks/update-pages.sh",
- "command-working-directory": "/var/www",
- "pass-arguments-to-command":
- [
- {
- "source": "payload",
- "name": "repository.name"
- },
- ],
- "trigger-rule":
- {
- "and":
- [
- {
- "match":
- {
- "type": "payload-hmac-sha256",
- "secret": "(omitted)",
- "parameter":
- {
- "source": "header",
- "name": "X-Forgejo-Signature"
- }
- }
- },
- {
- "match":
- {
- "type": "value",
- "value": "refs/heads/gh-pages",
- "parameter":
- {
- "source": "payload",
- "name": "ref"
- }
- }
- }
- ]
- }
- }
-]
-
- In my home directory I defined all three hook scripts:
- webhooks/create-pages.sh
- #!/bin/bash
-# parameter 1 is repo name, parameter 2 is clone URL
-[[ "$1" == *"/"* ]] && exit 1; # no slashes in the name
-[[ "$1" == *".."* ]] && exit 1; # no .. in the name
-[[ "$1" == *"*"* ]] && exit 1; # no wildcards in the name
-[ -d "/var/www/$1" ] && exit 1; # the directory must not exist
-cd "/var/www";
-git clone -b gh-pages --single-branch "$2" "$1" || exit 1;
-
- webhooks/remove-pages.sh
- #!/bin/bash
-# parameter 1 is repo name
-[[ "$1" == *"/"* ]] && exit 1; # no slashes in the name
-[[ "$1" == *".."* ]] && exit 1; # no .. in the name
-[[ "$1" == *"*"* ]] && exit 1; # no wildcards in the name
-[ -d "/var/www/$1" ] && exit 1; # the directory must exist
-cd "/var/www";
-rm -rf "/var/www/$1";
-
- webhooks/update-pages.sh
- #!/bin/bash
-# parameter 1 is repo name
-[[ "$1" == *"/"* ]] && exit 1; # no slashes in the name
-[[ "$1" == *".."* ]] && exit 1; # no .. in the name
-[[ "$1" == *"*"* ]] && exit 1; # no wildcards in the name
-[ -d "/var/www/$1" ] || exit 1; # the directory must exist
+ In my home directory I defined two hook scripts:
+ ~/webhooks/update-pages.sh
+
+#!/bin/bash
+# parameter 1 is repo name, parameter 2 is clone url
+[[ "$1" == *"/"* ]] && exit 1;
+[[ "$1" == *".."* ]] && exit 1;
+[[ "$1" == *"*"* ]] && exit 1;
+if [ -d "/var/www/$1" ]; then
+ git clone -b gh-pages --single-branch "$2" "$1" || exit 1;
+ exit;
+fi;
cd "/var/www/$1";
git fetch origin gh-pages;
git reset --hard origin/gh-pages;
exit;
+
+ ~/webhooks/remove-pages.sh
+ #!/bin/bash
+# parameter 1 is repo name
+[[ "$1" == *"/"* ]] && exit 1;
+[[ "$1" == *".."* ]] && exit 1;
+[[ "$1" == *"*"* ]] && exit 1;
+[ -d "/var/www/$1" ] || exit 1;
+cd "/var/www";
+rm -rf "/var/www/$1";
+
+
+ To trigger these hooks I am using webhook which is in the
+ default Debian repository.
+
+
+ Here are the hook definitions: one for creating/updating a site, and one
+ for deleting. You will need to generate one or two secret values that
+ the server can use to know that the webhook is authorized to run. I used
+ linux command uuidgen -r to create mine. Save these values
+ so you can enter them in Forgejo later.
+
+
+ Also make sure to replace your execute-command lines with ones
+ referencing your username and script paths.
+
+ /etc/webhook.conf
+ [
+ {
+ "id": "update-pages",
+ "execute-command": "su joshua /home/joshua/webhooks/update-pages.sh",
+ "command-working-directory": "/var/www",
+ "pass-arguments-to-command":
+ [
+ {
+ "source": "payload",
+ "name": "repository.name"
+ },
+ ],
+ "trigger-rule":
+ {
+ "and":
+ [
+ {
+ "match":
+ {
+ "type": "payload-hmac-sha256",
+ "secret": "(omitted)",
+ "parameter":
+ {
+ "source": "header",
+ "name": "X-Forgejo-Signature"
+ }
+ }
+ },
+ {
+ "match":
+ {
+ "type": "value",
+ "value": "refs/heads/gh-pages",
+ "parameter":
+ {
+ "source": "payload",
+ "name": "ref"
+ }
+ }
+ }
+ ]
+ }
+ },
+ {
+ "id": "remove-pages",
+ "execute-command": "su joshua /home/joshua/webhooks/remove-pages.sh",
+ "command-working-directory": "/var/www",
+ "pass-arguments-to-command":
+ [
+ {
+ "source": "payload",
+ "name": "repository.name"
+ },
+ ],
+ "trigger-rule":
+ {
+ "and":
+ [
+ {
+ "match":
+ {
+ "type": "payload-hmac-sha256",
+ "secret": "(omitted)",
+ "parameter":
+ {
+ "source": "header",
+ "name": "X-Forgejo-Signature"
+ }
+ }
+ }
+ ]
+ }
+ }
+]
Forgejo
@@ -431,32 +353,8 @@ exit;
conditions.
Under my main user settings I set up each webhook:
-
-
- Create pages
-
-
- Target URL: https:// your domain here /hooks/create-pages
- HTTP Method: POST (the default)
- POST content type: application/json (the default)
- Secret: omitted, use your own
- Trigger on: Custom Events > Create
- Branch filter: gh-pages
-
-
-
- Remove pages
-
-
- Target URL: https:// your domain here /hooks/remove-pages
- HTTP Method: POST (the default)
- POST content type: application/json (the default)
- Secret: omitted, use your own
- Trigger on: Custom Events > Repository > Delete
- Branch filter: gh-pages
-
-
-
+
+
Update pages
@@ -467,6 +365,18 @@ exit;
Trigger on: Push events
Branch filter: gh-pages
+
+
+ Remove pages
+
+
+ Target URL: https:// your domain here /hooks/remove-pages
+ HTTP Method: POST (the default)
+ POST content type: application/json (the default)
+ Secret: omitted, use your own
+ Trigger on: Custom Events > Repository > Delete
+ Branch filter: gh-pages
+
Conclusion
@@ -489,25 +399,18 @@ exit;
>
- There is room to make the scripts a little smarter. They don’t handle
- renaming very well right now, and a few times I had to log in and
- manually run my webhook scripts, like this:
-
- ~/webhooks/create-pages.sh marklink.pages.seigler.net "https://git.apps.seigler.net/joshua/marklink.pages.seigler.net.git"
-
-
- The really important thing is that updates just require pushing to
- gh-pages which you can easily do with e.g.
+ For repos with npm build scripts, I use
gh-pages @ npm.
+ >
+ to push the build to the gh-pages branch and up to the server.
- I’m also putting off rolling my own CI server, but I imagine that’s the
- next stage here. Stay tuned.
+ I’m putting off rolling my own CI server, but I imagine that’s the next
+ stage here. Stay tuned.