Somehow I didn’t like the setup that I had for my site. I had two major concerns with it:
- It used the hosted variant of GitLab which means that I am dependent on them keeping the whole shebang safe and online.
- My major issue was though that I had a SSH private key hosted at GitLab.
Issue no. 1 is bothersome since I manage two git servers so I do not need GitLab to host them for me so I moved the site repository to one of the git servers I manage. With issue no. 2 there is no work around, that is a major security concern and there is no right way of doing it except NOT doing it.
So I set up and analyzed more why I needed that setup and how can that be replaced with a more secure one. Moving the repository from GitLab to a self-hosted git Gitea was a nobrainer. Gitea also has webhooks implemented so that was also easy to set up. I host my site on a rented root server with nginx so adding parts to it is not that hard, I installed Hugo on my server (install is a strong word since I pretty much just downloaded the proper binary put it in the right place and fixed the file permissions). The most troublesome issue was that I don’t have any FastCGI on my server (and I definitely don’t want to install any) so I was without solution for the webhook endpoint.
Not anymore! enter WebHook a webhook server implemented in Go. Installing it was as easy as any Go binary: download the proper release put it in the right place and fix file permissions (well a bit more since I wanted it to run as a service and had to configure its hooks).
In the end I ended up with a setup that is entirely self hosted and more secure using a self hosted git server and a similarly self hosted web server.
Stay tuned for the next installment because I will share the whole setup so you can easily understand and mimic it if you want.