You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+2
Original file line number
Diff line number
Diff line change
@@ -79,6 +79,7 @@ If you are using a public repository you can start here.
79
79
* Download `deploy.php` script and `deploy-config.orig.php` sample configuration file to your webserver, and place them in a directory accessible via a public URL
80
80
* Rename `deploy-config.orig.php` to `deploy-config.php` and edit its configuration, as follows:
81
81
*__DISABLED__: (optional) change to `true` to disable the script and prevent its execution. This feature provides an extra level of security.
82
+
*__IP_ALLOW__: (optional) array of single IP addresses or subnets (in CIDR format, e.g. 203.2.54.0/24) that are allowed to execute the script. If not defined, or array is empty, any IP address is allowed. Supports IPv4 and IPv6.
82
83
*__REMOTE_REPOSITORY__: for public repositories you can use the HTTPS address (e.g. https://github.com/username/reponame.git), and for private repositories you will need to use the SSH address (e.g. git@bitbucket.org:username/reponame.git). You can get these addresses by browsing the repository page on GitHub or BitBucket.
83
84
*__BRANCH__: this is the array of branches allowed to deploy with this script. The first branch is considered the default branch and the only one that will be allowed for webhook triggers from Github/BitBucket, or when no branch is specified in the GET parameters. The other branches are allowed only on manual triggers.
84
85
*__ACCESS_TOKEN__: a secret string that must be configured to provide protection against abuse. More on security below.
@@ -147,6 +148,7 @@ You must keep in mind that this script can be dangerous if misused or abused. We
147
148
* Make sure the deploy script is accessible through an SSL-protected connection (HTTPS), this will protect the the access token from being intercepted.
148
149
* For your production environment, configure only one branch (e.g. master). Even if a 3rd party can get ahold of your access token, they will not be able to change branches, and it is unlikely they can guess a specific commit hash.
149
150
* Change the DISABLED parameter to `true` to turn off the script for added security if you only deploy code ocassionally.
151
+
* Configure IP_ALLOW to the list of IP addresses or subnets that are allowed to run the script for additional security.
150
152
* The script doesn't include any sanitation for the parameters that are read from the request. This is because the access token and branch names must match the values in the configuration file, and the commit hash must match a commit from the repo in the specified branch. If the values cannot be validated the script stops.
151
153
* The script creates a lock file that is used to ensure that only one instance of the script is running at a given time. This prevents multiple git, rsync, and delete operations from being executed in parallel, and helps protect againts a DoD-type of abuse.
152
154
* The script usage of the latest version deployed to determine what files to delete, and the use of rsync, help protect against performance and load issues that could be caused by rapid firing of the script.
0 commit comments