Is it bad to store Apache conf files on github? [closed]

血红的双手。 提交于 2021-02-08 10:30:35

问题


I'm working on a project that when deployed will need to modify an existing Apache config. Currently the conf files are are not included in the github repository, I would like to add them which would let me make the changes required in the branch I'm working on.

The current maintainer and I are unsure if including these files is a security risk? What is considered best practice in this regard?


回答1:


What is better is to store an httpd.conf.tpl template file with placeholder values in it.

That allows you to generate the right httpd.conf file locally, and to do so automatically on git clone/git checkout.

The generation script will:

  • search the right values for any sensitive data from an external secure referential (like a vault)
  • replace the placeholder value in httpd.conf.tpl to generate the right httpd.conf (that can be ignored by Git)

For that, do register (in a .gitattributes declaration) a content filter driver.

(image from "Customizing Git - Git Attributes", from "Pro Git book")

The smudge script will generate (automatically, on git checkout or git switch) the actual httpd.conf file as mentioned above.
Again, the generated actual httpd.conf file remains ignored (by the .gitignore).

See a complete example at "git smudge/clean filter between branches".



来源:https://stackoverflow.com/questions/64707428/is-it-bad-to-store-apache-conf-files-on-github

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!