8

Here's the scenario:

There is a Git repo, which is tracking website files, including the .htaccess at root. The Git repo is checked out to a staging site and to a production site.

The problem: The staging site has to be protected with password (through htpasswd authentication). This changes .htaccess file as well. Now committing or pushing from staging environment means the .htaccess file (which enables password-protection for root directory) is checked-out to the live website as well, making the live website ask for password as well.

Now how shall I go about it? Should I stop tracking .htaccess? Should I overwrite .htaccess through post-receive hook (possible? how?)? Is there any other way to protect a directory without modifying .htaccess? Any other solution?

Sawant
  • 4,321
  • 1
  • 27
  • 30

4 Answers4

6

I would opt to not track .htaccess itself.

Possible options:

  1. Track .htaccess-prod and .htaccess-stage (more useful if there are more differences, like various config settings, passwords etc., if it's only one line, then perhaps it's not the best option). Then whenever you update something, you must do it in both files, also you'll have to remember copy the files in two environments as .htaccess manually when they change.

  2. Store only one file .htaccess-example, add hooks in both staging and live areas (look at post-checkout and/or post-merge probably [1]) that will, in both of them, copy .htaccess-example as a local .htaccess whenever there was a change, and additionally, append a line with password protection in staging.

[1] haven't used them myself yet, so I'm a bit confused looking at the documentation. Regarding post-receive, as far as I understand, it is executed on a remote repo when pushing to it, not in the working copy when you pull.

jakub.g
  • 38,512
  • 12
  • 92
  • 130
  • Yeah, option 1 seems to be the most feasible. Just one concern: Apache won't serve .htaccess-prod/stage in the browser (if requested by a bot/user), right? – Sawant Nov 18 '12 at 13:39
  • Yep it's an important question. By default it probably *would* serve them. You need to ascertain it won't *in the .htaccess itself* :) This might be helpful: http://www.ducea.com/2006/07/21/apache-tips-tricks-deny-access-to-certain-file-types/ – jakub.g Nov 18 '12 at 13:54
2

In case of Git (contrary to Mercurial) you have only one solution: Branching

You have to use different branches for Staging and Live with single difference in content: .htaccess data. Not bullet-proof, with a lot of handwork, but - it's your choice

Lazy Badger
  • 94,711
  • 9
  • 78
  • 110
  • Yes. I think the choice has to come down to branching or stop tracking .htaccess. – Sawant Nov 17 '12 at 13:51
  • I'm not sure if having two branches would be the best solution here - you have different version of the same file in both, so it means for all future commits, you'll have to rebase the second branch on top of the first, because you'll be unable to fast-forward the changes. – jakub.g Nov 17 '12 at 18:20
2

Here's an outside the box answer: Set a custom filename for .htaccess file on Dev and don't check it in. For example, .htaccess-dev or .htaccess.staging.

You can set this in the vhosts configuration.

http://www.electrictoolbox.com/change-htacces-filename-apache/

If you use MAMP Pro you can set vhost config per local domain.

user137439
  • 31
  • 1
  • 4
-2

For deploying i recommend capistrano, it is a beautiful utility.

Alexander Randa
  • 868
  • 4
  • 7