Setup that runs this website

Jun 27, 2020 | 1 minute read

Tags: website, ssl, webhook, systemd, hugo

This is a static webpage powered by the great HUGO site generator and uses the introduction theme.

For every push to the master-branch GitHub triggers a Webhook to a URL on my server which then starts the redeploy server-side. To secure this mechanism the hook itself uses a secret and the URL to trigger the redeploy is treated as a secret.

To make all of this work the webhook service just listens on localhost, which can be achived by creating an override for the systemd unit (via systemctl edit webhook.service):

ExecStart=/usr/bin/webhook -nopanic -ip -verbose -hooks /etc/webhook.conf

Apache config:

ProxyPass /hooks/cryptic-long-str http://localhost:9000/hooks/website-redeploy
ProxyPassReverse /hooks/cryptic-long-str http://localhost:9000/hooks/website-redeploy

To actually handle the GitHub webhooks adnanh/webhook is used with the following config (/etc/webhook.conf):

        "command-working-directory": "/opt/projects/",
        "execute-command": "/usr/bin/sudo",
        "id": "website-redeploy",
        "pass-arguments-to-command": [
                "name": "/opt/projects/",
                "source": "string"
        "response-message": "website update started",
        "trigger-rule": {
            "match": {
                "parameter": {
                    "name": "X-Hub-Signature",
                    "source": "header"
                "secret": "<redacted>",
                "type": "payload-hash-sha1"

The website source files are updated via the following script

#!/bin/bash -
git pull --rebase