0

I'm contemplating uploading config files from /etc/nginx/sites-available/ and /etc/nginx/ssl to a private Github repository.

Doing so would require me to use git with sudo (or from root user) for the ssl folder at least (which can only be read by root because it also contains SSL keys).

Are there any downsides or (security) risks in doing so? (OS is Ubuntu 18.04)

I would most probably limit the files in the repository to .conf files to avoid any SSL private keys being uploaded.

Jean Monet
  • 121
  • 6
  • why you don't use a configuration? – c4f4t0r Mar 05 '20 at 20:55
  • what do you mean? I have specific `.conf` files in `sites-available` that I want to backup and keep track of via git. But this requires using git with `sudo` because files in `/etc/nginx/` are owned by `root` – Jean Monet Mar 05 '20 at 21:04
  • In order to commit a file into a local repository: 1. the file must be readable by the user doing the commit, 2. the repository (`.git`) directory must be writable by the user. So you don't need to be root as long as you don't want to commit files, which are not readable by a normal user. – Piotr P. Karwasz Mar 05 '20 at 21:41
  • Thanks - files in `sites-available` actually seem to be readable by normal user so git without sudo would work. However location `\etc\nginx\ssl` (forgot to mention this one) that contains both encryption keys and config files (configs that I'd like to save to github) are only readable by `root` – Jean Monet Mar 05 '20 at 22:14
  • @Jean Monet ansible, puppet intend of having configuration files directly in git – c4f4t0r Mar 06 '20 at 09:26
  • @c4f4t0r I haven't yet gotten my head around ansible. Can legitimately assume having config files in git is best practice? – Jean Monet Mar 06 '20 at 10:01
  • @Jean Monet in git I store the puppet code or ansible code that generate the configuration, I don't think is a good idea to have a raw configurations files in git – c4f4t0r Mar 06 '20 at 11:46

0 Answers0