To avoid having to keep an SSH private key on your EC2 instance, people often use a workflow that involves pushing to that remote server in order to deploy. Essentially, you set up a bare git repository there with a pre-receivehook that deploys to another directory. There is a simple example of doing this in this tutorial. Then you only need to have your SSH publickey in ~/.ssh/authorized_keyson the server. However, with this workflow, you couldn't deploy directly from your GitHub repository - you would need to pull it locally and then push to the EC2 machine.

为了避免在您的 EC2 实例上保留 SSH 私有密钥，人们通常使用一种工作流程，该工作流程涉及推送到该远程服务器以进行部署。本质上，您在那里设置了一个裸 git 存储库，并带有一个pre-receive部署到另一个目录的钩子。本教程中有一个简单的示例来执行此操作。然后，你只需要拥有你的SSH公共密钥~/.ssh/authorized_keys服务器上。但是，使用此工作流程，您无法直接从 GitHub 存储库进行部署 - 您需要将其拉到本地，然后推送到 EC2 机器。

An alternative is to use GitHub's deploy keysmechanism. This would involve creating a new SSH key-pair on your EC2 instance, and adding the public key as a deploy key into your private repository on GitHub. Then you can pull directly from your private GitHub repository to your EC2 instance.

另一种方法是使用 GitHub 的部署密钥机制。这将涉及在您的 EC2 实例上创建一个新的 SSH 密钥对，并将公钥作为部署密钥添加到您在 GitHub 上的私有存储库中。然后您可以直接从您的私有 GitHub 存储库拉取到您的 EC2 实例。

I just solved such situation by following the tutorialthat Mark Longairpointed before. The only problem I got was in the creation of the bare git repository. So let me resume how I solved it.

我只是遵循解决这种情况的教程是马克Longair之前指出。我遇到的唯一问题是创建裸 git 存储库。所以让我继续我是如何解决它的。

1. I already have my github private repository.
2. I created the EC2 Linux AMI (Ubuntu for practical procedures)
3. I've installed git, mysql, php, apache and ssh at the EC2 instance, and added my public ssh key to the /home/ubuntu/.ssh/authorized_keysfile.
4. Once at the EC2 instance I created two folders, the first one to hold the repository (I just named it as I've named my github repository), and the second one to hold the site(s): mkdir sitesrepo.git websites.
5. Then I went to the folder that was going to hold the repository and initialized the bare repository: cd sitesrepo.git && git init --bare

6. I created the hook file via vim with the following content in a file named post-receiveand then I made it executable via chmod +x post-receive(just as the tutorial stated). That file must be placed at /home/ubuntu/sitesrepo.git/hooks

   #!/bin/sh
   GIT_WORK_TREE=/home/ubuntu/websites git checkout -f
   

7. Here's where my steps differ from the tutorial mentioned before: A bare git repository has a conflict where it can't hold the worktree being a bare repository (It doesn't make sense since it's a bare repository. Non-bare repositories are intended to have a working space, i.e. a worktree). Fortunately you can manually set up the repository configfile. So by editing the file /home/ubuntu/sitesrepo.git/configyou must guarantee to have something like this:

   [core]
       repositoryformatversion = 0
       filemode = true
       bare = false
       worktree = /home/ubuntu/websites
   [receive]
       denycurrentbranch = ignore
   

8. Now, at your own machine, at your git local repository working folder, the idea is to add a new remote repository. Currently you have configured by default originwhich tells your repository to push your content into github's repository. The tutorial calls such remote repository web. So you have to run once: git remote add web ssh://mysite.com/home/ubuntu/sitesrepo.git && git push web +master:refs/heads/master. The subsequent pushes can be done via a simple git push web

9. Depending on how many sites you are planning to hold, you must configure your apache sites-enabledhosts. Also, since you're using apache, don't forget to change the web folder to point to /home/ubuntu/websites, because by default it points to /var/wwwBut you're ready to go, just don't forget to restart the apache service after defining the new web folder.

1. 我已经有了我的 github 私有存储库。
2. 我创建了 EC2 Linux AMI（实用程序的 Ubuntu）
3. 我已经在 EC2 实例上安装了 git、mysql、php、apache 和 ssh，并将我的公共 ssh 密钥添加到/home/ubuntu/.ssh/authorized_keys文件中。
4. 在 EC2 实例中，我创建了两个文件夹，第一个文件夹用于保存存储库（我只是将其命名为我的 github 存储库），第二个文件夹用于保存站点：mkdir sitesrepo.git websites。
5. 然后我转到要保存存储库的文件夹并初始化裸存储库： cd sitesrepo.git && git init --bare

6. 我通过 vim 创建了钩子文件，在一个名为的文件中包含以下内容post-receive，然后通过chmod +x post-receive（正如教程所述）使其可执行。该文件必须放在/home/ubuntu/sitesrepo.git/hooks

   #!/bin/sh
   GIT_WORK_TREE=/home/ubuntu/websites git checkout -f
   

7. 这是我的步骤与之前提到的教程不同的地方：裸 git 存储库存在冲突，它无法将工作树作为裸存储库（因为它是裸存储库，所以没有意义。非裸存储库旨在有一个工作空间，即工作树）。幸运的是，您可以手动设置存储库config文件。因此，通过编辑文件，/home/ubuntu/sitesrepo.git/config您必须保证具有以下内容：

   [core]
       repositoryformatversion = 0
       filemode = true
       bare = false
       worktree = /home/ubuntu/websites
   [receive]
       denycurrentbranch = ignore
   

8. 现在，在您自己的机器上，在您的 git 本地存储库工作文件夹中，想法是添加一个新的远程存储库。目前您已经默认配置origin它告诉您的存储库将您的内容推送到 github 的存储库。本教程调用这样的远程存储库web。所以，你必须运行一次：git remote add web ssh://mysite.com/home/ubuntu/sitesrepo.git && git push web +master:refs/heads/master。随后的推送可以通过一个简单的git push web

9. 根据您计划拥有的站点数量，您必须配置您的 apachesites-enabled主机。另外，由于您使用的是 apache，不要忘记将 web 文件夹更改为指向/home/ubuntu/websites，因为默认情况下它指向 。/var/www但是您准备好了，只是不要忘记在定义新的后重新启动 apache 服务网页文件夹。

Hope this helps with your question.

希望这对您的问题有所帮助。