Setting Up a GitHub Webhook with NGINX and Ubuntu
A step-by-step process for setting up webhooks As I set up my new site + blog I took some notes on the process that might be helpful or interesting to share as a reference. These steps are how I configured this site to deploy whenever I push changes to its GitHub repository. For these instructions I am using the Zola static site generator, a virtual private server running Ubuntu and NGINX hosted on Linode, and GitHub. However, the general concept applies to any script you want to run as a response to a webhook event. Create a script. Here's a sample for my site, used from the excellent tutorial at osc.garden. Make the file executable: Notes: It probably goes without saying, but make sure you install all the tools and files used for your script / project. In my case this involves: I saved the script in a directory where I'll put related files for the project. Webhook is available on GitHub. This is what will listen for the webhook event from github and run the script. Create a Notes: You can run webhook using the following command: If you wanted to, you could open port 9000 on your server / firewall and set up TLS certificates so webhook can use HTTPS. However! I opted to use NGINX as a proxy instead. I already have NGINX set up with my TLS certificates, the firewall is already configured, etc. So, I used the following NGINX configuration: Note: I chose to use Create a Enable and start the service: Verify that the service is running: Having this run as a service is important so it starts up after server reboots — keeping your server ready to receive webhook calls! Go to your GitHub repository settings, navigate to Webhooks, and add a new webhook with the following details: And there you have it! Your webhook is set to automatically run whenever you push changes to your repository. Have fun! Step 1: Write your automation script
#!/usr/bin/env bash
project_dir="/path/to/project-directory"
out_dir="/path/to/output-directory"
sudo snap install --edge zola
gh auth login
and follow the stepsgh repo clone your-github-username/your-repo-name
Step 2: Install webhook
Step 3: Create a
hooks.json
filehooks.json
file in your project directory with the following content:
id
is part of the URL that the webhook server listens on - name this something descriptive!execute-command
is the script to run when the webhook is firedtrigger-rule
is a configuration that can be set up to require the incoming webhook request to contain a specific payload; this is a form of security so that only requests with the correct secret are handled by the webhook server (that said, please read the webhook docs if you are unsure about anything - this is not security advice!) secret
type
Step 4: Set up NGINX as a proxy
/path/to/webhook -hooks /path/to/your-git-repo/hooks.json -verbose
. It will start up on port 9000 and provide you with one HTTP endpoint.location /hooks/ {
proxy_pass http://localhost:9000/hooks/;
}
localhost
instead of 127.0.0.1
or ::1
because I will let my server figure out whether to use IPv4 or IPv6. Networking! Step 5: Set up webhook as a service
webhook.service
file in /etc/systemd/system/webhook.service
with the following content:
Description=Webhook for
After=network.target
Type=simple
User=your-username
ExecStart=/usr/bin/webhook
Restart=on-failure
RestartSec=5s
StandardOutput=journal
StandardError=journal
Restart=always
WantedBy=multi-user.target
Step 6: Set up webhook in GitHub
Step 7: Deploy!