Why Connect GitHub to Your VPS?
If you're running a VPS with WHM and cPanel, you're likely hosting WordPress sites, PHP applications, or Node.js projects for clients. Manually uploading files via FTP is slow, error-prone, and impossible to roll back. By connecting GitHub to your VPS, you get:
- Version control โ every change is tracked. Roll back to any previous version in seconds.
- Automated deployments โ push to
mainand your server updates automatically. No FTP, no SSH-ing in to pull. - Team collaboration โ multiple developers can work on the same project without overwriting each other's files.
- CI/CD integration โ run tests before deploying. If tests fail, the deploy is blocked.
This guide assumes you have a VPS with WHM/cPanel already provisioned. If you need help choosing a hosting provider, Hatty AI offers managed hosting solutions with WHM/cPanel pre-configured.
๐ Prerequisites
- A VPS with WHM and cPanel (CentOS/AlmaLinux/CloudLinux)
- Root or reseller access to WHM
- A GitHub account (Free tier works โ see our GitHub account types guide)
- A domain pointed to your VPS
- SSH access enabled for the cPanel account
Step 1: Enable SSH Access in WHM
By default, cPanel accounts may not have SSH (shell) access enabled. You need to turn this on in WHM first.
- Log into WHM at
https://your-server-ip:2087. - Search for "Manage Shell Access" in the WHM search bar.
- Find the cPanel account you want to enable SSH for.
- Change the shell from
DisabledtoNormal Shell (/bin/bash). - Click "Save".
๐ WHM path: WHM โ Account Functions โ Manage Shell Access
โ ๏ธ Security Note
Only enable SSH for accounts that need it. For production servers, consider using a dedicated deploy user with limited permissions rather than the main cPanel account.
Step 2: Generate SSH Keys on Your Server
SSH keys provide passwordless, secure authentication between your server and GitHub.
- SSH into your server:
ssh cpaneluser@your-server-ip - Generate a new SSH key pair:
ssh-keygen -t ed25519 -C "deploy@yourdomain.com"
# Press Enter to accept default path (~/.ssh/id_ed25519)
# Leave passphrase empty for automated deployments- Display your public key:
cat ~/.ssh/id_ed25519.pubCopy the entire output โ you'll add this to GitHub in the next step.
Step 3: Add the SSH Key to GitHub
There are two places you can add SSH keys in GitHub, and the choice matters:
| Key Type | Where to Add | Access Level | Best For |
|---|---|---|---|
| Deploy Key | Repo โ Settings โ Deploy Keys | Single repo (read or read/write) | Production servers pulling one repo |
| Account SSH Key | GitHub โ Settings โ SSH Keys | All repos you have access to | Dev machines, multi-repo servers |
Adding a Deploy Key (Recommended for Production)
- Go to your repo on GitHub โ Settings โ Deploy keys.
- Click "Add deploy key".
- Title:
VPS Production - yourdomain.com - Paste the public key from Step 2.
- Check "Allow write access" only if the server needs to push (usually not needed).
- Click "Add key".
Test the connection from your server:
ssh -T git@github.com
# Expected: "Hi username! You've successfully authenticated..."Step 4: Clone Your Repo to the Server
Navigate to the directory where your site files live and clone the repository:
# Navigate to your document root
cd /home/cpaneluser/public_html
# If the directory has existing files, back them up first
mv public_html public_html_backup
# Clone the repo
git clone git@github.com:your-org/your-repo.git public_html
# Set proper ownership
chown -R cpaneluser:cpaneluser /home/cpaneluser/public_html๐ก cPanel Document Root Tip
cPanel typically uses /home/username/public_html as the document root. If you're using an addon domain, the path is usually /home/username/addondomain.com. Check cPanel โ Domains to confirm.
Step 5: Use cPanel Git Version Control (Alternative Method)
cPanel has a built-in Git Version Control feature that provides a GUI for managing repos. Here's how to use it:
- Log into cPanel at
https://yourdomain.com:2083. - Search for "Git Version Control" in the cPanel search bar.
- Click "Create".
- Toggle "Clone a Repository" on.
- Clone URL:
git@github.com:your-org/your-repo.git - Repository Path:
/home/cpaneluser/public_html - Repository Name: your project name.
- Click "Create".
๐ cPanel path: cPanel โ Files โ Git Version Control
Setting Up the .cpanel.yml Deploy File
cPanel uses a .cpanel.yml file in your repo root to define deployment tasks. When you pull or push to the cPanel-managed repo, these tasks run automatically:
# .cpanel.yml
---
deployment:
tasks:
- export DEPLOYPATH=/home/cpaneluser/public_html
- /bin/cp -R * $DEPLOYPATH/
- cd $DEPLOYPATH && npm ci --production 2>/dev/null || true
- cd $DEPLOYPATH && npm run build 2>/dev/null || trueStep 6: Automate Deploys with GitHub Actions
The most powerful approach combines GitHub Actions (CI/CD) with SSH deployment to your VPS. When you push to main, GitHub Actions runs your tests, builds the project, and deploys it to your server โ all automatically.
If you haven't set up GitHub Actions yet, read our GitHub Account Types & CI/CD Guide first โ it covers workflow files, secrets, and branch protection in detail.
The Deployment Workflow
# .github/workflows/deploy-to-vps.yml
name: Deploy to VPS
on:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm ci
- run: npm test
deploy:
needs: test
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v4
- name: Deploy via SSH
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.VPS_HOST }}
username: ${{ secrets.VPS_USER }}
key: ${{ secrets.VPS_SSH_KEY }}
port: ${{ secrets.VPS_PORT }}
script: |
cd /home/cpaneluser/public_html
git fetch origin main
git reset --hard origin/main
npm ci --production
npm run build
- name: Verify Deployment
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.VPS_HOST }}
username: ${{ secrets.VPS_USER }}
key: ${{ secrets.VPS_SSH_KEY }}
port: ${{ secrets.VPS_PORT }}
script: |
curl -s -o /dev/null -w "%{http_code}" https://yourdomain.com | grep -q "200"GitHub Secrets You Need
| Secret Name | Value | Example |
|---|---|---|
VPS_HOST | Server IP or hostname | 203.0.113.50 |
VPS_USER | SSH username | cpaneluser |
VPS_SSH_KEY | Private key content | -----BEGIN OPENSSH PRIVATE KEY-----... |
VPS_PORT | SSH port (default 22) | 22 |
Step 7: Set Up Webhooks for Instant Deploys
An alternative to GitHub Actions is using GitHub Webhooks to trigger a deploy script on your server whenever code is pushed:
- Create a deploy script on your server:
#!/bin/bash
# /home/cpaneluser/deploy.sh
cd /home/cpaneluser/public_html
git fetch origin main
git reset --hard origin/main
npm ci --production 2>/dev/null
npm run build 2>/dev/null
echo "Deploy completed at $(date)" >> /home/cpaneluser/deploy.log- Create a simple PHP webhook receiver:
<?php
// /home/cpaneluser/public_html/webhook.php
$secret = getenv('WEBHOOK_SECRET');
$signature = $_SERVER['HTTP_X_HUB_SIGNATURE_256'] ?? '';
$payload = file_get_contents('php://input');
if (hash_equals('sha256=' . hash_hmac('sha256', $payload, $secret), $signature)) {
exec('/home/cpaneluser/deploy.sh > /dev/null 2>&1 &');
http_response_code(200);
echo 'Deploy triggered';
} else {
http_response_code(403);
echo 'Invalid signature';
}
?>- In GitHub: repo โ Settings โ Webhooks โ Add webhook.
- Payload URL:
https://yourdomain.com/webhook.php - Content type:
application/json - Secret: a secure random string (add to your server as an environment variable).
- Events: select "Just the push event".
Troubleshooting Common Issues
โ "Permission denied (publickey)" when cloning
Cause: SSH key not recognized by GitHub.
Fix: Verify the key is added correctly with ssh -vT git@github.com. Check that ~/.ssh/config isn't overriding the identity file.
โ "fatal: not a git repository" in cPanel Git
Cause: The directory already has files that aren't Git-tracked.
Fix: Back up existing files, remove the directory contents, then clone fresh. Or initialize Git in the existing directory with git init && git remote add origin ....
โ File permissions wrong after git pull
Cause: Git doesn't preserve Unix ownership.
Fix: Add chown -R cpaneluser:cpaneluser /home/cpaneluser/public_html to your deploy script, and set chmod 755 for directories, chmod 644 for files.
โ GitHub Actions deploy hangs
Cause: SSH connection blocked by firewall or CSF.
Fix: Whitelist GitHub Actions IP ranges in your server firewall. See GitHub's IP ranges. Or use a self-hosted runner inside your network.
Security Checklist for GitHub + VPS Deployments
- โ Use deploy keys (repo-scoped) instead of account-wide SSH keys on production servers.
- โ Store all credentials in GitHub Secrets, never in code.
- โ Use a dedicated deploy user with minimal permissions โ not root.
- โ Enable 2FA on your GitHub account and all WHM/cPanel accounts.
- โ Restrict SSH access to specific IP addresses via CSF or WHM Host Access Control.
- โ Rotate SSH keys at least annually.
- โ
Keep .git directory outside your public document root, or block access via
.htaccess. - โ Use webhook secrets with HMAC signature verification.
๐ Critical: Protect Your .git Directory
If your .git folder is inside public_html, anyone can access your entire Git history. Add this to your .htaccess:
RedirectMatch 404 /\.git
Need a Managed VPS with GitHub Integration?
Hatty AI provides fully managed VPS hosting with pre-configured CI/CD pipelines, WHM/cPanel, and 24/7 monitoring for businesses across San Antonio and Texas.
Explore Hosting SolutionsRelated: GitHub Account Types & CI/CD Guide ยท Managed IT Services ยท Essential Cybersecurity Practices