Answer by user40980 for which directory to initialize git repo

Putting your source control files in the deployed directory runs the risk of exposing those files and their complete history. This is potentially a bad thing (do you have passwords in these files? Are the files themselves important to not let leak?)

One could try to staunch this by putting a .htaccess to restrict raw access to .git files from a web browser:

RedirectMatch 404 "(?:.*)/(?:\.git|file_or_dir)(?:/.*)?$"

However, this only restricts files that way - it doesn't prevent someone from passing in something to poorly coded php that accesses those files.

The best way to avoid this is to keep the git repository well away from the production code itself.

If you specify a working tree (your production area) to be different then the git files are well away from prying eyes. This can be done with the environment variable GIT_WORK_TREE.

Related:

• P.SE - How to make a “git push” update files on your web host?
• P.SE - how safe/sane is it to use git for deployment on my webapp production server?
• Blog - Using Git to manage a web site
• Blog - Managing a Website Using git
• Blog - Automatically Deploying Website From Remote Git Repository