Deploying to a DMZ

Currently I have been doing the usual cap deployments for a project to a
test environment as my app develops. Nothing exciting, but I have now
got to deploy it on a reasonable scale to a DMZ that has no access to
the git repo/ or any other nice things.

Anyone got 'best practice' for this situation, I can push to the DMZ
using ssh/scp etc, even rsync ... but rather than a cobbled together
approach, I would prefer good practice.


I use a script that touches the local tmp/restart.txt (which, for me
anyway, causes the server to restart) then uses rsync to update the
server then using ssh run the remote command to precompile the assets.
For the actual file transfer rsync is amazingly fast (particularly if
the server is remote) as the connection is only made once.

If any gems have changed you will need to bundle install on the server
also, but I do this manually if required. Also if migrations have
been added then you will need to run the migrations.

For the rsync I have an ignore file containing:

I too will be interested to hear of other suggestions.


If I understand correctly, the root problem of the OP
is not being able to use standard capistrano recipes
since the production server (in the DMZ) cannot reach

the git repo that is inside the company firewall?

What I have done in such a scenario (where my production
server is at a hosting company) is to use standard
capistrano practice, but have a “production” branch of

the git repo on the production server. So the git checkout
on the production server is pulling from a “local” repo.

The top of my deploy.rb then becomes something like:

set :user, ‘vandenabeele’ # username on the production server

set :application, ‘flamjobs’ # app name
set :repository, ‘vandenabeele@xxx.yyy.zz:git/flamjobs.git’
set :branch, ‘production’

For that, I has set-up a “bare” repository in the directory


and I push into that from my dev machine before running
cap deploy (I could probably automate that too …).



yes - I have thought of similar things, but just to clarify:
I cannot do a git pull from the DMZ inside the firewall as a deployment
method, I cannot compile locally on the DMZ machine, my test target is
the same OS as the test/dev envs, so compiled assets will work when
transferred directly.

The 'production branched' local repo may be my best approach though ...
I just think that others must have encountered this problem. Was always
surprised that cap didnt have some kind of push approach.

It actually does or at least did:

Best regards

Peter De Berdt

Peter De Berdt wrote in post #1049490:

It actually does or at least did:

Best regards

Peter De Berdt

Yes - thats what I was looking for. Thanks, it works as described.