If you’re old enough to remember a time before selfie sticks and Pokemon Go, you might remember that static websites were once commonplace. You would write the HTML code by hand and upload it to your tiny quota on an expensive server. Then, the 2000s came and WordPress and other content management platforms took over. Today, however, static websites are making a comeback – and they deserve serious consideration.
Why Static Sites
Today, a static site doesn’t mean writing all of the HTML code by hand. You start by picking one of many static site generators. There are a wide range available and most are free and open source. The best known is Jekyll. Jekyll is GitHub’s creation and powers GitHub pages. It also powers our own website.
With Jekyll, or any static site generator, you create templates just like you would with WordPress, Joomla, Drupal or any other CMS. The key difference is that rather than uploading the templates to your server with the CMS, you run your static site generator on your own computer, over the templates. The static site generator creates plain HTML files that do not need to be processed by a server before they are sent out to your visitors.
Before moving to a static site, we mostly relied on Silex, a micro-framework designed to ease the development overhead of small web applications. As we started to focus on improving our website’s content, both for search engines and real users, we wanted to streamline the process of making changes and take advantage of a full site CDN.
After moving to Jekyll and Netlify, making changes on our website became easier and our website is generally much faster. Netlify’s build tool also means that we can revert to an ealier verison of our website if something is broken, and uploading a new copy is as simple as deploying with Git or dragging a folder onto a web page.
The tools to generate, deploy and host a static site are collectively known as the JAM Stack. For us, this means Jekyll, Git, Netlify and a text editor.
Where to Start
Pick a static site generator. Factors you should consider are: the ease of installation, the ease of use and its extensibility. There is a great comparison here. Pay special attention to the template language used. Jekyll uses Liquid for example, that is just as powerful as Twig, Smarty and other well known template languages.If you choose Jekyll, you’ll need to install the RVM first and then simply:
gem install jekyll
At this point, you’re ready to create your website files. If you’re unsure where to start, start with the skeleton:
jekyll new project-name
and run the inbuilt web server:
Deploying your Jekyll site to Netlify is easy: after running the last command and verifying that the website is working, simply drag the “_site” directory on to the Netlify website page, over the picture of your website.
After building and deploying, you might wonder what other optimisation you can do. If SEO is a priority for you, you might like to keep an eye on your Google Pagespeed score. We started to explore Jekyll addonsto, for eaxmple, inline CSS.
HHVM has numerous performance benefits when compared to PHP 5.6 and below. For any websites, especially those that cannot be easily updated to suport PHP7, it is an excellent choice to improve performance and capacity.
HHVM was recently deployed on a large Magento store under our management. The store utilised CentOS 7, Nginx 1.9 and HHVM 3.14. We occasionally noticed 502 and 503 errors as HHVM had crashed. After each crash, the logs were empty, making it difficult to find the cause of the crash. It is likely, however, that as HHVM’s implementation of PHP functions deviates from PHP’s, that code and data changes could lead to such crashes.
Unfortunately, debugging HHVM can be challenging as logs generation relies heavily on HHVM’s debug mode, which in turn reduces performance drastically. In our experiments, HHVM’s debug mode increased page load times from around 0.2s to upwards to 2s, making it impossible to use in production.
Having experimented with internal and external HHVM builds, we started to experiement with different versions. We had deployed HHVM 3.14 originally and newer sub-versions did not make a noticeable change. The solution lied in downgrading HHVM to 3.9 which anecdotal evidence suggested was more stable.
Approximately one week later, the 502 and 503 errors are no more. This begs the question of the future of HHVM: it was developed in-house by Facebook for their own use and, although it is an excellent open source contribution, its seems unlikely that its stability and performance record can compete with PHP7.
One of the most popular articles on our blog is an article dispelling common myths around SSL certificates. Let’s Encrypt gained a lot of attention after the article was written. Let’s Encrypt is a radically new way of getting an SSL certificate that is primarily popular because it’s free. The motivation is supposedly that, in 2015, there is really no reason not to use HTTPS. The overhead was considerable in the 90s but today, in most circumstances there is no perceivable difference. With recent revelations about ISP and government spying, other concerns about privacy and a spate of large hacks, there is a potentially lot to be gained. Google is also prioritising websites using HTTPS in its rankings and, more recently, in Chrome.
The cost to issue SSL certificates is generally very low so it is possible to offer them for nothing and rely on advertising or sponsorship. Let’s Encrypt is sponsored by several recognised names including Mozilla, Cisco and Facebook. It has also recently left beta, meaning that they believe that it’s stable enough for normal use, which has also been our experience.
Let’s Encrypt vs. the competition
Most SSL issuers have a set way of issuing certificates. For certificates other than EV (extended validation, “green bar”), you receive an email at a recognised email address on the domain that you want to secure. This proves that you control the domain and allows them to fulfil their obligations. Comodo has also added some other options such as creating a DNS record or uploading a file to your webspace. In all cases, when you’ve done this, you get the certificate, for at least one year.
The certificates aren’t usually recalled except under extreme circumstances (e.g. if you bought from a reseller who didn’t pay their bill) although they can, hypothetically, be recalled in most cases using OCSP, a modern standard, also aggressively supported by Google, that allows the issuer to revoke it in a way that is obvious to most users.
To use Let’s Encrypt, you or your hosting company or server administrator must install some software on the server that automates the Comodo-style HTML file upload process. Every so often, it speaks to Let’s Encrypt to get a new HTML file and places it in your web root. Let’s Encrypt sees it and issues a new certificate that is good for another (in our experience) 90 days. The impressive feat here is that once the software is installed, it’s all automatic. The down side is that the software must be installed and maintained, although it is fairly easy.
Thos who use cPanel can easily install a plugin (that works well in our experience) to easily add and remove certificates to/from websites without dealing with an issuer or reseller. A web hosting provider with hundreds of accounts can save their users a lot of expense and time with this plugin.
Why you might not use Let’s Encrypt
There are relatively few reasons why one should not use it. The security is the same, it costs nothing and the issuance process is usually easier. If your hosting company doesn’t allow you to install the software or doesn’t support it themselves, for now, you’ll have to buy certificates the old way. Equally, if you have a lot of subdomains to secure or want a “green bar”, you might still opt for a wildcard or EV certificate since Let’s Encrypt don’t issue them. I’ve yet to see any impartial numbers on how EV certificates and site seals impact sales – I would guess the impact is very minimal in percentage terms. However, for a busy e-commerce website, it is probably worth the £30-100 to buy an EV certificate even if the percentage effect on conversions is very small.
Overall, the author is glad that the days of expensive SSL certificates are coming to a close. It was an industry that we could do without and Let’s Encrypt have had a substantial impact on way SSL certificates will be issued from now on.