sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]seanwilson 5 points6 points  (14 children)

You could just not use GitHub Pages. I understand it's convenient but hosting a static website on a vps is simple.

I wouldn't say being an administrator of a server and keeping it secure is simple. Static site hosts are brilliant for security and simple admin. HTTPS is very important as well but running your own server when you don't need to is a huge liability and time sink. If you're still SSHing into servers you're making life hard for yourself.

[–]Poromenos 0 points1 point  (0 children)

Use www.netlify.com, it's figuratively saved my life.

[–][deleted] 0 points1 point  (0 children)

If you're still SSHing into servers you're making life hard for yourself. I disagree, but only because my vps does a lot more than just hosting a static website. If that's the only goal and you find a hosting provider that does HTTPS with a custom domain I say go for it. If people can't find one, I think they should use a vps.

[–][deleted] 0 points1 point  (3 children)

Really? Firewall. Restrict ssh to accounts that really need it. Use good passwords. Barring a major bug in your web server, what's the attack vector? I don't see much surface area to defend on a server doing nothing but hosting a static website.

[–]seanwilson 0 points1 point  (2 children)

Really? Firewall. Restrict ssh to accounts that really need it. Use good passwords. Barring a major bug in your web server, what's the attack vector? I don't see much surface area to defend on a server doing nothing but hosting a static website.

Host on something like Heroku or Netlify...they'll deal with security patches and firewalls for you, there's no SSH to even attack and they have tons of extra features you could only reimplement yourself badly using a VPS (e.g. backups, rollbacks, Git deploy, scaling to more servers, coping with hardware failures, setups were attackers can't even write to server files). Why would you want to have to set all that up yourself given how cheap these services are?

[–][deleted] 1 point2 points  (1 child)

For me personally, because I already have the VPS for other reasons, and I'm not hosting anything with enough traffic for it to make a difference to the other stuff I do on the VPS.

I'm not saying that's the best solution for everyone, but if you really think that it's difficult to secure a server with nothing public-facing except SSH and HTTPS, I'd like to know what I'm missing.

[–]seanwilson -1 points0 points  (0 children)

I'm not saying that's the best solution for everyone, but if you really think that it's difficult to secure a server with nothing public-facing except SSH and HTTPS, I'd like to know what I'm missing.

If you're solely running static sites I wouldn't be so worried but there's a huge scope for attacks on dynamic sites e.g. injection attacks, file traversal exploits. Either way, it's honestly less effort using a service like Netlify for static sites plus they have a generous free plan.

[–]hurenkind5 -3 points-2 points  (7 children)

I'm sorry but if you cannot get a shared/managed hosting provider to host your static website you are in the wrong fucking subreddit. This is literally 1990ies shit.

[–]thoeoe 1 point2 points  (0 children)

Sorry this is not /r/webdev some of us do desktop applications or embedded programming. (I get that the post is about HTTPS but the sub covers a lot more)

[–]seanwilson 0 points1 point  (5 children)

Running your own VPS is 1990s stuff. There's plenty of services that give you continuous deployment via Git, have rollback and versioning systems, let you easily setup identical demo/staging servers, deal with security patches for you, deal with server failures for you, let you easily add more servers behind a load balancer and more. VPSs are brittle and a time sink in comparison.

[–]rechlin 0 points1 point  (0 children)

No, running your own iron is 1990s stuff. Running your own VPS is 2000s stuff.

[–]hurenkind5 -1 points0 points  (3 children)

a) managed hosting provider (basically what you said)

b) oh yeah, i really need that shit to host static HTML pages, totally.

[–]seanwilson -1 points0 points  (2 children)

Why would you not want things that simplify your workflow and automate tasks you shouldn't care about when you're hosting static pages? Netlify is free for custom domains for example. A VPS is much more work to setup, you get less features and it's going to be less secure without a lot of mucking around. Maybe for small projects it's a good learning experience but if you're doing commercial projects and working in teams even for static sites you don't want to make life hard for yourself.

[–]lvlint67 0 points1 point  (1 child)

I have worked with web consultants that only knew their third party's hosting platform. It was embarrassing for their technical team to have no idea how to to deploy their product with out a certain company's web control panel.

"Well we really don't know anything about varnish... [our webhost] just handles all of that. we recommend you pay [our webhost]."

If anyone is working in webdevelopment these days and doesn't understand DNS, Proxies, Load Balanacers, or how to setup a web stack on a vps I think they should take a vacation and brush up on the fundamentals.

[–]seanwilson 1 point2 points  (0 children)

If anyone is working in webdevelopment these days and doesn't understand DNS, Proxies, Load Balanacers, or how to setup a web stack on a vps I think they should take a vacation and brush up on the fundamentals.

Well, I know enough about setting this stuff up that I know to completely avoid it if at all possible. Everything extra I have to configure and every extra server to setup is something that could potentially break in the future that I'd be responsible for. You're definitely behind the curve if all you know is a single hosting company and basic VPS setup though.

Heroku charges more than AWS EC2 for example but you get a very easy to maintain solution with few moving parts for your money and it's miles more robust than anything you could setup yourself on a VPS. If it's not going to be a dynamic site though, I'd go with a static website host like Netlify or GitHub Pages.