Setting up a website - ERE style

Fixing and making things, what tools to get and what skills to learn, ...
jacob
Site Admin
Posts: 15859
Joined: Fri Jun 28, 2013 8:38 pm
Location: USA, Zone 5b, Koppen Dfa, Elev. 620ft, Walkscore 77
Contact:

Re: Setting up a website - ERE style

Post by jacob »

Scott 2 wrote:
Fri Apr 21, 2023 1:15 pm
At the same time - tech changes rapidly. It's possible the tools you use lose support. This can manifest in a variety of ways - from a broken website to a working site that silently compromises the security of everyone who visits it.
Would [security] also be an issue with a static website? I only have a vague notion of how website hacking works but I would think that if all a server does is output a fixed set of html pages, it's impossible to "get in".

zbigi
Posts: 968
Joined: Fri Oct 30, 2020 2:04 pm

Re: Setting up a website - ERE style

Post by zbigi »

jacob wrote:
Sun May 07, 2023 8:54 am
Would [security] also be an issue with a static website? I only have a vague notion of how website hacking works but I would think that if all a server does is output a fixed set of html pages, it's impossible to "get in".
It's not impossible, just harder (the attack vector is smaller). Since there's no software that you wrote on your own, there won't be any vulnerabilities there - but there are still vulns in operating system and standard software that you use (ssh daemon, apache web server etc.). Installing a security-minded Linux distribution (one with most services are turned off by default, so that the attack vector is smaller), configuring the firewall properly and then keeping the software up to date should minimize the risk to the point where I wouldn't worry about it though.

avalok
Posts: 277
Joined: Fri Mar 05, 2021 4:42 am
Location: West Midlands, UK; Walkscore 73

Re: Setting up a website - ERE style

Post by avalok »

It might not be very ERE, but for static sites you can often use a cloud provider's managed service, which abstracts away the server the site is hosted on. You will only have access to upload the site's composite files, typically using SFTP. Your site will be isolated from any others, so the worst that could happen is an attacker hijacks your site to serve other content. This route only makes sense if you trust that "they" know better regarding security than you.

Scott 2
Posts: 2820
Joined: Sun Feb 12, 2012 10:34 pm

Re: Setting up a website - ERE style

Post by Scott 2 »

jacob wrote:
Sun May 07, 2023 8:54 am
Would [security] also be an issue with a static website?
Yes. The web server is still exposed to the Internet. The underlying applications remain at risk. As long as you accept communication, you can be compromised. The request for a web page is communication.

The degree of risk depends heavily on how the web server is hardened. A stock windows install offers much more exposure than a Linux distro purpose built to serve static html.

Freely available tools can automatically map websites, servers and networks. That map can be used to automatically attempt ever evolving libraries of know attacks. The tools are highly configurable, allowing rapid customization to the target's exposed surface. Learning the basics takes a few hours. This is very low hanging fruit.

In a professional environment, there's an ever evolving hardening policy. The organization constantly attacks itself. Some go so far as to implement an immutable infrastructure. The entire server environment is read only. If you want to change it, you have to rebuild and redeploy. This is facilitated by scripting tools and virtualization. Almost nobody is running at scale on bare hardware.

When you're interfacing with cloud infrastructure, you're jumping to the logical conclusion of those patterns. Abstract away and standardize the complexity. Scale makes for better security and stability than you could ever hope for personally.

avalok
Posts: 277
Joined: Fri Mar 05, 2021 4:42 am
Location: West Midlands, UK; Walkscore 73

Re: Setting up a website - ERE style

Post by avalok »

Scott 2 wrote:
Sun May 07, 2023 12:55 pm
Almost nobody is running at scale on bare hardware.
Containers probably offer the best combination of security and self-hosting, if wanting to avoid managed cloud services. They are easy to set up, secured by design, and you can run docker on quite minimal hardware with Linux. It also means you're not locked into a platform, because the container is deployable anywhere you can run docker.

xmj
Posts: 118
Joined: Tue Apr 14, 2020 6:26 am

Re: Setting up a website - ERE style

Post by xmj »

Scott 2 wrote:
Sun May 07, 2023 12:55 pm
Yes. The web server is still exposed to the Internet. The underlying applications remain at risk. As long as you accept communication, you can be compromised. The request for a web page is communication.

The degree of risk depends heavily on how the web server is hardened. A stock windows install offers much more exposure than a Linux distro purpose built to serve static html.
With GitHub Pages, that risk comes down to how well you can restrict write-access to the Git repository backing the Page. Using SSH keys (ed25519), a strong & unique password, and 2FA, you'll probably be fine.

zbigi
Posts: 968
Joined: Fri Oct 30, 2020 2:04 pm

Re: Setting up a website - ERE style

Post by zbigi »

avalok wrote:
Sun May 07, 2023 5:02 pm
Containers probably offer the best combination of security and self-hosting, if wanting to avoid managed cloud services. They are easy to set up, secured by design, and you can run docker on quite minimal hardware with Linux. It also means you're not locked into a platform, because the container is deployable anywhere you can run docker.
Wait, are you recommending docker for a simple static web site? Docker is not free (it introduces extra abstractions to figure out and later deal with) and I can't see what it's adding on top of a bare metal box (e.g. Raspberry PI for minimal initial investment and ongoing costs).

avalok
Posts: 277
Joined: Fri Mar 05, 2021 4:42 am
Location: West Midlands, UK; Walkscore 73

Re: Setting up a website - ERE style

Post by avalok »

I think it depends on the use case and the environment within which the site will be hosted. If the server will be used for other services, then it would be worthwhile isolating the site from the rest of the system. Docker can be used in this case to achieve something similar to a BSD jail. Any services running alongside the site cannot be affected by attacks to that site; server configurations can be made local to each service so that they do not conflict. In a way, this more easily allows you to make better use of a single piece of hardware.

I am also a fan of reproducible and declarative environments. The entire environment is defined in code; this means you can see what is required to run the site, and its configuration, in a single place; it also means that deploying to other hardware or locations is much more trivial.

It seems like unnecessary overhead, but I do think it can give you a lot of flexibility and maintainability.

tylerrr
Posts: 678
Joined: Tue Dec 13, 2011 3:32 am
Location: Boston

Re: Setting up a website - ERE style

Post by tylerrr »

I simply hardcode my site with VS code as an editor....
But VS Code is too bloated for me, anyone have a better option that is more simple?

Then, I simply FTP my html pages up the webhost using FileZilla...

My main problem at this point is trying to devise a TEMPLATE system that stays consistent that I can keep re-using on my site.

Any ideas on this would be great....

loutfard
Posts: 323
Joined: Fri Jan 13, 2023 6:14 pm

Re: Setting up a website - ERE style

Post by loutfard »

tylerrr wrote:
Tue May 30, 2023 1:26 pm
I simply hardcode my site with VS code as an editor....
But VS Code is too bloated for me, anyone have a better option that is more simple?
Vim is simple, but very powerful at the same time. It does come with a bit of a learning curve though.
My main problem at this point is trying to devise a TEMPLATE system that stays consistent that I can keep re-using on my site.
No idea, sorry. The code I write is usually more backend...

tylerrr
Posts: 678
Joined: Tue Dec 13, 2011 3:32 am
Location: Boston

Re: Setting up a website - ERE style

Post by tylerrr »

loutfard wrote:
Tue May 30, 2023 2:27 pm
Vim is simple, but very powerful at the same time. It does come with a bit of a learning curve though.


No idea, sorry. The code I write is usually more backend...
thanks

basuragomi
Posts: 416
Joined: Tue Oct 15, 2019 3:13 pm

Re: Setting up a website - ERE style

Post by basuragomi »

@tylerrr, aren't you describing CSS? Maybe I've misunderstood the question.

jacob
Site Admin
Posts: 15859
Joined: Fri Jun 28, 2013 8:38 pm
Location: USA, Zone 5b, Koppen Dfa, Elev. 620ft, Walkscore 77
Contact:

Re: Setting up a website - ERE style

Post by jacob »

I'm also a bit confused here as it seems like the answer is too obvious?! Make a CSS file and one or more template HTML files that you copy and write in your content. This is how things were done in the 1990s :)

Scott 2
Posts: 2820
Joined: Sun Feb 12, 2012 10:34 pm

Re: Setting up a website - ERE style

Post by Scott 2 »

A content management system, like WordPress, is designed around solving this very problem. There's advantage of abstracting away various delivery problems - browsers, devices, accessibility, etc.

TopHatFox
Posts: 2322
Joined: Thu Oct 17, 2013 10:07 pm
Location: FL; 25

Re: Setting up a website - ERE style

Post by TopHatFox »

HTML file + PHP file + CSS file + JavaScript file + SQL relational database (like PostgreSQL), on Visual Studio Code. If you wanna get fancy, React.JS. Spend 6 months to a year figuring that all out via TeamTreeHouse.com.

If you don't wanna learn any of that, Wordpress or Square.

tylerrr
Posts: 678
Joined: Tue Dec 13, 2011 3:32 am
Location: Boston

Re: Setting up a website - ERE style

Post by tylerrr »

basuragomi wrote:
Wed May 31, 2023 10:37 am
@tylerrr, aren't you describing CSS? Maybe I've misunderstood the question.
Yes, I'm doing that currently....

I have html files, a css file, some JS files for a few scripts that I wrote.
That's all.

But....I'm saying sometimes I'm running into problems where I need to update a Template and then I need to go BACK and correct all the old pages that I already published via FTP.

Anyone suggest a way of me making those changes automated where I can scan all my old files and make the edits quickly?

I'm sure there is a way with JavaScript somehow.

Also, I'm open to anyone's suggestion on absolute MINIMALIST template tags they would use on a MINIMALIST web page/site.

I love the thought of simplifying the web site process even more without using CMS like WP, etc.

Questions:
1. what FTP do you like besides FileZilla that is simple and fast?

2. What's your suggestion on Template tags for a web page that you think suffices for all needed.
<html>
<head>
<meta description>
<title>
<h1>
<h2>
<p>
<script>

3. What editor would you use to spellcheck your content and Tags before you hit the publish button?

4. Anything else that comes to mind?

loutfard
Posts: 323
Joined: Fri Jan 13, 2023 6:14 pm

Re: Setting up a website - ERE style

Post by loutfard »

tylerrr wrote:
Wed May 31, 2023 4:41 pm
1. what FTP do you like besides FileZilla that is simple and fast?
I hope you're at least using a secure connection method, like sftp or scp.

Scott 2
Posts: 2820
Joined: Sun Feb 12, 2012 10:34 pm

Re: Setting up a website - ERE style

Post by Scott 2 »

You might try a diff utility, like beyond compare:

https://www.scootersoftware.com/

jacob
Site Admin
Posts: 15859
Joined: Fri Jun 28, 2013 8:38 pm
Location: USA, Zone 5b, Koppen Dfa, Elev. 620ft, Walkscore 77
Contact:

Re: Setting up a website - ERE style

Post by jacob »

tylerrr wrote:
Wed May 31, 2023 4:41 pm
Anyone suggest a way of me making those changes automated where I can scan all my old files and make the edits quickly?
How big a site are we talking about?

Back in prehistoric times, awk and perl were popular choices for automagic line editing. If we're talking less than 10 pages, just edit them manually. Emacs made such a cut&paste job fairly easy. Another way would be to assemble the actual HTML out of header and footer files or even more different kinds of files and assemble them with something like cat header.html blog1.html footer.html >blogpost1.html and so on; using make to "recompile" the entire site.

But it sounds like you're on a point/click/drag windows system, so I don't know ...

tylerrr
Posts: 678
Joined: Tue Dec 13, 2011 3:32 am
Location: Boston

Re: Setting up a website - ERE style

Post by tylerrr »

thanks everyone for the suggestions.

Yes, I use sftp.

Yeah, a compare tool like that might work if I can quickly select new files on the right side to compare to my "good template" on the left side.
Then, I could just flip through all the pages on the site.

Not a big site yet...
Yes, right now I'm actually using JavaScript to spit out the footer on each page so it's always the same footer(I'm not sure if this is best practice to use JavaScript for something like this...).
But yes, I think you're saying I could kind of do what WordPress does. Make a separate html template for each PART of a single web page.
Then, when I change one of the templates, it automatically changes that part of the Page on every page of the site.
Does anyone here know if I could accomplish those different page templates using only JavaScript or would I need to use PHP?

So grateful to find like minded souls on this stuff.

Post Reply