While recently reviewing hosting options and looking at how to revive this blog, I was surprised at the services now on offer to provide hosting that don’t cost a penny. Going back in time, I have hired virtual machines, shared servers for dollars a month and more recently used Amazon S3 services very few dollars a month, with a bought-and-paid for SSL certificate. More recently I have discovered that all these services I have paid for in the past are now available for free. In this article I’ll run through the options I have chosen for this blog and what they offer.
Buy a domain
While this article is about hosting a professional web site for free, I’ll start with the part that you’ll need to pay for - the domain. It’s true that many free hosting services offer you a subdomain so you can host your site completely for free, taking advantage of this does completely tie you into that particular companies offering, so should their policies change regarding offering free web sites, you’ll either have to buy in to their product, or start again.
Hosting is being done with Pubstorm. This is a very new service which has been produced by the team that brought you Nitrous collaborative code editing. This too has a nice option for free which I used from time to time. To be honest I did notice and extra menu item “Pubstorm” in the Nitrous ide environment but didn’t pay much attention to it until a mail shot arrived from them. Pubstorm, then, is a service for hosting a completely static website for free on the cloud. Interestingly, unlike many other free offerings, it offers both TLS (SSL) hosting and custom domains in the package for free. You have to bring your own domain and your own SSL certificate to the party if you want to take advantage of this, but at while putting together this blog I found at least two options for free SSL certificates. To publish content on pubstorm, you need their client software installed on your machine, but its available for with Unix and Windows system, and installs painlessly using the Node package manager NPM. It’s a very new service, so the documentation is very rudementary, but there’s enough to get you going. When I was getting started I had some difficulty uploading images from windows, I contacted customer service through the chat system available on their website and got a reply in less than 24 hours. It turned out there was a bug in the windows version of the client, and they had issued a fix by the time I’d come to read the replies from their guy ‘Pete’ .
Moving on from the hosting, you need a Content Management System (CMS). However Pubstorm is for publishing static sites only, so there seem to be a contradiction here. Content Managements Systems usually need a scripting language such as PHP or JSP, backed by some kind of database. It’s often this kind of infrastructure that costs the money. However some systems do exist that allow you to prepare the content, and then generate in advance all the pages of the website (rather than have the rendered on demand) these pages can share a template and a menu and so on. The resulting pages are then uploaded to the static web server. This blog uses “Wintersmith“ which is written for NodeJS. Articles are written using the standard format markdown which you can edit using any basic text editor, and the templates are written using Jade. Using this system it’s very easy to create an easy to maintain mobile optimized website using almost any text editor
Web traffic analysis
Perhaps less well known, but also from Google, is the Google Webmaster Tools suite of utilities. Again you log in to this using the same Google account which you created for Google Analytics, and add the url of your site. You’ll need to validate your site, in other words, prove to Google that you own the site. This can be done by adding special information in the header of your website, adding a specific record to your DNS, or validating using the Google Analytics scripts. Google Webmaster tools can help you with a variety of matters to improve your SEO, but one of the interesting from the point of view of web traffic analysis is that it allows you to see what search term have been used to find your site from Google. While traditional web traffic analysis used to be able to do this, with the advent of SSL used by most search engines to improve privacy, this information is now longer available in the referrer information for the browser.
This web site has too few pages to need a search just now, however again, Google provides Google Custom Search engine for search. It’s worth noting that that Google will show Ads in your page unless you are a not-for-profit organization.
Traditionally it’s only been banks and ecommerce sites which offered encrypted connection to their web sites, and with good reason since purchasing SSL certificates was a complex and expensive process requiring real world validation of the businesses requiring the certificate. The main free alternative was the self-signed certificate - and while that provided an encrypted connection, the little lock on the browser was not shown, as it didn’t provide any real guarantee that the end user was talking to the right website. In more recent times, the value of privacy for all web traffic has become to be more important, and more players entered the market, the price of SSL certificates came down. Nowadays it’s possible to get SSL certificates for free provided you can prove to the certificate authority (CA) that you control the domain. Launched towards the end of 2015, there is a service called “Let’s Encrypt” which provides a fully automated client for request and renewal of SSL certificate, in some cases the client will even install the certificate into the web server for you. The other alternative I found was to use the Content Delivery Network (CDN), Cloudflare (more on that below). With some simple configuration in their control panel, your pages will be delivered through their network using SSL. They will also provide you with a certificate, valid up to 15 years, which you can install on your web server so Cloudflare can pull your pages through to its CDN via SSL too.
EU Cookie law
https://staticapps.org/articles/authentication-and-authorization/ • https://www.firebase.com/ (looks more interesting for authenticating ) • https://www.userapp.io/