I have an application on Google App Engine. I used to store images within Ndb blobs, and serve them from GAE. Then all this relatively static seemed to put needless load on the application, and I switched to storing all images (including user-uploaded) within a GCS bucket, made publicly available through http://static.mysite.com, and served directly from there.
This is working great. Until I consider switching the application to SSL.
Setting up SSL for my GAE application went OK, but then I get security warnings because images are not served through SSL. So I need an SSL access to my GCS images, but GCS does not support SSL, and I see no plans for it in the future.
What are the options ? Storing images in GCS seems to be the recommended choice, and going SSL is now recommended for most websites, but the two seem to be incompatible.
I see Google CDN could be one approach that would (maybe) support SSL, but it's kind of overkill in my case.
Related
I would like to build a static website which basically represents a portfolio/resume which doesn't use cookies or third-party analytics and only has a mailto:// for email.
It seems very difficult to find a web host which easily allows me to just have a few static web pages without needing to go through a lengthy understanding of how the CPRA vs CCPA vs GDPR works and what I need to include in a privacy policy or terms and conditions. To make things even more confusing, the web host would most likely have their own analytics or IP logging and so you also need to understand how that affects your website and what you need to explain to the website visitor.
Has anyone had similar issues with this, or have any recommendations on what the best course of action would be to host a very basic website?
If you're not collecting any personal data, GDPR simply doesn't apply, so it's not too difficult to avoid problems.
If you don't use shared hosting, but use a dedicated VM (typical costs start from about €3/month) and configure HTTPS, then your visitors will not be seen by your hosting provider in any meaningful sense beyond encrypted TCP traffic. On your VM you can either turn off logging altogether, or retain basic IP logging on the basis of legitimate interests, which is entirely defensible for security and anti-abuse purposes, though if you're only serving static pages you may as well not bother.
Even if you're serving only static pages, loading client-side content from third party sources can present a problem, so avoid using anything like JS library or image CDNs, Google fonts, analytics, tag manager, anything from facebook, twitter, instagram, etc, though linking to those places is fine. Set very strict CSP and secure referrer-policy headers and don't use any cookies.
I'm trying out HTTP/2 and would like to know if there's any best practices for making a web application take advantages of the new protocol in both:
Server side and
Client side
And... where (and when?) should I start? What are the least effort changes to take effort of HTTP/2
Update:
Assumption : Users are already using browser that support HTTP/2.
Update 2:
Some good resources on this topic:
https://http2.github.io/faq/
https://www.nginx.com/blog/7-tips-for-faster-http2-performance/
https://www.smashingmagazine.com/2016/02/getting-ready-for-http2/
You don't need any changes to your apps to deploy HTTP/2: most things will work out of the box.
That said, here are a few tips that apply mostly if you are starting from scratch:
Start developing your application using HTTPS. You don't want to have problems with your URLs when you deploy your application because fetching some resources over http:// (e.g. Google fonts or any other CDN resources) does not work anymore. It takes five minutes with some tools (just google "Five minutes to HTTPS development URLs").
Consider if you want to host some resources that you would normally link to a public CDN in your own server. The main performance reason with HTTP/2 for linking to some assets in a CDN, if you are not hosting your entire site on that CDN, is that those resources may be already in the user's cache. If they are not, opening a new connection takes in average half a second.
Don't set up bundling. Set up instead HTTP/2 Push. And then go and grab your favourite module manager. Give a try also to web components and PolymerJS. They are simply awesome when you are not concerned about bundling and round-trips.
If you are using a server that uses machine learning for configuring HTTP/2 Push automatically (e.g, ShimmerCat), then a third tip is to keep the structure of your web pages predictable.
I am new to magento and i have just starting setting up my first sites. One of the requirements i am after is to store all images files on a seperate server from which the site is hosted on. I have briefly looked into amazon cloudfront and the following plugin:
http://www.magentocommerce.com/magento-connect/cloudfront-cdn.html
This works alongside my cloudfront distribution setup so the images are being accessed from the cdn alongside the js,css etc when i check the source. My issue is they still reside on my own server too.
Is there a way to have everything just on a cdn so that my server disk space can be kept as low as possible with only the template files on there, no images?
Based on experience, I would really recommend you do not try completely removing any media files away from your actual server disk. The main role of CDN should just be to completely mirror these whenever files are new or updated and such.
However, if you really want to do this I would also sternly warn you that you do not attempt this with js and css files. The trouble is just not worth it. You'll see why later.
So we're left with media or mostly image files. These files are usually very large thus the reasoning behind moving it away from server disk.
My strategy and what I did before is I used an S3 bucket behind the Cloudfront CDN. I moved all stuff from the media directory to S3, Cloudfront configured to pull from S3, then Cloudfront CDN then is CNAME'd as media.mydomain.com. Obviously, I would then set my media base URLs (System > Configuration > General > Web) to http://media.mydomain.com/media/ and https://media.mydomain.com/media/.
It worked perfectly. No CORS issues at all because I did not touch CSS/JS base url paths. Because for those files, I just relied on the free Cloudflare CDN (yeah, yeah, I know).
Next thing I knew and saw defects with this setup is that all uploads do not work at all. WSIWYG uploads do not go to the S3 bucket immediately.. However, there was a solution using s3fuse though which then immediately degraded into a problem as it had bad memory leaks too.
What ultimately worked is we just paid for the additional disk space (we were using Amazon AWS), Wrapped the whole domain on Cloudflare CDN, and when we needed SSL we upgraded to Pro.
Simple, it works and it's head-ache free.
NB: I'm not connected with Cloudflare whatsoever, I'm just really really happy with their service.
I have a bunch of markdown documents in Riak, which I'm exposing via a small Sinatra API with basic search functionality etc.
Each document has an associated image, also stored in Riak (in a different bucket). I'd like to have a client app display the documents alongside their associated images - so I need some way to make the images available, but as I'm only ever going to be requesting them by key it seems wasteful to serve them via a Sinatra app as I'm doing with the documents.
However I'm uneasy with serving them directly from Riak, because a) even using nginx to limit the acceptable requests, I worry about exposing more functionality than we want to and b) Riak throws a 403 for any request where the referrer is set, so by default using a direct-to-Riak url as the src of an img tag doesn't work.
So my question is - what's a good approach to take for serving the images? Add another endpoint to the Sinatra app? Direct from Riak using some Nginx wizardry that is currently beyond me? Or some other approach I haven't considered yet? This would ideally use Ruby as that's what the team I'm working with are more comfortable with.
Not sure if this question might be better suited to Server Fault - if so I'll move it over.
You're right to be concerned about exposing Riak to any direct connectivity. Until 2.0 arrives early next year, there is no security in the system (although the 403 for requests with a referrer is a security mechanism to protect against XSS), and even with security exposing any database directly to the Internet invites disaster.
I've not done anything with nginx, but all you'd really need to use it properly, I'd think, would be two features:
Ability to restrict requests to GET
Ability to restrict (or rewrite) requests to the proper bucket
Ability to strip out all HTTP headers that Riak includes in its result (which, since nginx is a proxy server and not a straight load balancer, seems like it should be straightforward)
Assuming that your images are the only content in that bucket, nginx feels like a reasonable choice here.
I've just added a CDN distribution using Amazon Cloudfront to my Rails application on Heroku, it's working OK.
My homepage serves around 11 static assets, I've made some tests using http://www.webpagetest.org/ and there are no differences (in terms of performance, optimizing load times) between using the CDN or not.
Is there any particular reason why this could be happening?
My region is Latin America btw, so it's using the All locations edge option.
Thanks.
The main benefits of using CDN from Amazon or others is that they are hosted on fast and reliable servers and offload the traffic served directly from your server, which in case that you have a dedicated fast server you won't see a considerable boost.
But another benefit is that they are potentially cached by user's browser (due to visiting other websites which have used the same CDN) so the visitor will have a better experience first time they visit your site.
A couple of suggestinos.
If the site CSS is one of the static assets that you have moved to CloudFront then I would try moving it back to your main server.
Since page display can't start until the site CSS is downloaded, you want to serve this as fast as possible. If it's coming from a CDN then it requires a second HTTP request.
Also, use the waterfall display from webpagetest.org to pinpoint where the bottlenecks are.
Good luck!