Static is the New Dynamic
A discussion about modern engineering techniques to produce dynamic, scalable, performant, maintainable, and efficient websites.
BuffaloJS - March, 2017
Jesse Farinacci
I like programming. I like operating systems. I like web applications. I like learning new things in general. I like fielding questions while presenting, so please speak up!
Static vs Dynamic
static
- delivers content in the same format in which it is stored
- no server-side code execution is required
- usually a mix of HTML, images, CSS, and JavaScript
- static != boring
- HTML5 + modern frameworks + API Economy = engaging and interactive
- cache friendly resources play nice with CDNs and browsers
- serverless: modern network file servers grok HTTP
- dynamically generated content by a server process
- personalized / customized resources or pages
- requires code development skill to create and maintain
- directly interacts with one or more data sources and web services
- LAMP: Linux, Apache, MySQL, {PHP, Perl, Python}
- MEAN: MongoDB, Express, Angular, NodeJS
- Amazon, EBay, Facebook, YouTube, WordPress, MovableType, Drupal, Joomla, etc
- many servers: web ⇔ renderer ⇔ database
dynamic
The OLD Stack
The rough evolution of serving web content to users.
The OLD Stack
The OLD Stack
The OLD Stack
The OLD Stack
The OLD Stack
The OLD Stack
The OLD Stack
The OLD Stack
The OLD Stack
Developers
- Stuck with fragile deployment, e.g. FTP
- Difficult to scale multiple authors
- Complex environments; testing matrix of death
- No transactional deployments
Operations
- Diverse environments to maintain
- Too many caches and pools to tune
- ACL nightmare
- No transactional deployments
Users
- Cold caches
- Inconsistent themes for large sites
- Poor performance for building simple pages
- Server-side rendering is anti-global (no edge CDN)
“Attacks on WordPress Sites Intensify as Hackers Deface Over 1.5 Million Pages”
“Panama Papers hack: Unpatched WordPress, Drupal bugs to blame?”
“Vulnerability in popular Joomla e-commerce extension puts online shops at risk”
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.”
“Yahoo Says 1 Billion User Accounts Were Hacked; [suspected infiltration via insecure cookies]”
“CVE: Ruby On Rails JSON Parser Remote Code Execution Vulnerability”
“ShellShock: GNU Bash has a serious flaw which can allow an attacker to remotely run any arbitrary command where the shell is used behind the curtains.”
“Millions of application servers [JBoss, WebLogic, WebSphere] are potentially open to compromise due to how they handle serialized Java apps”
“Severe SQL Injection Flaw Discovered In WordPress Plugin With Over 1 Million Installs”
Aaarrrggghhh!!!
There's got to be a better way..
The NEW Stack
The reimagining of content delivery.
The NEW Stack
The NEW Stack
The NEW Stack
The NEW Stack
The NEW Stack
The NEW Stack
Developers
- Front end decoupled from backend
- Building sites decoupled from hosting
- APIs are leveraged instead of direct access of database
Operations
- Reduced complexity of environments
- Removal of at least two layers of servers
- Catastrophic outages fixable with a simple rebuild of SCM+CI or load balancer updated
Users
- Super hot caches
- Consistent themes for large sites
- CDN / edge-CDN friendly resources
Static Sites
YAML
YAML Ain't Markup Language: human friendly data serialization.
YAML By Example
--- # scalars key: value another_key: Another value goes here. a_number_value: 100 scientific_notation: 1e+12 boolean: true null_value: null long_string: "A string, enclosed in quotes." "key with: specials": weird ---
YAML By Example
---
# maps
a_map:
key: value
a_nested_map:
another_key: 'Another Value'
hello: world
---
YAML By Example
---
# sequences
a_sequence:
- Item 1
- Item 2
- 0.5 # multivalued types
- Item 4
- key: value
another_key: another_value
-
- This is a sequence
- inside another sequence
---
Jekyll
Transform your plain text into static websites and blogs.
Jekyll
- Simple static site generator
- Renders Markdown into HTML/CSS
- Generates complete website ready for static serving
- YAML configuration, global and local
- Comprehensive plugin system
- Many themes and templates available
- Ruby based build system
- Backend for GitHub Pages function
- Blog-aware: permalinks, categories, indexes
Jekyll: Project Organization
. # project ├── _config.yml # global config ├── _data # global data for use in templates | └── members.yml # some data, site.data.members.* ├── _drafts # unpublished posts | └── static-sites-101.md # ├── _includes # partials and mixins for include | ├── footer.html # | └── header.html # ├── _layouts # templates that wrap posts/content | ├── default.html # | └── post.html # ├── _posts # your published posts | └── 2017-03-06-buffalojs-meetup.md # ├── _sass # sass partials | └── base.scss # ├── _site # generated site output directory ├── .jekyll-metadata # internal tracking data └── index.html # named html file
Jekyll: Example Post
--- layout: post title: "Welcome to Jekyll!" date: 2015-11-17 16:16:01 -0600 categories: jekyll tutorial --- You’ll find this post in your `_posts` directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run `bundle exec jekyll serve`, which launches a web server and auto-regenerates your site when a file is updated. To add new posts, simply add a file in the `_posts` directory that follows the convention `YYYY-MM-DD-name-of-post.ext` and includes the necessary front matter. Take a look at the source for this post to get an idea about how it works.
Jekyll: Building and Serving
bash$ jekyll build # build the site into _site bash$ jekyll build --watch # ^^ ++ watch for changes bash$ jekyll serve # build the site and serve wth webserver bash$ jekyll serve --incremental # ^^ ++ only build changed resources
Live Demo
Continuous Integration
In software engineering, Continuous Integration is the practice of merging all developer working copies to a shared mainline several times a day.
Continuous Integration: Principles
- Maintain a code repository
- Automate the build
- Make the build self-testing
- Everyone commits to the baseline every day
- Every commit (to baseline) should be built
- Keep the build fast
- Test in a clone of the production environment
- Make it easy to get the latest deliverables
- Everyone can see the results of the latest build
- Automate deployment
GitLab
A web-based Git repository manager with wiki and issue tracking features.
GitLab
- Free and Open Source!
- Private and public projects
- User roles for fine grained ACL
- Static website hosting
- Protected git branches
- Project importing: GitHub, BitBucket, etc
- Wiki documentation with Markdown
- Convenient code snippets
- Powerful feature complete APIs
- Issue tracking system, labels, milestones, due dates
- Kanban-style issue boards
- Merge requests with code review
- UI based merge conflict resolution
- GitLab CI runners and pipelines
- Review apps in live environment
- Autoscaling pipelines
- Private per-repo Docker Registry
- Customizable notifications
- Rich integrations with popular tools
Docker
Build, Ship, and Run any application, anywhere.
Docker
- Consistent build, ship, run
- Standardizes API for container management
- Standardizes container format
- Rapid application deployment
- Portability across machines*
- Version control of containers
- Easy cross team collaboration
- Incremental changes to containers
- Simplified application maintenance
- Reduced dev and ops friction
- Lightweight virtualization
- Docker Registry for container sharing
- Integration with tons of 3rd party tools
- Easy cloud flow for public, private, hybrid
- De facto standard, huge knowledge base
Live Demo
Cloud Provisioning
On demand provisioning of internet based computing resources.
Cloud Provisioning
- Pay for what you use
- Near immediate provisioning
- Capital Expenditure vs Operating Expenditure
- Developer friendly APIs
- Service Level Agreements (SLAs)
- Large OS-level availability
- Geographically dispersed zones
- Better positioned for DDOS mitigation
- Wide diversity of public, private, and hybrid
Amazon S3
Amazon Simple Storage Service.
Amazon S3
- Static web hosting
- "Infinitely scalable"
- 2 9s availability, 11 9s durability
- S3 Bucket versioning
- Policy based tiering and migration
- Fine grained access control
- Deeply integrated with rest of Amazon stack
- Configurable encryption and key management
- Many 3rd party software optionally leverages it
- Plays nice with Serverless Computing
- Disaster recovery, cross region replication
- Storage Gateway enables hybrid cloud
Amazon CloudFront
Global content delivery network service.
Amazon CloudFront
- Global regional caches (~70 zones)
- Integration with Amazon S3
- 3 9s availability
- Integrated DDOS protection
- IPv4 and IPv6 dual stack
- HTTP/1.0, HTTP/1.1, HTTP/2
- TLSv1.1, TLSv1.2
- Great APIs for cache invalidation
- Integration with Amazon SSL cert manager
- Wildcard CNAME support
- Lots of pricing options, free tier
- Works great for static, dynamic, and streaming content
