A new blog

This is not my first blog. I have had numerous failed attempts at blogging, from Live Spaces, to Blogger (formerly known as Blogspot), to a number of Wordpress blogs. There's a certain pleasure in setting up and exploring new software that tends to be short-lived.

This time it's different, or at least I hope it will be. I was inspired to start blogging after Troy Hunt's talk at NDC Oslo titled Hack your Career which is more or less discussed in this series of posts on his blog. The recommendation he makes is to avoid setting everything up and instead make use of a third-party blogging services, also mentioning that the service he uses is Ghost Pro.

Ghost Pricing

I decided to dive into Ghost by opening an account, and was instantly sold by the clean and easy to use interface, the fact that it looks and feels (and is) modern, and that posts are written in Markdown. Their pricing model is pretty straightforward, and I could have easily started paying $19/month (paid yearly) and had everything up and running instantly - not to mention the piece of mind that comes with having an actual service.

In the end the approach I have taken is slightly different than recommended. Instead of opting for the service I decided to host it myself, this gives me a certain insight over the setup and the product itself. I do not exclude moving over to Ghost Pro in the future, but for now I will host and maintain the setup myself.

The Setup

The way I have set it up is fairly straightforward (and budget friendly too!). First, I chose a VPS provider. Usually I just opt to use DigitalOcean, but this time around I wanted to experiment with Linode, given how competitive their pricing options are. I quickly started an instance of CentOS 7 and begun setting everything up - there's plenty of guides online, so there's no need to add a new one here.

PostgreSQL

Edit: It seems like Ghost has ended support for PostgreSQL in their release of version 1.0.0, therefore I no longer recommend using PostgreSQL as a data store for Ghost. I will be migrating to MySql in due time and I'll post a guide of the migration process.

By default Ghost makes use of SQLite, which is a single file, cross-platform, SQL database engine. Instead, I opted to switch to PostgreSQL. Fortunately changing datasource to PostgreSQL is effortless, all that is needed (after installing the engine and setting up all permissions and databases) is to open the config.json and changing the production database section. I chose to do something that is often frowned upon, I installed the database on the same server as that is hosting Ghost - if you can do otherwise, it would be recommended.

 production: {
        url: 'https://www.darylcumbo.net',
        mail: {},
        database: {
            client: 'pg',
            connection: {
                host: 'localhost',
        port: '5432',
        user: '{database user}',
        database: '{database name}',
        password: '{super secure password}',
        charset: 'utf8'
        },
            debug: false
        },

        server: {
            host: '127.0.0.1',
            port: '2368'
        }
    }

And that's it, once Ghost launches it will re-create all necessary tables and it's up and running again.

Subresource Integrity

Subresource Integrity (or in short, SRI) is a technique that allows the browser to verify that the scripts being loaded from a CDN have not been tampered with. The only problem is that not all browsers support it (cough cough IE cough).

SRI

This meant that I had to make a decision, either use it and risk the site looking like garbage for users visiting through Internet Explorer, or not use it at all, and risk serving malicious scripts to users visiting the site. I opted for the former, given that the target audience for the blog is tech people, and these often have more than one browser installed.

Supporting it is very easy, all one has to do is grab a CDN script link and using this site to generate script tags with integrity checks.

Cloudflare

Cloudflare is an amazing product, especially when you consider the fact that they have a free plan that does not feel limiting at all. At its roots Cloudflare is a CDN provider, but it's more than just that. It allowed me to support HTTPS, and since I'm hosting my own instance of Ghost, I also installed the origin certificates provided by Cloudflare, this means that I am offering end-to-end encryption (kind of an overkill when you think about it). I'm also making use of other features such as Automatic HTTPS rewrites, Auto Minify of resources, Page rules, Always Online and Caching.

Even though I went for the route of setting everything up myself, having such a service gives some piece of mind. Since it's caching and returning results from their PoPs (point of presence), and therefore my server is shielded and won't actually get as much traffic.

Https

Finally, another awesome thing you get by just switching Cloudflare on is HTTP/2 + SPDY, which makes loading the site blazingly fast.

HTTP/2 + SPDY

I might go through how to setup Cloudflare for your site in the future, because given the features and benefits you get from using it, it's on top of my recommendations for anyone who would like to have their own website or blog. I still can't believe the free tier offers all of this.

Performance

At the end of it all, I ended up with very positive performance markers.

Site speed test - gtmetrix.com

I take these Metrics with a pinch of salt though. The site is more or less empty and nowhere close to full featured. That said, it's an excellent place to start from.