After a roughly four-year gap in posting new content (or spending any time working on this site generally), I’ve decided to change web frameworks and migrate this site from WordPress (on a self-hosted LEMP stack) to Hugo, an open-source static site generator. The new site is still a self-hosted setup, but does not require PHP or MySQL. It is a wonderfully static website, and the performance should reflect that.
I had been wanting to move away from WordPress for some time. There were a few reasons for doing so, and I’m not going to get into too many details here, but I think they will feel familiar to many who have dabbled in hosting their own websites.
First and foremost, I had concerns about the security of the setup. As clearly seen in the Nginx access logs, countless bots roam the Internet day in and day out, poking holes at WordPress installs. They can be seen endlessly probing for misconfigured endpoints, insecure/outdated plugins, unprotected directories, etc.
|Bot spam in Nginx logs, seen when wp-admin.php and wp-login.php were temporarily opened in the Nginx config (usually I keep them locked down)|
I had read much about securing WordPress and web hosting instances in general. My Nginx and PHP configs were fairly well hardened, and using Cloudflare as a proxy/CDN helps thwart brute force attacks and the likes. The Ubuntu-based VM that hosted the instance also had many best practices applied, including ingress restrictions through firewall configs and limiting SSH access in various ways. I had configured automated updates for the system, WordPress and its plugins, using a variety of cron jobs (generally calling custom bash scripts). But, despite all this, and despite [to my knowledge] not having a compromise since launching the site almost 10 years ago, I still felt like there were security holes I wasn’t aware of. There was just too much complexity and too much to trust with WordPress, especially once you throw plugins into the mix.
I found the process of optimizing the performance cumbersome, and ran into several page-loading delays that I couldn’t get to the bottom of. Until earlier this year, this website was hosted on a low-end Intel NUC. The NUC’s processor, a Celeron J3455, is a quad-core, 1.5 GHz, 10 W, Apollo Lake processor with performance comparable to a high-end smartphone from a few years ago. While the NUC provided excellent value (around $200 CAD in 2018, excluding RAM and storage), it also provided limited performance when running the rest of my self-hosted services. To optimize the web serving performance, I experimented with various Nginx and PHP settings, plugins for caching, content compression, etc., but was never able to bring the load times down to the sub one second range I wanted to be in. Migrating to a static site makes this trivial, and the page load times are now much improved on the new site.
I wanted to ensure that once I resumed posting new content, it would be portable and easy to transition to different platforms. I didn’t want to be locked into one specific solution. Hugo uses Markdown for content creation, and that makes content wonderfully simple to produce and very easy to migrate. No web framework lasts forever, and I want to make sure that the next transition is easier than this one was.
Once I had decided to move to Hugo, I used this tool to perform the first “bulk” migration from WordPress. It did reasonably well, but unfortunately left a lot of HTML in the posts, most of which caused formatting issues. Some of this was related to custom HTML added by plugins, but much of it was due to formatting like justified paragraphs and image galleries. My guess is “vanilla” WordPress content should migrate over fairly well. Over the period of several hours here and there, spread across many days, I grep’d, sed’d and manually edited my way through updating the posts to pure Markdown.
I plan to get back into the habit of posting new content and updating the site more regularly. When I was more active as a pilot, I very much enjoyed posting about notable flights and sharing with friends and family. I’d like to do more of this, but also, I’m looking to post more varied content. I’ve been experimenting a lot with home server builds (stay tuned for a post on the server this site is hosted on), Docker, Proxmox, Debian, FreeBSD, etc., so expect some self-hosting topics. I’d also like to post more about things I encounter in my professional life, in case they are interesting or useful to read about for others. At some point, I’ll need to update the Projects page, as some of the content there is nearly 10 years old.
For some time, I will be maintaining the WordPress site at old.chrishii.ca, but I plan to take this down in the near future once all the kinks are worked out of this one.