About this site

Online since 1996, my personal website has evolved extensively over the years. From hand coded HTML in the 90s to HTML and CSS in the early 2000s to a content management system (Plone) for many years, I have finally rebuilt everything with a more professional and up to date look.

But not only has the style changed, the technology behind it has too. In some ways simpler, in some ways more complicated.

While I mostly focus on higher level security and compliance issues these days, I am still very much a technical hands on person. Managing the engineering and hosting of my own infrastructure instead of just outsourcing all of it is one way I keep skilled and current in the technology.

Not many websites are hand coded HTML these days but I did want some customizability. I also wanted a very small attack surface and minimal runtime dependencies. The solution was a static HTML website but template driven. Enter the Pelican static site generator.

Pelican gives me everything I want and nothing I don’t: Template driven, I can write custom HTML when I want, website compile time macros and python code execution to generate content on the fly, etc. It does not need a MySQL database backend and PHP with all of the security problems those things bring. I can write everything in vi, run make html, and see my new website.

All of the code is managed and controlled with git and uploaded to GitHub.

Github Actions are used to invoke Pelican to build the static site, build the container which serves the site, then deploy the container to Amazon EKS.

But for various reasons including security and performance, your browser never communicates directly with the container serving the site. Instead, the site is fronted by the Cloudflare global content distribution network. When the container gets rebuilt, the GitHub Action pipeline pings the Cloudflare API to drop the cache and pickup the new site. So even if my container is down, Cloudflare continues to serve. Cloudflare being down is beyond my threat model. :)