A year has past since the beginning of this little experiment, and some results are already showing:
- i’m not very prolific ^^
- i’m becoming more and more grumpy
- i don’t like my blog’s setup (but didn’t find better for now) .
So yeah, new year was 4 month ago and still nothing new here, my article on bind, dnssec and knot hasn’t moved further, but work-related issues send me back here to make some experiments, our SEO consultants where reportings issues on our client’s website and where in need of informations. Using the provided analytics software (PageSpeed Insight) on this blog gave horrendous results:
- This is a static content blog but not cache informations was returned by the webserver
- Text data wasn’t compressed on the way to the browser
Well not everything was bad, at least SSL was working OK and even more so HTTP/2.0 is active on the setup, however this isn’t part of PageSpeed Insight analysis (so much for all the SEO-fuss on https/…).
Enhancing webserver configuration
As said previously this is an experementation server, so as if using FreeBSD wasn’t enough i also used nginx on many services, so there is that i didn’t look over levergage browser cache, compressing stream,.. So there is the job for today.
The starting point is a pretty straightforward configuration, i have setup two server block, one for the http service with a forced 301 redirect over HTTPS url and the second for the HTTPS service. Only peculiarity is the IPv4 private IP that is used, having only one IPv4 address has made me a little “creative” and so i’m using an haproxy redirect service which allow real source IP preservation, even with SSL stream using special protocol:
So we need to add a few rules, for starter leveraging browser cache is usually done by adding a location block matching common static content extensions and adding an expires keyword:
However widespread this is (it even found it’s way in some configuration sample for many web applications) this didn’t feel right compared to the ExpiresByType of apache’s mod_deflate. Also i had to repeat the root stanza which didn’t feel very nice.
Luckily i found another way here Digital Ocean Community: setting up an “expire map” feel much more like what i’m used to, so there i go.
This feel much better !
For this there is not much discussion here, the setup is quite simple so no need to rack our brains. Given the nature of the website (statically generated) i also included an option to detect and serve pre-generated compressed ressources, this will however need some work on jekyll side but i’m getting ahead of myself :
Security Headers: HSTS, X-Frame-Option, …
While being there, adding a few security-related headers couldn’t hurt so there we go:
This helped a bit increasing PageSpeed score but it wasn’t the promised/foretold revolution you could hear here and there.
So, next step is content optimisation !
PS: You can download the NGINX Configuration.