Just Another Geek

I am blogging about Information Security since 2003

22 Jan 2020

hugo't to know how this blog is setup!

This blog has been powered by a few engines since its beginning (17 years ago!), it was first powered by a PHP engine called Dotclear.

Nobody likes operating a PHP website but at that time, a French ISP, Free, was offering free PHP hosting so I did not had to care about its security or anything.

Of course, I changed my mind when I had to move to a self-hosted solution, this quickly led me to a static website generated by Octopress (RIP) then Jekyll. I won’t go into all the pros and cons of static websites, Dane already wrote about it on his blog: Deploying a Static Website via Azure, read it!

Paradoxically, I agree with Tobias' blog post that static website generator do not scale, mainly because maintaining the build and deploy stack is always a pain in the long term and source of discrepancies.

But this time is different, I think I can mitigate this risk by having strong CI/CD processes in place: if my work is limited to ① fill a Markdown file, ② git commit and then ③ git push, I think I can commit to it (time will tell!).

Of course, let’s be honest, it was also an excuse to invest time in terraform and AWS.

The big picture

So now, I am using:

  • hugo engine to transform the Markdown into a website
  • AWS for the hosting (Cloudfront, S3, HTTPs certificate, DNS)
  • A private repository on Github.com, thank you Nat Friedman!
  • Github Actions for the CI/CD part
  • Terraform to manage the infrastructure

Github Actions

Github Actions is really awesome, I have never seen a CI/CD system that fast! Its configuration is easy, well documented and very well integrated. I love it.

When there is a push on the master branch, it builds the HTML pages and uploads them to AWS S3:

It takes approximately 50 seconds between the git push and its rendering on the website.


Initially, I was not using terraform, doing click click everywhere in the AWS console. But when a friend reported an issue, I became mad debugging CloudFront, S3 Bucket Policy, IAM, and Lambda@Edge. I toggled on and off each feature while investigating. When I understood that there was no issue in fact (I shared a bad link in the first place), I already had tweaked so much settings that I was no longer confident that I had not break something else. So it was time to use terraform to have something reproducible and clean.

My configuration is va

I am very happy with this setup: I don’t feel any “friction” when I want to post something and it gives me confidence in the future: I am not worried about “what if $something happens and I have to do it all over again”.

Try it!