I caved in and hosted this blog myself. I still recommend Gitlab Pages for hosting static sites, but the restrictions started to annoy me.

Firstly the inability to issue proper HTTP redirects, only slow Javascript code that downloads the page twice. I think the entire web should run on https: (SSL, or TLS if we’re being pedantic) these days. SSL certificates are free, encryption overhead is negligible, there’s basically no excuse. Privacy from listeners on the network is always a concern, but SSL is also a guarantee of integrity. Even a plain, static HTML page could have ads or worse injected into it by a man-in-the-middle (rogue ISP or otherwise), and https: neatly avoids this.

Gitlab to its credit allows SSL access to its hosted pages with its *.gitlab.io wildcard certificate, but a basic request to example.gitlab.io will still attempt http: first. When you control the server as well as the content, you can simply return a 301: Moved Permanently response to requests on port 80, directing them to use https:.

The second reason I moved is to enable comments. Again, this is possible on Gitlab Pages if you inject a third-party comment hosting service like Disqus into your page, but I wanted to keep such services under my control. Disqus can track visitors’ visits across sites, and could potentially replace your entire comment section with an embedded Youtube rickroll if they really wanted. A comment service I control implies I comment service I host - and that won’t run on Gitlab Pages - so between that and the SSL, here we are.

If anyone is curious, this site is now hosted by a dinky little VPS running Debian. In another post I’ll explain how I set things up.

Comments by Disqus