I caved in and hosted this blog myself. I still recommend Gitlab Pages for hosting static sites, but the restrictions started to annoy me.
Firstly the inability to issue proper HTTP redirects,
web should run on
https: (SSL, or TLS if we’re being pedantic) these days. SSL certificates are free, encryption
overhead is negligible, there’s basically no excuse. Privacy from listeners on
the network is always a concern, but SSL is also a guarantee of integrity. Even
a plain, static HTML page could have ads or worse injected into it by a
man-in-the-middle (rogue ISP or otherwise), and
https: neatly avoids this.
Gitlab to its credit allows SSL access to its hosted pages with its
*.gitlab.io wildcard certificate, but a basic request to
example.gitlab.io will still attempt
http: first. When you control the server as well as the content, you can
simply return a
301: Moved Permanently response to requests on port 80,
directing them to use
The second reason I moved is to enable comments. Again, this is possible on Gitlab Pages if you inject a third-party comment hosting service like Disqus into your page, but I wanted to keep such services under my control. Disqus can track visitors’ visits across sites, and could potentially replace your entire comment section with an embedded Youtube rickroll if they really wanted. A comment service I control implies I comment service I host - and that won’t run on Gitlab Pages - so between that and the SSL, here we are.
If anyone is curious, this site is now hosted by a dinky little VPS running Debian. In another post I’ll explain how I set things up.