
Show HN: Scar – Static websites with HTTPS, a global CDN, and custom domains - cloudkj
https://github.com/cloudkj/scar
======
fishtoaster
Looks very similar to my project
[https://github.com/kkuchta/scarr](https://github.com/kkuchta/scarr) from a
while back. It even uses the same acronym (I assume that's just a coincidence,
since we both just picked a cool-sounding english-language word using the
initials from S3, Cloudfront, ACM, and ACM.

At a glance: \- Mine handles domain registration + ACM verification
automatically \- This one wisely uses clioudformation instead of api calls \-
This one does apex->ww redirects, whereas mine uses the apex and has no
redirect

Seems pretty cool!

~~~
cloudkj
Wow, that is a fun coincidence! Indeed, I was going for a catchy four-letter
acronym in the same vein as popular stacks like LAMP or MEAN. Perhaps the fact
that we both landed on the same components and permutation of components means
that there's something there :)

I also started off in the same manner of implementation - bash scripts
wrapping AWS CLI calls - then stumbled upon the more straightforward, template
based approach.

~~~
sova
Ha, so cool that you both ended up in the same end of the Sphinx! =)

------
jaden
GitHub pages [0] gives you static sites with HTTPS and a custom domain without
nearly as much complexity as this if you're looking for an alternative to
Netlify.

[0] [https://pages.github.com/](https://pages.github.com/)

~~~
gtirloni
I feel like Netlify has set the standard in this area now so I'm curious to
learn what's _different_ when I see these projects mentioned here.

~~~
nathankunicki
I had honestly never heard of Netlify. I thought GitHub Pages was the
standard, with S3 static hosting a second (more involved) option.

EDIT: Googling suggests Netlify offers a build, deploy, hosting pipeline all-
in-one box. Which is substantially more than any of the projects mentioned
here. These serve a single purpose - simple hosting of static websites.

~~~
xondono
Also, github pages require a public repository (or a pro account), Netlify +
github doesn’t

~~~
sharcerer
that's a bummer. I thought now that we have private free repos, websites could
be hosted there. Still nice feature. I guess, the public nature definitely
generates some trust and also is a good way of showing your work as Github
works like a project showcase platform too.

------
NateEag
Am I the only one who still hosts my own static sites on a plain old virtual
machine?

It's pretty simple to configure nginx for static sites, and by doing it
yourself you reduce vendor lockin to just about nil.

Even if S3 is massively cheaper, $5/month for a tiny VM seems like a small
price to pay for being vendor-abstract.

I suppose S3 is way less likely to suffer a meaningful outage than my little
VM, but how many 9s do my personal websites actually need?

~~~
clintonb
Maintenance is my primary concern. I deal with software for a living. I want
my blog to just work without me having to worry about maintaining the VM.
Netlify makes this dead simple.

I used to host Wordpress sites for myself and family members. I've now moved
nearly all of those sites to Netlify (for hosting) and Forestry (for
editing/CMS). I no longer have to worry about malicious hacking attempts,
Wordpress updates, or anything else outside of the site content.

Here is my post on this transition for those interested:
[https://dev.clintonblackburn.com/2019/03/31/wordpress-to-
jek...](https://dev.clintonblackburn.com/2019/03/31/wordpress-to-jekyll/).

~~~
ehonda
apt-get install nginx goaccess

cd website

cp * /var/www/html

Yearly maintenance required: apt-get update, apt-get upgrade

View traffic stats: goaccess -f /var/log/nginx/access.log

I'd say its just as easy and seamless to do it yourself on a cheap VPS for a
static website. HTTPS isn't that much extra work either.

~~~
mises
Maybe I'm just a security nut, but I would probably also relegate ssh to a
non-default port, allow key-only authentication, narrow ciphers, close all
other ports (except 80, 443, and 53). Also fail2ban, sysctl tweaks
(networking, disable coredumps), and a whole bunch of other things I have in a
script.

I've seen way too many people get their boxes trashed to leave an internet-
accessible one exposed and unsecured.

~~~
KingFelix
What are your thoughts on sharing your script? I have a few VPS and would love
some new tools / proper setup. I have been learning as I go, learned a few day
1 things not to do, but would like to learn more about networking/coredumps.
Cheers!

~~~
mises
I'd have to clean it up first. I wrote it for a competition, and it does its
job well; I may clean it up and improve it soon. Right now, it's a mess of a
monolithic script.

~~~
KingFelix
Excellent, well if you get around it to I would love to scope it out.
Autodidact after being fedup with shared servers like,
GoDaddy/HostGator/Inmotion, they were easy to use since I had no idea what I
was doing, I moved to Digital Ocean and its been a fun learning experience. I
love using command line and solving problems. Would love to be as tight on
security as you are! Cheers

------
gvand
Nice project.

As an aside, I genuinely wonder under which circumstances a CDN will be useful
for a static website nowadays. I have a static website that has been on the HN
homepage a few times and got picked up by the Chrome mobile recommendations
and a nginx/https with slightly tweaked configuration never had a problem
handling the traffic even on the smallest DO droplet.

Edit: Thanks for these replies.

~~~
zachruss92
What I like about static sites is that you can serve the site in its entirety
from a CDN. So you can literally just CNAME www.yoursite.com to
yoursite.gitlab.io (or w/e static site host you use). This dramatically cuts
down on latency worldwide. It also removes your web server as a single point
of failure for short-term outages.

~~~
dvfjsdhgfv
> you can literally just CNAME www.yoursite.com to yoursite.gitlab.io

After so many years I still can't really understand how easily people hand
over almost complete control over their site to someone else, just because
everyone else does. It's like handing over your e-mail account passwords when
LinkedIn started. Yes, CloudFlare, Google and others are helping you, but
there is a price to pay that might not be immediately visible.

~~~
acdha
It seems pretty different from a password because you're not giving control of
your domain: if they broke their contract, you could take it back at any time.

That's the other odd part about this complaint: you're trusting a company like
GitLab not to break their terms of service, which is a potential factor to
consider but also one where they'd have severe negative outcomes to their
business if they went rogue. Since you're already trusting a number of other
parties, why is this one so much scarier?

~~~
nybble41
> It seems pretty different from a password because you're not giving control
> of your domain: if they broke their contract, you could take it back at any
> time.

You _are_ giving them everything they'd need to obtain a DV certificate for
your domain, though. You can stop them from using it at any time just by
changing the DNS records, but you'd need to wait at least two years (825 days
for maximum TLS certificate duration) before you could be certain any
certificates they had been issued before that point had expired.

------
rsweeney21
We use a combination of Netlify + Webflow + Hugo for our website
(www.facetdev.com). With that we get a global CDN and our website will never
go down.

Netlify has been awesome and it made it stupid easy to combine our www site on
Webflow with a hugo static blog in a subfolder (/blog). This might be my
favorite web publishing workflow ever.

If you haven't tried Netlify yet, definitely give it a look.

~~~
triangleman
Does the webflow save to a git repo?

~~~
rsweeney21
Yes. It also provides a really nice UI for building our www site which we like
to rev frequently. Webflow is the bomb if you are familiar with HTML and CSS.
Super clean HTML, total control over all the css attributes, drag and drop
builder.

~~~
donmcronald
Is it a completely hosted service? It looks cool, but I'd be reluctant to use
it if it's a subscription to an online tool where I have to pay forever. Is
there a standalone version of that editor?

~~~
rsweeney21
It is hosted, but you can use it free forever if you have Netlify in front of
it and use your free sitename.webflow.io URL as your origin server. You can
also export your site as static html if you want.

------
singingwolfboy
I wrote a tutorial for how to do all this setup manually, if you prefer:
[https://www.davidbaumgold.com/tutorials/host-static-site-
aws...](https://www.davidbaumgold.com/tutorials/host-static-site-
aws-s3-cloudfront/)

Sometimes it’s nice to understand how all the pieces fit together, instead of
using an automated system!

------
djsumdog
How much does this cost? I put in some more effort to setup my HAProxy and
nginx containers on a Vultr node, but I get LetsEncrypt for free, so I'm just
paying for a Vultr node (or DO droplet) and the price of the domain name:

[https://github.com/sumdog/bee2](https://github.com/sumdog/bee2)

~~~
1023bytes
My estimate is about $1.5 a month, so definitely less than a full VPS, but it
depends on the traffic and how much data you store.

------
whalesalad
I have a two-line Makefile that with one target that sync's my website with an
S3 bucket. Deploys are instant. The rest is handled by Cloudflare an AWS. The
sheer number of moving parts in this system is outrageous for a static
website. A fun project for sure, though.

~~~
cloudkj
I think the complexity for this setup is about the same. Once the different
AWS services are provisioned during the initial setup, subsequent deploys are
quite straightforward. For example, I have a three-line Makefile target for
Jekyll sites that looks something like this (using Docker with a local `aws-
cli` image wrapping the CLI):

    
    
        docker run --rm -e "JEKYLL_ENV=production" -v $(PWD)/src:/srv/jekyll -it jekyll/jekyll:3.8.5 jekyll build
        docker run --rm -itv $(HOME)/.aws:/root/.aws aws-cli aws s3 sync src/_site s3://www.<mydomain>
        docker run --rm -itv $(HOME)/.aws:/root/.aws aws-cli aws cloudfront create-invalidation --distribution-id <mydistribution> --paths "/*"

------
kaiku
Bundling service config and launch makes the whole process easier, for sure.
There's also more than one way to configure this depending on what your needs
are, so it'd be cool to have a few different versions of SCAR.

I started with a setup similar to your diagram and tweaked it when I realized
S3 didn't serve index.html when the URL was just the parent "directory", i.e.
example.com/foo/ doesn't resolve to s3://example.com/foo/index.html. To get
this working I had to write a bit of JS in a Lambda function and deploy it at
the edge of my CloudFront distribution to do some URL rewriting.

Given that's the behavior most people expect, might be worth considering?

~~~
IanCal
I think that behaviour should be handled with index documents in S3, without
the need for lambda:
[https://docs.aws.amazon.com/AmazonS3/latest/dev/IndexDocumen...](https://docs.aws.amazon.com/AmazonS3/latest/dev/IndexDocumentSupport.html)

~~~
FelipeCortez
I've always used it this way and it works fine indeed.

------
huphtur
Recently moved some static sites from S3 to AWS Amplify Console. Super easy
setup and even easier maintenance with the Git-based workflow:
[https://aws.amazon.com/amplify/console/](https://aws.amazon.com/amplify/console/)

------
SadWebDeveloper
Anyone have an a average monthly fee for using these as hosting solution? last
time i ran the numbers using all that services go from 5 to 10 USD per month
and was better to use amazon lightsail (3.5 per month) or other cheaper
alternatives at lowendbox

------
iBelieve
For anyone looking for a hosted solution,
[https://surge.sh/](https://surge.sh/) is super nice and simple without any of
the complexity of managing the stack yourself. Deploying uses one simple
command, and you get hosting and custom domains for free, though I believe SSL
is paid for custom domains. (I'm not affiliated with Surge at all, just a
happy user.)

~~~
cloudkj
I was actually wondering that myself: Is there interest in a hosted service?
It'd be quite similar to (as many comments have suggested) Netlify and the one
you linked to.

I was mostly going for a DIY solution since I wanted to "own" the bits being
deployed while remaining as close to the infrastructure as possible. Providing
a hosted service somewhat moves away from the DIY spirit; I suppose additional
tools/UIs could be offered to simplify setup and deployment and still run
everything directly on AWS, but at that point one might be inclined to just
move to one of the other hosted solutions for the simplicity.

------
jareware
Same feature set - plus a few extras like Basic Auth support, custom headers,
preventing direct access to the underlying S3 bucket - implemented as a
reusable Terraform module: [https://github.com/futurice/terraform-
utils/tree/master/aws_...](https://github.com/futurice/terraform-
utils/tree/master/aws_static_site)

------
tamalsaha001
How is this any different from Firebase hosting? We have been using it for a
while with no problem. Also comes with a very generous free tier.

------
timClicks
Sorry to nitpick, but "Copyright © 2019" isn't a "license". It's not even a
full copyright declaration without listing an owner.

~~~
tide_ad
Sorry to nitpick, but copyright declarations are a thing of the past in many
nations with copyright protections automatically conveyed upon creation,
registration only necessary within a short time after infringement was
detected, with registration serving to only maximize the monetary sanction the
government will levy on your behalf.

and regarding license, they have the MIT license added to the repository

~~~
timClicks
That's fine, but this is purporting to be a copyright declaration. I know
they're unnecessary, but if you are got to add one, you should do it properly.

~~~
tide_ad
It is inconsequential

------
morenoh149
great job! I wish more projects have 1-click deploy to Heroku, aws, gcp or
azure. This is a good habit more people should get into.

Running this project on aws can give a cloud beginner an interesting way to
expose them to many concepts. Now I just have to figure out what static
website I want to run in this!

Please do the same for running your own scalable wordpress install!

~~~
donmcronald
The technology is awesome, but I won't use Cloudformation, Azure Resource
Manager templates, etc. until AWS, Azure, etc. support spending limits.
Getting into the habit of clicking "Deploy Stack" when you're credit card is
attached to an account that allows unlimited spending seems risky to me.

------
t0astbread
What benefit does this have over Netlify?

~~~
triangleman
You can put AWS Engineer on your resume.

~~~
vidyesh
Gives you substance to attend AWS Global summits.

------
anvarik
you lost me at GoDaddy

------
blairanderson
TL;DR this is an AWS stack with _10 AWS services_ required to build/deploy a
static site with HTTPS/CDN

I will be staying with netlify

~~~
d-sc
I just built my first static page since middle school this last weekend using
netlify and a static site generator [Publii]. I was amazed at how simple and
fast netlify is.

I’m confident I could figure out how how to do something much more
complicated. But I want to focus on other things and it’s nice to not have to
think about it.

------
pier25
Off topic, but what did you use to draw the flow diagram?

~~~
cloudkj
The AWS CloudFormation console has a "Designer" tool that allows drag-and-drop
creation of template files, and also visualizes existing JSON or YAML template
files with these diagrams.

~~~
pier25
Thanks!

------
bsingh4
You've only taken care of the surface-level complexity with AWS. Want to do
something more like add a header to the response? Well then, create a lambda,
deploy it to the edge, and pay per page view. This is something Firebase is
much more elegant at - the initial deploy, and then evolution and addition of
features geared to static site deployment.

------
myresume
Try out [https://freepage.io](https://freepage.io) is much easier to use than
github pages. You don't even have to create an account, verify email and all
that nonsense to use it. And it has social media built in to get your page out
there in to the world.

------
js2
The lambda stuff is there just to upload the welcome.html?

Also, maybe consider configuring a logs bucket for the cloudfront logs?

------
paulgb
This is cool, I'm glad somebody built this! I love netlify but I worry about
vendor lock-in.

~~~
reificator
I'm usually paranoid about vendor lock in, but I can't join you on this one.

Netlify assumes a version control repository that you can pull from, run a
build step, and then host static files from. The build tools are open source,
the output is static and trivial to download and rehost, and the repository is
git meaning one clone is all you need to port to any other service.

Where exactly is the vendor lock in?

~~~
paulgb
It's not so much my code that is locked in, as that netlify has spoiled me by
making deployment so streamlined that it would be hard to go back to manual
deployment. This gives me another option, which I appreciate. That's all I
meant.

~~~
reificator
Netlify makes things _easier_ , but S3 + Cloudfront + Route53 (Or insert
favorite cloud vendor here) for a static site is not that far behind.

------
srathi
How much should this cost per month in AWS billing for a small static website?

~~~
jboynyc
Of course that depends on what kinds of assets you serve and how many hits you
get, but to provide a ballpark, I had a small personal site with few media
assets on S3, and it consistently cost me US$0.12 per month. I think once it
cost me 14 cents and I thought, "Wow, I must've been popular last month!"

I didn't run analytics so I can't say how many hits it got, but traffic was
probably fairly average for a personal site.

------
shapiro92
This is highly complex for no reason. GitHubPages, Netify provide you with
easy to use custom static page hosting.

Your abstraction is nice, but the learning curve for someone is incredibly
high for such a setup.

------
vijaybritto
This seems like a nightmare to setup and maintain for a new comer. Netlify
lets us setup things in a whiff. This is a nice project but not for anyone
below intermediate.

------
dlhavema
Yeah, super cool! Thanks, this was the only part I was unclear about in
connecting the domain to the bucket easily..

------
adontz
I did the same on azure a few days ago and it was much much easier.

------
faheel
Just use Netlify.

~~~
mluggy
Netlify requires your entire domain moved over for custom hostname/ssl. a deal
breaker for most.

~~~
bobfunk
mmm, no? You can just CNAME a any subdomain, etc?

~~~
mluggy
with ssl? really? I'd love to see an example

------
ryanisnan
Other than the notion that all traffic should be served over HTTPs, if you
have purely static site, why the big fuss?

~~~
thethirdone
Without HTTPs links could be replaced and executable file downloads could be
replaced with malware.

~~~
ryanisnan
Right, I wasn't thinking about mitm concerns.

------
tempsolution
Ha I just did the exact same thing yesterday evening... Funny how stuff like
this hits place one in HackerNews these days.

------
romanovcode
How to host static website with HTTPS, a global CDN and custom domains for
free:

1\. Setup public repo with Hugo project

2\. Add Travis CI integration with GH Pages

3\. Use CloudFlare for free SSL + other goodies

Why would anyone need this?

~~~
whereareyouwow
Totally agree! Only thing is GH pages might limit your size at some point...
Wish they would introduce a per GB pricing and allow you to scale. That would
make it a permanent solution.

