
Building sites with middleman - combray
http://willschenk.com/building-sites-with-middleman/
======
bobfunk
Middleman is awesome and very proven in the field. There's a lot of cool sites
out there made with it.

At Netlify ([https://www.netlify.com](https://www.netlify.com)) we're building
a static hosting service with integrated build automation that's perfect for
projects built with static site generators.

With the right tooling this approach to building websites can be so much more
efficient than traditional dynamic sites, and it solves all the issues around
security, performance and scaling costs that plagues WordPress and Drupal
sites.

~~~
thrush
How is Netlify better than Github Pages?

~~~
bobfunk
Github pages can only run builds of plain jekyll sites with no plugins.
Netlify will work for pretty much any static site generator (right now we
support ruby, node and python).

You can also trigger new builds without pushing to Git (essential for pages
like [https://www.staticgen.com](https://www.staticgen.com) that grabs data
from somewhere else than the Github repo).

Apart from that there's hosting features like:

SSL for custom domains

Redirects

Rewrite rules

Fine grained header control

Lossless image compression

Automatically moves asset to content addressable URLs on a cookie-less domain
with far-future expires headers

There's a few more things in the works as well.

~~~
thrush
Great! Exactly the information I was looking for :)

------
danso
I second the thumbs-up to Middleman...to me, it hits the right sweet spot
between hack-it-yourself-static-site and building out a Sinatra/Padrino/Rails,
or even a WordPress site.

Having Sass and templating work right out of the box is, for many of my
projects, just about all I need. Then I add a plugin to deploy to S3 and I'm
good to go. But one of Middleman's best features is the ability to supply JSON
(or YAML) files and automatically generate routes and pages from the data. I
find it to be a nice way to prototype data-heavy sites that may end up
requiring a full-blown Rails setup.

If all you're doing is blogging, then Jekyll might be all you need (especially
since it, I think, had native Sass support in its latest version)...but for
anything more complicated, or even simpler (i.e. a few static pages and not a
blog), Middleman hits that niche very sweetly. I came across it when reading
an article by a front-end shop about how they use it as a sort-of backend to
their client-side-heavy apps...I haven't used it for that purpose yet, but,
given how easy it is to setup the build process via Sprockets, I have no doubt
it could serve as a decent static backbone for such an app.

Vox Media uses Middleman for most of their features:
[http://product.voxmedia.com/2014/7/29/5863004/take-a-peek-
at...](http://product.voxmedia.com/2014/7/29/5863004/take-a-peek-at-the-code-
that-powered-the-verge-50)

------
selmnoo

        Many sites don't really require all that for them to run, 
        and it's crazy to me that something as read heavy as a 
        blog often can't perform well under load given that it's 
        just serving up the same old stuff over and over again. 
        You want to have some tooling to make it easier, but it 
        doesn't need to be run time tooling.
    

Woah, that makes a tremendous amount of sense, I'm really surprised this kind
of thing wasn't developed and caught on big earlier. No more worrying about
security upgrades, no more worrying about overusing limited computing
resources, no more worrying about giving things like Wordpress to people who
don't understand the vast security implications, etc. etc.

~~~
waffl
I am curious about this seemingly common perception that Wordpress is an
insecure product. Is Wordpress, when configured correctly, far less secure
than other platforms? (My main thinking is that it is an obvious target due to
its incredible marketshare)

A client I had was recently terrified of using Wordpress because an 'SEO
expert' had filled her head with conjecture about the insecurity of Wordpress
compared to Drupal, referring anecdotally to the White House website using
Drupal as some sort of indicator that Drupal is infinitely more secure.

However, looking at CVE data, I don't find massive discrepancies, in fact
Drupal had more listed vulnerabilities (almost double) than Wordpress in 2014.
Compare the CVE statistics for Drupal
[http://www.cvedetails.com/vendor/1367/Drupal.html](http://www.cvedetails.com/vendor/1367/Drupal.html)
vs. Wordpress
[http://www.cvedetails.com/vendor/2337/Wordpress.html](http://www.cvedetails.com/vendor/2337/Wordpress.html)

I'm just curious if you believe there are inherent risks in Wordpress, or if
you meant specifically Wordpress in the wrong hands and with the wrong
plugins/extensions etc.

~~~
selmnoo
> I'm just curious if you believe there are inherent risks in Wordpress, or if
> you meant specifically Wordpress in the wrong hands and with the wrong
> plugins/extensions etc.

Well, in the context of submission link -- serving straight up static HTML
content, you have essentially zero risk of security vulnerabilities. I meant
to contrast this in a general sense with Wordpress, so I moreso did mean to
imply Wordpress is insecure for _both_ its inherent risks (fewer or greater
than Drupal) and risks that come with plugins (which a significant amount of
Wordpress users _do_ end up getting).

------
ryanSrich
I love middleman. I'm using it (via a modified version of Slate docs [1]) for
all of our documentation at Catalyze [2].

1.) [https://github.com/tripit/slate](https://github.com/tripit/slate) 2.)
[https://policy.catalyze.io/](https://policy.catalyze.io/)

------
drinchev
Sounds very good. But I would like more info on :

    
    
      > but I personally have had poor luck getting Grunt to work reliably in practice.

~~~
combray
Ruby is really good at writing DSLs, Javascript sucks at it.

I'll happily admin that this is user error, but I always have trouble editing
Gruntfiles when I start to bring in other packages. Adding an additional task
to a Gruntfile is way harder in than Rake, or make, or even Ant for that
matter, mainly because you are dealing with hand editing a huge JSON blob.

Tweaking the file to add a different path in or whatever is fine, but there
are many times where I wanted to to copy and paste something in to make it
work, and I spent as much time fiddling with the format of the js file as I
did solving my problem.

A lot of people love grunt, but I'm not one of them.

~~~
drinchev
Thanks for your reply. I've been working with maven and make so far. I'm not
used to do much stuff in Ruby, so that's why I don't consider Rake files for a
big benefit of my working process.

Anyway I consider your points valid, although I also think you can remove a
lot of the boilerplate ( Copy-Paste code ) by introducing some variables to
your Grunt build.

I personally use Assemble [1] and I find it pretty decent for generating
static content websites.

Good to know there's a good alternative in the ruby world.

1:
[https://github.com/assemble/assemble](https://github.com/assemble/assemble)

