Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Is Jekyll on GitHub a good solution for hosting a website?
11 points by devShark on Feb 23, 2022 | hide | past | favorite | 16 comments
I need to build a simple website to share a project that I have, that evolves around advocating for some social change, and involves open source code.

My initial thought was to use a simple website builder like Wix or squarespace, and include a forum plugin to try and create a community.

The main reason I thought about this instead of wordpress is because I do not want the hassle of having to update the code every now and then. These website builders are very secure, as far as I know.

However, I stumbled upon the option of hosting a static website on github pages, using jekyll, and using github discussions as a forum.

Can anyone opine on whether that's a good idea? Specifically, can I be very confident that there is no security flaw, and that I have no requirement to update my code, as long as it's hosted on github pages?

Any advice and comment welcome, thanks!




I have found Jekyll on GitHub to be a pretty good solution overall. I put this Makefile in the git repo to make my workflow simple:

https://gist.github.com/jasone/b0208286b44208b705156fdf046ca...

The one issue I'm frustrated with is that syntax highlighting for code blocks depends on GitHub's blessing:

https://github.com/github/linguist/issues/2598

For example, this page from my blog highlights OCaml code, but not the language I'm developing (Hemlock):

https://branchtaken.com/blog/2021/11/15/string-formatting-in...

Given the low likelihood of Hemlock sweeping the software world before this becomes a critical presentation issue, I'm probably going to switch my publication workflow to pre-generate html.


I've used Jekyll on GitHub for several simple landing pages over the years. My experience has been great. The pages are always up, have SSL, load quickly, and don't really require maintenance.


For hassle free website/pages, I've been really liking https://gohugo.io cause there aren't dependencies or complex setups/installs. The template system had a bit of a learning curve.

Netlify and Cloudflare also have free hosting tiers you can deploy with.

https://www.netlify.com https://www.cloudflare.com


I used Hugo+Git+Netlify and it worked well, however its a pain to create a custom template that I love - I'm in the process of switching to Wordpress+Elementor, just because I'm taking a more visual approach to building now and am a bit lazy with trying to manage my own design system and all that...

That being said, there's nothing wrong with Hugo or other static site generators, and they are crazy fast and mostly hands-off once you got what you need.


Yes, it is. It's also the fastest and best available free website offering.

Just Jekyll could be replaced by Hugo, if you care enough. This has much more features.


Yes, I use Jekyll as gh-pages -- to host the website for my OSS project on github. It fits this purpose perfectly.


for your purpose, github pages/wiki + repo issues along with your code, that will be pretty good, maybe get a domain name for it... would not bother to use another site...


Ok, thanks. I will get a domain name for it, yes.


yes that's a good solution, a lot of people do it.


Ok, thanks. And it should be very secure, even if I never update it, right? Github pages automatically updates gems for you?


It’s a static page, what kind of securities are you worried about ?


Well, I am under the impression that even a static page can have security flow, because of this article : https://medium.com/cyberdefendersprogram/making-your-jekyll-...

I think it might not concern a website hosted on github pages, but I wanted to confirm that with people more knowledgeable than me on the matter.


You can as well build the site locally (e.g., on your computer) first and commit the .html files in your page repo. GitHub pages will then serve your .html files directly without having to build your site using Jekyll. This is what I used to do when hosting my site on github pages:

- locally install jekyll

- write my .md files

- run jekyll locally to see how my site looks like

- commit .md and .html files

- let github pages know what you are pushing the static files yourself


In such a case it is a good idea to add a .nojekyll file to keep Jekyll from still trying to build your site when you prebuild it.

Also, if you are locally generating the HTML files, you can use other SSG tools beyond Jekyll (if for instance you want to avoid Ruby on Windows).


I don't think so- I think it makes a pull request with updated gems that you have to approve.


My understanding is that:

- The version of Jekyll that builds your site at deployment time (say at CI integration) is managed by Github including security updates

- If you install Jekyll into the repo (which you don't need to) for local testing you will add a bundler bundle file

- If you have a bundler bundle file in a public repo you will get automated Dependabot pull requests to suggest to update the file as security notices happen

- These updates affect your development environment version as specified in the repo, not the version managed in the build process

Up until recently the whole process was somewhat opaque, but it looks like the "Jekyll build process" is slowly migrating into Github Actions (with everything else) and there's a lot more visibility into its workflow than ever before. In a recent repository it seemed even more clearer than before that the Jekyll version in the "Github Action workflow" was Github-managed wasn't directly the Jekyll version specified in the code repository.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: