Hugo: The World’s Fastest CMS now on STORM

Published on October 24th, 2018

Hugo Screenshot

Today we’ve added Hugo to our list of CMS’s available for automatic installation on any new website hosted on STORM.

Hugo bills itself as the most popular open-source static site generators, with amazing speed and flexibility. As one of STORM’s key features is website loading time, it made sense for us to include Hugo for customers looking for a fast alternative to WordPress.

On a brand-new STORM server, we tested a blank install of Hugo against a blank install of WordPress. WordPress loaded in 376 milliseconds, whilst Hugo loaded in 221 milliseconds. Although the difference is marginal, this gap will widen dramatically as WordPress third party plugins and themes are installed.

Hugo is written in Go (Golang) and is technically not a Content Management System (CMS) like WordPress, but a static file generator instead. Typically, most CMS’s, like WordPress, will dynamically load each page each time it’s visited which can take some time depending on the complexity. With Hugo, each page is statically written to the hard disk of the server which is much faster to load than running PHP and database queries.

According to Builtwith, over the past year, there is a huge rise in web sites using the Hugo framework. Due to the performance improvements over other CMS’s. We expect this to increase even further over the next few years.

Free Web Site Encryption that just works

Published on October 15th, 2018

Let's Encrypt

Let’s Encrypt, launched in April 2016, has been a game changer for any digital agency. Let’s Encrypt gives any web site the ability to secure the website traffic on any staging, development or live web site for zero cost within minutes.

However, implementing Let’s Encrypt SSLs is not as easy as using traditional SSLs from providers like GeoTrust, Thawte and Comodo. This is primarily down to Let’s Encrypt SSLs requiring to be renewed every 90 days while traditional SSLs are issued for a minimum of one year.

Although Let’s Encrypt SSLs can be renewed automatically without any manual involvement, there are still 4 more times each year that an SSL can fail to renew more than a traditional SSL.

Secondly, Let’s Encrypt SSLs, due to their zero cost, are seen as throw away SSLs. Therefore, their adoption on development, test or temporary web sites has been much greater. By their very nature these temporary sites see much more changes than traditional web sites.  For example, the primary domain or sub domain might be changed or redirected, the site may have password protection or additional temporary domain aliases may be added or removed during this 90-day period.

These types of changes can cause the authentication to break and therefore let the SSL expire giving web sites visitors an error message.

With STORM we’ve cracked it. During the first 90 days of implementing Let’s Encrypt functionality on STORM, we closely monitored which SSLs don’t renew and why. We’ve then updated STORM to handle these renewals by implementing rules, automatically adding/removing domains and adjusting site configuration so the SSLs renew automatically.

On top of this, we now start the renewal process 60 days from when the SSL was issued. This means we have 30 days to automatically fix any issues before it expires and gives visitors an unpleasant SSL warning.

This means that our Let’s Encrypt feature is just one click. Most importantly it saves both agencies’ time, money and unnecessary administration while offering their client’s peace of mind that their sites are secure.

DNS Now Inside STORM

Published on October 4th, 2018

Until now accessing and editing the DNS entries on your domains has been outside of STORM. This has meant before you could launch your web site on STORM you had to find the login details to a third party web site holding the DNS, edit the entries and then wait for the changes to go live. These steps can add minutes, hours or even days to launching a new web site.

To make this process easier we’ve brought DNS into STORM, speeding up the process to launch new web sites. Once logged in, DNS can be found by clicking on your name on the top right of any page inside STORM. If your STORM login and Nimbus Hosting youraccount use the same email address then your existing DNS with Nimbus Hosting will automatically be linked. If not then raise a ticket and we’ll resolve this for you right away. Once your account is linked you can add new domains, edit existing and use Recent Events to keep an audit trail of any DNS changes.

STORM’s edit DNS function includes a handy tool to automatically setup Google G-Suite and Office365 DNS records. On top of this we’ve included a easy to use wizard for creating an SPF record with minimal hassle.

Sharing your DNS

On top of this we’ve added a new feature where you can share your DNS zones to users of any of your STORM servers. This is particularly useful when you want your entire team to edit and share DNS inside STORM.

Duplicate Web Site

Published on July 20th, 2018

We have launched a new feature called Duplicate which is an extension of the Staging feature that is already available. The existing Staging feature works by copying a web site and database and automatically updating the CMS config file with the new database. However Staging is only available if STORM can detect which CMS you are using, ie WordPress or Magento.

Duplicate works by offering this feature to every other web site that cannot use Staging. Duplicate will copy all of the files into a new web site. If there is a database connected to the web site the configuration will remain the same. During the creation of this site you can enable password protection to prevent anyone from viewing the web site.

This feature is particularly helpful if you would like to create a snapshot of an existing web site for further development without affecting the live site.

Git Deployment

Published on June 27th, 2018

Git Deployment

We know how frustrating and confusing it can be to configure deployment from a Git repository like BitBucket and Github so we’ve spent a considerable amount of time making this feature really easy to use with the least clicks as possible.

We have made it easy to access by adding a Deployment tab under each web site which hook directly into BitBucket and GitHub. You’ll be asked to authorise to one of these providers which gives STORM access to a list of your repositories.

Once you have authorised BitBucket or GitHub you can mirror a repository and branch directly with a web site or folder on your STORM server. Therefore any changes that are made can either be pulled instantly with a single click from inside STORM or automatically deployed if you enable the automatic deployment toggle.

You will find that either of these options are much faster than using FTP and SSH as changes are deployed within seconds rather than waiting for local file transfers to be completed. This process is even faster if you are already using GitHub or BitBucket to store and manage your code.

We expect Git Deployment to be a very popular feature inside STORM but we would love to receive your feedback on how we can further develop this feature.

GDPR Update: Force Two Factor Authentication

Published on May 23rd, 2018

With GDPR very much a hot topic with the go live date on Friday (25th) of this week we have launched a new feature to improve server security. You can now toggle Force Two Factor, which will only allow STORM users with Two Factor enabled to view and manage a STORM server.

You can only enable this feature if you are an Owner of a server and have Two Factor enabled on your own STORM account. Once this feature is enabled users with Two Factor switched off on their account will not be removed from that server but will not be able to access it until they switch on Two Factor. You can enable Two Factor on any STORM account under Profile.

Two Factor is an extra layer of security when logging into STORM. STORM will require you to enter a 6 digit code along side your password. The 6 digit code changes every 60 seconds based on a HMAC based algorithm. You can use any HMAC based algorithm on STORM although we recommend either 1Password or the Google Authenticator available on iPhone or Android. If you regularly use the same computer you can tick for STORM to remember you so you do not have to enter the code each time.

Improved Security with Pwned Passwords

Published on April 12th, 2018

Back in February Pwned Passwords launched an API service for their database of compromised passwords. At Nimbus Hosting, as security is so important, we decided to integrate this into STORM. Each time a password is set, ie when someone new registers to use STORM or changes their password in their profile we automatically check it against the Pwned Password database. Before checking the password with Pwned Password API it’s hashed so your password is never revealed to anyone. On top of this when we save your password into our database we encrypt it so it’s never saved in plain text.

Pwned Password database has a list of over 500 million compromised passwords that have been gathered from a number of worldwide high profile compromises. On their web site they have a number of additional features. You can find out which website leaked your password, search their database for your email address to see if you’ve been caught up in any other data or sign up to their notification service.

Integrating this feature into STORM has pushed our security onto the next level to keep your web site and server secure.

  1. Pages:
  2. 1
  3. 2
  4. 3

Newsletter Signup

Signup to the STORM News for regular updates