Webserver hacks: Rattle and hum

5 January 2018 | 11 views | Tags: Documentation

There are a few things you can do to improve the performance of your website, which are not strictly Tuskfish related, but since you will probably come across them sooner or later, and they are easy to do, I thought I'd cover them.

Allowing cross-site requests

If you are using externally hosted resources such as Google Fonts or FontAwesome icons in your website, you may come across a "cross-domain policy" problem where they do not load in some circumstances (eg. SSL). You can fix this by modifying the .htaccess file in your web root to allow cross-domain requests:

# Include these lines in your .htaccess file to alow cross-domain requests for fonts
<FilesMatch ".(eot|ttf|otf|woff)">
Header set Access-Control-Allow-Origin "*"

Setting a custom error page

If someone requests something from your site that has been deleted or whatever the server will throw them a 404 error. Quite likely this page is "dingo ugly" unformatted HTML and completely unhelpful.

You can specify a custom error page in cPanel, or you can also specify it by modifying the .htaccess file in your web root as per the example below. Point it at the 404.php, which is a custom error page that ships with Tuskfish. It will display a "sorry" message that is nicely formatted according to the template set you specify, and it includes a search box which is at least a starting point for finding what they were looking for.

# Include this line in your .htaccess file for custom 404 error page:
ErrorDocument 404 https://yoursite.com/404.php

Leveraging browser caching

In addition to server-based caching of images and pages by Tuskfish, browsers can also cache content locally, so that they do not re-download assets they have already seen. 

But you have to tell them which assets should be cached and how long they should store them for. You do this by modifying the .htaccess file in your web root. Which assets should be cached and for how long will depend on your own needs, but as a start I suggest local caching of most images and CSS files is a good start, for perhaps one week:

# Include these lines in your .htaccess file to enable browser caching: 1 week for most static assets
<filesMatch ".(css|jpg|jpeg|png|gif|js|ico|svg)$">
Header set Cache-Control "max-age=604800, public"

Forcing SSL

Enabling SSL on your website (https://) won't stop people accessing it via non encrypted means (http://). You need to force http:// requests to move over to https://. You can do this by yet another .htaccess modification:

# Include these lines in your .htaccess file to force SSL.
RewriteOptions inherit
AddHandler application/x-httpd-php71 .php .php5 .php4 .php3
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?yourdomain\.com
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]

Copyright, all rights reserved.


Tuskfish CMS Developer Guide

This guide will give you an overview of the architecture of Tuskfish CMS, how to write code to perform common operations and how to extend the system to suit yourself. The guide accompanies the Tuskfish API documentation. Keep a copy handy as you read this guide. It is best to review links to the API where provided, as not every detail will be discussed in the text. This is the first version of the guide, so it is still a work in progress.