Improve hoster performance

[nipafx]

The website performance isn't ideal and PageSpeed Insights suggests that one aspect is initial server response time:

Looks like Netlify plays a role here, so I should investigate whether I can improve configuration or switch hoster.

DNS configuration

The current A record configuration bypasses Netlify's CDN. Look into CNAME flattening, ANAME records, or ALIAS records at Alfahosting or transfer the domain to Netlify to use its DNS.

Other Hoster/CDN

Check out Cloudflare (on CNAME flattening; on naked domains).

[nipafx]

This is corroborated by @Bukama's test - time to first byte seems too long.

[nipafx]

I searched for Alfahosting support of CNAME flattening, ANAME records, or ALIAS records, but found nothing, so I opened a support request.

[nipafx]

To gauge the effect of such a change I used generated Lighthouse reports for https://nipafx.dev/ (which bypasses CDN because of the A record) and https://nipafx-site.netlify.app/ (Netlify's internal version of the site behind CDN) and the results are promising:

• on mobile ~70 vs ~80
• desktop ~70 vs ~90

In both cases, first/largest contentful paint and speed index improved considerably, usually x2 to x3.

[nipafx]

Alfahosting told me to just create a CNAME for the apex domain (not in those words) and it seems to have worked:

$ nslookup nipafx.dev cns1.alfahosting.info
> Server:         cns1.alfahosting.info
> Address:        2a01:64c0:0:5000::8#53
> 
> nipafx.dev      canonical name = nipafx-site.netlify.app.
> ** server can't find nipafx-site.netlify.app: REFUSED

$ nslookup nipafx.dev
> Server:         192.168.0.1
> Address:        192.168.0.1#53
> 
> Non-authoritative answer:
> nipafx.dev      canonical name = nipafx-site.netlify.app.
> Name:   nipafx-site.netlify.app
> Address: 165.22.65.139
> Name:   nipafx-site.netlify.app
> Address: 167.99.129.42
> Name:   nipafx-site.netlify.app
> Address: 2a03:b0c0:3:d0::d19:7001
> Name:   nipafx-site.netlify.app
> Address: 2a03:b0c0:3:e0::27e:2001

Fresh Lighthouse results against nipafx.dev are promising as well.

Mobile:

Desktop:

[nipafx]

I'll let this sit for a while and wait for some impressions before closing the issue.

[nipafx]

Turns out, redirecting apex domains via CNAME is not without its side effects. I no longer receive emails, so I reverted to A record for now. 😊

[nipafx]

The saga continues... Alfahosting has no ALIAS records, CNAME flattening, etc, so that's out the window.

Next option: Delegating DNS to Netlify, which Alfahosting does support, but then they can't validate Let's Encrypt certificates any more and so my services that remain with them (e.g. mailing list and analytics) can't be HTTPS.

Looking into alternatives now.

[nipafx]

I'd need to get a paid Sectigo certificate, but because Highlander rule applies to certificate authorities per contract, I would have to include all old domains or the https-links out in the wild stop working (e.g. chat.codefx.org and courses.codefx.org). That sucks.

I'm considering getting a new contract just for nipafx.dev, moving phpList and Matomo there (😭), and then using Let's Encrypt for the old and hobby stuff and Sectigo for nipafx.dev (support confirms that this would work).

[nipafx]

Alternatives:

• upgrade to an account with SSH access and use CertBot for Let's Encrypt
• check whether other CDNs can be configured with Alfahosting (e.g. Fastly

[nipafx]

I was getting tired of this and so I took the path that I knew would work - I added a new contract to Alfahosting:

• moved everything non-nipafx to it
  • that includes CodeFX, but by now that's just two .htaccess files with forwards
  • I took the opportunity to remove #codefx-catch-all from the URL (see #95)
  • this also meant I could leave Matomo and phpList where they were
  • after creating backups, I removed the database for CodeFX/WordPress
• activated Let's Encrypt on these domains
• verified that tracking, mailing list and all forwards work

On the old account, I deactivated Let's Encrypt renewal, but failed at creating a Sectigo certificate - I assume it's because the other certificate runs until end of February. I'm also slightly worried about the email verification for the certificate because that may require an admin@$SUBDOMAIN.nipafx.dev address and I'm not sure how I can access that once DNS moved to Netlify.

I've just asked about those two things and once they're resolved, I can move DNS to Netlify. Oh, in the meantime I already copied all my DNS records over there (verified with dig), so all that remains is really just Alfahosting configuring Netlify's nameservers.

[nipafx]

Alfahosting offers two ways to order certificates and it turns out, I was using the wrong one - that's why it didn't work. Used the other one now (for external domains), the certificate was issued and installed, and nameserver switched to Netlify.

The saga ends.