Improve website security and performance

[scottnuma]

Problem

• Currently jekyll serve serves the website to the internet. However jekyll serve is intended for local development rather than serving production. This leads to some disadvantages.
  • jekyll has had critical security issues in the past and its multiple uses lead to larger than necessary surface area to secure. jekyll dependencies regularly raise security warnings in GitHub
  • jekyll is not designed for the purpose of serving static files in production --> jekyll serve isn't as efficient as could be

Proposed solution

• utilize jekyll only for building the website and introduce nginx for only serving the website
• isolate the two pieces when serving the website using a multistage docker build
• Familiarize PiE staff with Docker

Possible dev path

• Starting from scratch with an empty Dockerfile, build up to the final thing in 3 parts
• validate its working between each part

Part 0

• Familiarize with some Docker building blocks in parts 1 and 2 of Docker's tutorial

Part 1

• Serve an arbitrary text file (such as the website's readme.md) using the Nginx image
• https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/ explains the steps fairly well, finishing with the "Build Custom NGINX image" section

Part 2

• Setup a multi-stage docker build - relevant article
• Insert / build an arbitrary text file in stage 1 of the docker build
• Copy the text file from stage 1 of the docker build to stage 2, and serve the file via Nginx

Part 3

• In your multi-stage docker build's stage 1, build the website based off of pioneers/website's current Dockerfile
• Copy just the built website to the stage 2
• Serve the built website with Nginx
• relevant example