freistilbox Blog

Newer articles « Page 10 of 17 » Older articles

freistilbox SSL security rating bumped to A+

When we announced the Qualys SSL Labs A rating we got for the encryption quality of our Edge Routers in March, we knew that there still was room to improve. Our ops team kept tweaking the SSL configuration and we’re proud to present the result:

SSL Labs now rates our SSL security with A+!

ssl_rating_aplus

Changelog: New stage naming policy

TL;DR: This change affects the naming of your staging instance configuration files on freistilbox.

Staging has been built into freistilbox from the start. Being able to test changes on a staging instance before launching them in production has been an important feature for the majority of our customers, Drupal agencies and WordPress shops alike.

freistilbox makes it convenient to manage separate configuration files for staging environments within the same Git repository. In order for this to work, staging instances need to have a unique name that differentiates them from the “production” instance. So far, we’ve allowed our customers to choose this name freely. There’s “stage” and “staging”, “test” and “testing”, and one customer uses “stfu_stoopid_client” for reasons we don’t know.

A few weeks ago, we were shocked to learn that by giving our customers this freedom, we’re actually causing them what psychologist Barry Schwartz calls “The Paradox of Choice”. In Schwartz’s estimation, choice has made us not freer but more paralysed, not happier but more dissatisfied. Here’s his TED talk on this topic:

It became clear to us quickly that we can’t be a part of this. We’re here to take stress off our hosting customers, not to cause them additional pressure. That’s why we decided to stop forcing you to choose a stage name again and again.

In order to implement this change, we first had to endure the analysis paralysis mentioned in Schwartz’s research ourselves: what name should we choose? Doing a quick statistical analysis to find the most frequently used name in existing freistilbox websites was an obvious option. Instead, we decided to do a multi-week study of how our customers integrate the freistilbox staging process into their daily workflows, and the result will surprise you.

After sifting through a heap of conversation transcripts during a few late-night on-call shifts, we found that the most common conversation among website developers during user acceptance testing went like this:

“Did you make the change we’ve discussed yesterday?”

“Yup, I did.”

“And does it work?”

“Well, yeah, it’s working in theory.”

With these results, defining the new mandatory stage instance name became easy and we’ve already renamed all existing staging instances to “theory”.

Coming soon: freistilbox for single-website hosting

Looking at its pricing, it’s not obvious that freistilbox is an enterprise-class hosting platform; it’s no secret that we’ve made running Drupal and WordPress websites on a multi-server infrastructure affordable. Our customers, web agencies and development shops, are amazed how quickly they reach ROI.

Many of them start with a small cluster setup, for example with a pair of freistilbox S. Combined with the content cache, its 20 PU (Processing Units, basically PHP worker processes) deliver enough processing power for a few small and medium websites, and thanks to the redundancy we build into every hosting component, they enjoy great uptime. Scaling up is easily done by adding or replacing boxes, so the agency has full control over capacity and hosting cost at any time.

But sometimes, this model doesn’t work out as well, and that’s when the customer needs separate hosting for only a single website. There can be several valid reasons to do this:

  • customers that would like to test the waters called freistilbox
  • customers that want us to bill every website individually
  • customers that want the website to run as isolated from others as possible

In these cases, the power of a full freistilbox cluster is just overkill. While freistilbox is the most cost-effective Enterprise Hosting Platform for Drupal and WordPress, there is actually still a gap between conventional hosting and the entry-level freistilbox setup.

It’s about time that we close this gap.

In April, we’re going to launch freistilbox Solo [1], a single-website hosting solution that has the power of freistilbox, only at a much lower price point.


[1] Yes, we’ve stolen the name from the development VM that we’ve published in 2012 and which we’re going to relaunch later this year under a new name.

freistilbox gets excellent rating for SSL security

The risk that unencrypted web communication creates for both website owners and individual website users can be significant. That’s why encrypting traffic via SSL (Secure Socket Layer) and TLS (Transport Layer Security) has become indispensable for both B2C and B2B websites. If you are transmitting sensitive private data over the internet, SSL is an important additional security layer.

But simply enabling SSL in a web server configuration file isn’t enough any more. Over time, the SSL/TLS protocol suite has become more complex and, unfortunately, a popular target. BEAST, Heartbleed, POODLE and now FREAK - these are only the better publicised exploits that threatened encrypted communication on the web over the recent years.

Additional to performance and availability, security is also a key factor that defines the quality of our Managed Hosting Platform. That’s why we’re putting significant effort into continuously optimising the setup of our dedicated SSL offloaders. These machines run at the edge of our infrastructure and take the compute load that decrypting traffic to and encrypting traffic from our customers’ websites creates off your Drupal and WordPress boxes.

The result of our efforts is that Qualys SSL Labs gives freistilbox an excellent A rating:

With the Qualys SSL Server Test, you can see for yourself how well other hosting providers secure their customers’ web traffic:

Acquia: The ELB engineers at Amazon obviously have done their homework.

Pantheon: Solid but room for improvement

WPEngine: Very good with only a tiny flaw

Your customers trust that you take their security seriously, and losing this trust can break your business. That’s why running your Drupal and WordPress websites on our managed hosting platform is the right thing to do. Our engineering team has only one goal: to let you work efficiently and — just as important — sleep peacefully.

No more file permissions hassle

In the past, trouble with asset file permissions caused us a lot of support requests. The emphasis here lies on in the past because we’ve finally sorted that issue out once and for all.We’ve simplified the file permissions on the shared storage system so that all asset files have a single owner regardless of how they’ve been created, be it by the web application itself or by a developer logging in via SSH. This change finally puts an end to file access problems and, we hope, makes asset file maintenance much less annoying.If you have any questions about this change, we’d love to hear from you in the comments!

Newer articles « Page 10 of 17 » Older articles