My first Statamic blog
Embarking on a new journey with Statamic, I share my first impressions, the smooth installation, the unexpected hurdles, and the things that won me over. Join me as I setup the foundation of my security blog and host it for free on cloudflare!
Start your engines
Installing statamic was a breeze, I installed the global composer package and started the install process.
# Composer Install
composer global require statamic/cli
# Command to spin up a project
statamic new OswinSecurity
First up, it asks about a starter kit, to which I naturally say yes. After a quick search, I landed on Starter's Creek. It seemed simple and a little quirky, which is just my style.
Next up, it asks about installing add-ons, and I immediately chose the static site generator. I figure a security focused blog should probably be static html and free to host, which I should be able to do with GitHub Pages and Cloudflare. After that, it was just a few basic questions and we were good to go!
First Impressions
Logging in was next and immediately I notice something not quite right in the main menu.
The duplicate IDs menu item looked wrong, clearly an icon is missing and the alt text was overlaying other text making it hard to read.
Okay, okay, one bug so far, thats not too bad but still not the best first impression.
Next up it's time to write a blog, so I think of a cool title, I look up some banner images and go to upload it.
Whoops, "This field is required", pops up after uploading a file.
What field you ask? Well lets open the developer tools, go to the network tab and look for an error. There is a 422 error on the assets endpoint, with the following response:
```json
{
"message": "The given data was invalid.",
"errors": {
"folder": [
"This field is required."
]
}
}
```
It appears that a folder is required? Odd because I wasn’t prompted to select one, nor was there an option available.
Feeling a bit frustrated, I decided to try uploading the image directly to the main folder within Assets. That's done it, I can select the banner image in the blog and actually get started writing.
As I was typing, I realized things weren’t quite right, the field seems to lack any functions. Looking around I realise I'm in the wrong field! 🤦♀️ I'm sitting in the intro, typing out my blog, missing all the core functionality. That’s okay, it was my mistake for not scrolling below the fold.
I move down and instantly typing is 100x better. So I get to it, typing up what you see here.
The Community
Before I even managed to get this blog out the door, I've got two Statamic stans in my twitter offering to help me out. It looks like the issues found will be short lived. I love it when the community engages back like this. Definitely another win in my book 😍 Since then, I've even had a quick chat to Marty, who's helped me work out how to get twitter and meta data into the posts so I'm ready for next time. Thank you so much dude, I really appreciate it!
Deployment time
I don't even have a domain yet, so I head on over to Cloudflare, as its easy and buy myself a shinny new domain called oswinsecurity.com
After creating the domain, I setup a GitHub repo and connect it to my local install, nothing special here.
At this stage you'll also want to exclude the user files from git with: echo 'users/*' >> .gitignore
. You don't want your password hashes shared for the whole world to see!
Next we need to generate the static html content!
Looking up the static site generator documentation, I can see that to generate the site I need to run php please ssg:generate
and then it will output a bunch of html files. It puts these files inside the storage folder but we need it moved to /docs
to get it working on GitHub Pages, so next I run the command cp -rf storage/app/static/ docs
. We can speed this up by throwing these commands into our composer.json
along with some extra commands to handle our production environment and git committing:
"scripts": {
"deploy": [
"mv .env .env.backup",
"mv .env.production .env",
"mv .env .env.production",
"mv .env.backup .env",
"rm -rf docs/index.html",
"rm -rf docs/*/index.html",
"@php please ssg:generate",
"cp -rf storage/app/static/ docs",
"cp -rf public/build/ docs/build",
"git add .",
"git commit -m \"Deploying to GitHub Pages\""
],
Once the repo is setup, navigate to GitHub, then go to the repo's settings > pages
. Change the settings so the branch points to main
and the folder to docs
like so:
After we save these settings, there should be a custom domain area, which will point to the domain: oswinsecurity.com
Over on cloudflare, the next steps are to set the cname for the main domain and the www. domain to claraleigh.github.io
. Which is my username
+ .github.io
After that we should have a working site!
Visiting oswinsecurity.com I can now see my beautiful blog up and running. Costing me just the $10/yr for the domain name.
What did I like the most?
The community!!!!! I have met many a Statamic advocate and all of them are the friendliest people in the world. Even during this blog post I had people reach out and offer to help. You'd never get a WP core dev do that!
The framework, it's built on Laravel, which instantly wins me over. I know if I need something, I have the skills to do it and it'll be quick
The install, I like the terminal install, very dev friendly
It supports a static site! Hell yes, no future vulnerabilities in the framework will ever affect my site
I can host for free?!?! Yep, all I need is GitHub and Cloudflare. This is the main thing that kept me going through all the bugs. I can publish and never need to worry about hosting.
Areas for Improvement in Statamic
First impressions. WordPress has this beat by far.
Bugs, there was so many just getting started that I nearly gave up
UX, it feels like the early days in WP, like it was built by devs for devs, at least in the backend. Making images smaller also seems impossible in this responsive world. Plus lots of other things, I had to go searching for the core site setting, the search can't find settings, just very small things that add up
The install, it needs the 5min UI install that made WP famous. I know this is hard as updates would need to be in the UI too, which means composer and GitHub changes. This doesn't bother me much but it certainly stops mass adoption.
Less is more, there is slightly too many things that I feel the need to learn, which WordPress hides by default. I'm sure it will come with time but at a first look, there are things everywhere that don't have easy explanations. I'm sure I'm about to spend a lot of time in the documentation, something I enjoy but others might not
Where to from here?
Well I am going to start writing some security blogs. This was just my first piece out the door and I used it as a learning experience. I'll likely write about my time studying for the OSCP and OSEP, why I got into security, the first time I got in trouble for hacking, and the one time I pulled a 72hr shift at work because of a security incident.
I'll see you soon in my next blog 🥷