Recommended Server Settings

Websites based on Publii don't require much to be able to function correctly; in fact, any server that can host HTML files will be handle the basics. However, in order to provide your visitors with a safe, user-friendly site experience, there are some factors that are important to bear in mind when deciding which type of server you want to use to host your site:

  1. Not all servers will be configured to handle directories, causing them to be unable to display the index.html file immediately on load. To protect from this issue, we recommend enabling the Always add index.html option in the URLs section of the Site Settings, which are available via the main menu in the left-sidebar of the Publii interface.
  2. The FTP protocol may be simple to use and is certainly supported by Publii, but it is generally recommended to avoid using this protocol as it sends data without encryption, opening up more opportunities for hackers to gain access to your server. Instead, at a minimum we recommend using the FTPS protocol, which works exactly the same as regular FTP, but it also encrypts the server access data for additional protection. If possible, users should go one step further and utilize the SFTP protocol, which encrypts all traffic (connection, file transfer) to the server for maximum protection.
  3. Publii does not generate empty index.html files for directories, as this would, in many cases, lead to several additional files being uploaded to the server. Therefore, we recommend using a hosting (deployment method) that includes an option to disable directory listing or, alternatively, allows users to disable it manually, for example via the .htaccess file.

    The following table shows how the different deployment methods handle the directory listing.

    Deployment methodBuilt-in option
    FTPdepends on the server configuration (can be disabled via the .htaccess file)
    SFTPdepends on the server configuration (can be disabled via the .htaccess file)
    GitHubdisabled by default - returns 404 error page
    GitLabdisabled by default - returns 404 error page
    Netlifydisabled by default - returns 404 error page
    Google Cloud-
    Amazon S3required creating a bucket policy
    Manual deploymentdepends on the available settings of the destination server
  4. To improve the site experience for your visitors and ensure their security, we strongly recommend using SSL (Secure Sockets Layer) on your website, which will encrypt the traffic between the visitor's web browser and your site's server. This will also have a secondary benefit to your site traffic, as some browsers block pages without an SSL certificate and warns visitors that your site may be dangerous, regardless of the actual content of the site.

With these points in mind, you can be sure that both your and your visitors' data will be a lot safer and more secure than before.