2. Requirements

Smallsite Design uses well-tested server technology that is the de-facto standard for running small to medium websites.

This stack is offered by most budget site hosting services, and is always the lowest cost option. cPanel is the stack management package that Smallsite Design is designed to use, just because it is so common. Smallsite Design may work on other LAMP-based platforms, but is not designed with them as a target enviroment, so is unsupporrted on them.

MySQL server is not utilised by Smallsite Design because its own data requirements are very modest, and so can be provided by means that are not dependent upon separate login ids and passwords for the storage itself. Also, such databases require technical knowledge to migrate the site to another hoster. A design goal of Smallsite Design was that migration be as low-tech for the site owner as possible.

Smallsite Design does not use any third-party software, other than what most implementations of PHP provide. PHP 8.0 is the minimum version, just because any previous versions are no longer supported. PHP is not only a programming language, but a fairly complete selection of technologies that enable building sophisticated site tools without having to have lots of third-party plugins.

Smallsite Design forces use of the https protocol to ensure that any communications between a browser and the site is secure. cPanel automatically installs SSL certificates as required, so there is no need to purchase any. There is no technical advantage in using any other certificates, including the Extended Validation (EV) certificates.

Smallsite Design only relies on that part of browser technology that has been shown to weather many version changes without fault.

Any faults that are serious enough to disrupt Smallsite Design will have created problems with far too many sites not to have an urgent patch forthcoming that host providers will apply as soon as possible.

For visitors to a Smallsite Design site, the only browser requirement is that it was made in the last few years, as supplied with most devices bought within that time, just so they have all the inbuilt functionality to support secure and reliable performance. Javascript is not required, but is used in places where it adds usability, like expanding textareas as text is typed in.

All browsers have quirks, but Smallsite Design's fluid layout and conservative use of browser facilities makes it less suseptable to what a particular version of a browser may not do correctly in future.

While the produced pages can be viewed on any device, editing the pages is more demanding.

While editing could be done on a mobile phone, the small screen size may be limiting for complex layouts, especially since the onscreen keyboard can take up a lot of room. Android phones tend to be narrower and use larger text, making the viewing screen seem even narrower, so landscape mode will be of better use.

During editing, and on some other management pages, there is a lot to process, so devices with lower processing power may take longer to render. This is because the full page is refreshed with each change, mainly because most of the page will change.

Smallsite Design (SD) can work behind a firewall or load balancers, but there are some considerations.

Many enterprises run their sites behind a firewall or load balancers, usually for scalability or protecting their infrastructure. SD can work behind these but the connection between that infrastructure and the server the site is running on must use https, otherwise it will redirect to the https version of itself.

Enterprises tend to only allow connections to specified servers to minimise the risk from malicious connections to their architecture. If SD is behind a firewall, as might be the case for internal use, there still needs to be a firewall rules in both directions between the license server at https://smallsite-license.com/ and the publicly accessible domain name of the internal SD installation for updates. The incoming rule is only to allow the license server to provide a code that SD will use to validate itself to that server. The only ports needed are those assigned to the https protocol.

The outgoing communications from SD are to the license server to get the list of current versions or version files, to check passwords to https://api.pwnedpasswords.com/ by default, or to check external links. If SD cannot contact the license server, it will continue to work as normal. If password checking is enabled and SD cannot contact that server, it assumes the password is ok and continues as normal. If external links are not accessible, they will be reported with error codes on the Check links page. All this means that the site can be kept private and only needs the license server connections open to do updates.

During installation of SD, the full domain or subdomain URL is saved internally, and must be used for all subsequent operations, including contact with the license server.