The easiest way to deploy static sites on the web.
NOTICE: This is a premium pico+ service with a free tier
# Features
- No install
- 25MB asset storage with free tier
- No client-side installation required to fully manage static sites
- Distinct static sites as projects
- Unlimited projects, created instantly upon upload
- Deploy using rsync, sftp, or scp
- Promotion/rollback support
- Managed HTTPS for all projects
- Custom domains for projects
- Custom redirects
- Custom headers
- SPA support
- Image manipulation API
- Private projects
- No bandwidth limitations
# Publish your site with one command
When your site is ready to be published, copy the files to our server with a familiar command:
1rsync -rv public/ pgs.sh:/myproj
That's it! There's no need to formally create a project, we create them on-the-fly. Further, we provide TLS for every project automatically.
# Manage your projects with a remote CLI
Use our CLI to manage projects:
1ssh pgs.sh help
# Instant promotion and rollback
Additionally you can setup a pipeline for promotion and rollbacks, which will instantly update your project.
1ssh pgs.sh link project-prod project-d0131d4
A common way to perform promotions within pgs.sh is to setup CI/CD so every
git
push to main
would trigger a build and create a new project based on the
git commit hash (e.g. project-d0131d4
).
This command will create a symbolic link from project-prod
to
project-d0131d4
. Want to rollback a release? Just change the link for
project-prod
to a previous project.
We also built a github action that handles all the logic for uploading to pgs.sh. Here's an example of it in action.
# CLI Reference
The best way to learn about all the commands we support is via an SSH command:
1ssh pgs.sh help
Having said that, we do want to demonstrate the power of pgs.sh by discussing
design goals. All of our SSH commands are safe-by-default. Meaning, they never
mutate server state by default. This provides users an opportunity to experiment
with our commands to see how they work. In order to actually trigger server
mutations, every command must be appended with --write
.
Further, we want to make sure users are able to manage their static sites exclusively from SSH commands. Below is list of features we support via SSH commands:
1# storage usage stats
2ssh pgs.sh stats
3
4# list all projects (and their links)
5ssh pgs.sh ls
6
7# list all project dependencies
8ssh pgs.sh depends project-x
9
10# link a project (e.g. folder symlink)
11ssh pgs.sh link project-x --to project-y
12
13# unlink a project
14ssh pgs.sh unlink project-x
15
16# delete a project
17ssh pgs.sh rm project-x
18
19# delete all projects matching a prefix
20# (except projects that have linked projects)
21ssh pgs.sh prune prefix
22
23# delete all projects matching a prefix
24# except the last (3) recently updated projects
25ssh pgs.sh retain prefix
26
27# set project to private to only you and matching public keys
28ssh pgs.sh acl project-x --type pubkeys --acl sha256:xxx
# File denylist
You can upload any file you want to pages, with a few exceptions.
Because any file uploaded to pages is public-by-default, we felt it necessary to
automatically reject some files from being uploaded. At this point in time, we
reject all files or files inside directories that start with a period .
.
Essentially, we reject all dotfiles. This is so users don't accidentally upload
a .git
folder or .env
files. This is the equivalent rule in our .gitignore
parser:
.*
# Override denylist
Upload a _pgs_ignore
to the root of each project. We are using the same rules
as .gitignore
using this parser.
If you want to allow all files without ignoring anything, add a _pgs_ignore
with any comment (to get around how we handle
0-byte files):
# dont ignore files
Note: when uploading a
_pgs_ignore
, we cannot guarentee it will be uploaded first so we recommend uploading it on its own and then upload the rest of your site.
# Access Control List
Thanks to SSH tunnels we can provide restricted access to projects.
We have three options:
- public (default)
- pubkeys (list of sha256 public keys to give read access to)
- pico (list of pico users to grant read access to)
1# access to anyone with a public key
2ssh pgs.sh acl project-x --type pubkeys
3
4# access only to public keys provided
5ssh pgs.sh acl project-x --type pubkeys --acl sha256:xxx --acl sha256:yyy
6
7# access to anyone with a pico account
8ssh pgs.sh acl project-x --type pico
9
10# access only to pico users provided
11ssh pgs.sh acl project-x --type pico --acl antonio --acl erock
12
13# access to anyone
14ssh pgs.sh acl project-x --type public
To connect to a private project:
1ssh -L 1337:localhost:80 -N {subdomain}@pgs.sh
2
3# for example our pico UI is only available through an SSH tunnel:
4ssh -L 1337:localhost:80 -N pico-ui@pgs.sh
Then open your browser to http://localhost:1337
# Pretty URLs
By default we support pretty URLs. So there are some rules surrounding URLs that are important to understand.
For the route https://{user}-{project}.pgs.sh/space
, we will check for the
following files:
/space
/space.html
/space/
:301
redirect to/space/index.html
/404.html
As you can see from the third entry, we add a trailing slash to all routes. This is a common practice with static sites in order to prevent having different behavior from visiting a site with and without a trailing slash.
# Custom Domains
We have a very easy-to-setup guide on custom domains.
# Custom Redirects and rewrites
We support custom redirects and rewrites via a special file _redirects
.
# Redirect browser request to what we serve
/home /
/blog/post.php /blog/post
/news /blog
/wow https://wow.com
/authors/c%C3%A9line /authors/about-c%C3%A9line
When no status is provided, we default to 301 Moved Permenantly
.
# Redirect with a 301
/home / 301
# Redirect with a 302
/my-redirect / 302
# Show a custom 404 for this path
/ecommerce /store-closed 404
# Rewrite a path
/pass-through /index.html 200
# Route Shadowing
By default we do not shadow routes that exist. For example:
/space.html
exists on your site
With a _redirects
entry:
/space / 301
If the user goes to /space
then it will always prefer /space.html
. You can
override this preference by adding a force flag to your redirect entry:
/space / 301!
# Rewrites
Not completely supported at this point but actively being worked on. You can track the status in this PR.
# Custom Headers
We support custom headers via a special file _headers
.
# a path:
/templates/index.html
# headers for that path:
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
# another path:
/templates/index2.html
# headers for that path:
X-Frame-Options: SAMEORIGIN
/*
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
# Denied Headers
These headers are not allowed:
Accept-Ranges
Age
Allow
Alt-Svc
Connection
Content-Encoding
Content-Length
Content-Range
Date
Location
Server
Trailer
Transfer-Encoding
Upgrade
# Single-Page Applications
We support SPAs! Upload a _redirects
file to your project:
/* /index.html 200
# Reserved username project
If you create a project with the same name as your username, then you can access it at:
1rsync -rv public/ glossy@pgs.sh:/glossy
2# => https://glossy.pgs.sh
# Content security policy
For pico domains we have modestly strict content-security policies.
1Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
If you need to access sites that are blocked by this CSP, then you can use a custom domain which won't have those security restrictions.
# Does pages have a CDN or multi-region support?
At this point in time, we are able to serve content from a single VM. If this service gains traction we will commit to having a CDN with multiple regions in the US.
# Ready to join pico?
Create an account using only your SSH key.
Get Started