Netlify Grows from SSG to CMS — and Launches a Microservices Gateway
We spoke with Netlify co-founders Mathias Biilmann and Chris Bach about their web development platform’s journey from static site generator to a full-fledged content management system, including support for identity and microservice integrations.
How did Netlify first come to exist?
Mathias Biilmann: For seven years, I worked as CTO for a company in Spain that built websites for small to medium businesses — we built literally about 100 sites per week, so very large scale, and ran the whole workflow from brief to production. From there, I started Webpop, a cloud host CMS, to take that previous experience and apply it to a platform where developers could get same efficiencies while building with their own code, but then allowing their client end-users — who usually weren’t comfortable in code — update content easily, straight on top of their own websites.
When I came to the Bay Area, we were emerging into a whole new era for web development. FTP access was the number one request when I started Webpop, but no more! The browser was suddenly more powerful, the whole API economy emerging, and front end build tools evolving at a crazy pace. At the same time, the whole dev workflow had coalesced around git and version control. So there was the exciting possibility of building a web dev platform that harnessed all these revolutionary mega-trends. To build sites that interact with the browser instead of having to be rendered server-side every time while using GitHub as the center of the workflow architecture.
Chris Bach: So Mat hit me up. We’ve been best friends since high school. We used to think we would open a jazz club, but then realized we needed to do something different. This was our chance to do something big together, and we decided to attempt to draw a circle around the two web dev megatrends — the front end revolution, with today’s advanced markup, build tools, compiling —and now the microservices and API economy. And it only made sense to put git at the center of it all. GitHub is your code base, your collaboration with the other devs you work with, even your social world. It’s home.
So we built Netlify from the now-universal dev expectation that, “You push to git, and something happens.”
Biilmann: This git-centric workflow appeals to developers, and the people who fund projects are also seeing the logic behind Netlify, how powerful it is. Bloomberg Beta and Tank Hill Ventures helped us get up and running with $2.1 million in seed money, and we just announced our second round of funding last month, from Andreessen Horowitz. Another $12 million — and the feeling that some of the primary entities in the space see the value in what we are doing here.
Netlify originated as an SSG. How did it set itself apart from other static site generators from the start?
Biilmann: It used to be, you had to go into a server, make your changes, wait half an hour to see them live because of cache validation. Even now with something like AWS, there is still that lag. The idea of Netlify is not just to create a direct line between git and go live — it is to preload content and then serve the page(s) directed from whichever one of Netlify’s geographically distributed servers is closest. This drastically reduces load times.
Bach: The idea is that instead of loading every time a page is visited, the preloading has already been done. We basically initiate our own proprietary kind of repository that pushes simultaneously to GitHub and our own service. When you update content, those changes execute and then get distributed across our content delivery network as pre-built static pages.
From multiple points of origin: any site on Netlify is running just as much out of Sydney as San Francisco. So, a new type of approach where any project that is pre built can distribute globally, Netlify is bundling into one platform all the necessary components to build out and deploy projects. Devs get to roll out changes directly from the command line, across a larger network of servers — changes that can be easily rolled back, if necessary — and you see the effect right away.
Biilmann: And by “static” pages we don’t mean, like, 1994 static. The vast majority of Netlify pages are dynamic — they are just interacting with the browser instead of needing to be built server-side.
So how does Netlify’s approach pay off for the everyday developer working in the electronic trenches?
Bach: The legacy web is based on that, 15 years ago, we had this fantastic server-side hack where instead of building a site we would build an application that would run every time there was a visitor. Now the price we are paying for this is huge, and more each day than the day before. Mobile makes performance much more sensitive. The sheer scale of today’s web makes scaling websites harder as visitor numbers keep getting larger, and the number of malware attacks has just exploded. From a security POV, 30 percent of internet traffic is automated scripts, a huge portion of which is malware.
At Netlify we get 60 million requests every month that start with “wpadmin” — and obviously we don’t host a WordPress site. And that is bad. Negligence testing shows how bad. Take the most common kind of site, a monolithic app, with a few plugins — your normal business site. You don’t update the server environment, don’t update anything around this, PHP or Apache, and sit back. There used to be a 50 percent risk that you’d be hacked in less than six months. Now it’s less than 11 days.
So the surface area of a monolithic app is gigantic, and we expose that every time there is a visitor. Having a single point of origin makes it slow. Netlify makes both of these non-issues. Scalability as well.
Agencies overprovision at 700 percent on average because we are just guessing on traffic and need to build in insurance. A landing page for a QR scanner at a local supermarket for example — you are not anticipating much, but surprise — there is some sort of viral element, or the client fails to alert you that they just dropped $4 million into AdWords. There’s a spike, you’re not geared to handle it, and down you go. So the legacy web is suffering in that way. Even though you have Cloudflare, one of the most famous patches of the legacy world, you still have to put that in front of your site.
If you build things right from the start, though, and take advantage of all the technologies we now have, stitch those all together, you don’t have to guess at your needs — you can just scale as you go, automatically, and performance is so so so much better. That’s Netlify.
Netlify next came out with Netlify CMS — what drove that iteration?
Biilmann: A real impetus for Netlify CMS was Smashing Magazine. Very important publication in the front end design space. I had written an article about static site generators (SSGs) being next big thing, all the benefits they offer, how much faster. And the magazine’s founder got back to me, when he saw the draft, asking for details about how this could compare to their current setup. So just for fun, I scraped their content onto the Netlify platform — and benchmarked it at seven times faster than their existing. Even though they had invested in all the caching plug-ins, ever. And so they asked what could be done to move Smashing over to Netlify.
Bach: There was the main magazine, plus a WordPress blog with ten years worth of archived articles and 200,000 plus comments, a shop with ebooks and print books, a conference site. And every single one on a different platform. Shopify, WP, Rails, Kirby. All big monolithic apps, which you could make all look the same front-facing, but there was no way to introduce anything that worked across all of them.
Biilmann: In the open source ecosystem around JAM stack architecture there wasn’t a set of tools that was ready enough that I could just tell them, “Go pick these tools, build it and put it on Netlify.” After a lot of deliberation, we decided to say we could bootstrap this ecosystem as a completely open source project — the services Smashing needed were so similar to all the things anyone building a site needs, all the basics plus subscriptions, memberships, form handling, e-commerce.
Bach: And I was like, “Are we building out an e-commerce service, are you insane?” But what we did could not be more different from building out a Shopify-style monolithic app. If we had set out to build all of Shopify we would still be working on it. To use it, you depend on everything you need being inside — template engine, rooting engine, filtering functions, all of that.
Instead, our open source commerce service is a very small API in terms of surface area. It boils down to two endpoints: creating the order and paying for the order. All the UI is up to whoever builds the front end, so e-commerce is completely agnostic. So the perfect example of how you can build small, very focused microservices that can be reused in so many different contexts
Now if you are one of the 1,200 readers who wants to buy a book, it is not until you click that buy button that there is any kind of a call outside. This minimizes surface area for attack and is so much faster. We really believe in this architecture, a super clean experience that is still so customizable.
And, as for Smashing Magazine — its site is now ten times faster.
All of which led, naturally, to next steps in Netlify Microservices, which you are announcing today?
Biilmann: It was a goal we had from the start, and a logical and organic evolution when you are coming from a JAMstack approach to web development. Where Netlify distributes a pre-baked front-end to CDN edge nodes all over the world to then talk to many different services directly from the client in the browser.
Bach: We benefited from the many great solutions to service discovery that have emerged in the infrastructure space. Service discovery solves the problem of how to make each microservice aware of the other parts of the system — how do I reach the authorization service, where is my database, etcetera — and helps make microservice architecture manageable.
As of today, we’re allowing public beta access to two of these services, but just as a starting point towards making it easy to integrate any of the hundreds of thousands of microservices out there through Netlify’s Microservice Gateway. These first of these two initial services is Netlify Identity — a managed version of our own open source Gotrue microservice, that lets you add user registration and management under for any Netlify site. Identity, which is based on our open source authentication API, GoTrue, is a plug-and-play service for letting your site handle sign ups, logins, password recovery, user meta data and roles. You can use it from single page apps instead of rolling your own, and integrate with any service that understands JSON Web Tokens.
The other service we are debuting today is Netlify CMS Gateway, a portal between your site and GitHub that makes it easy to enforce roles and permissions via Netlify Identity or any other service capable of issuing JWTs — think Auth0, Okta, etc. This turbocharges our existing open-source Netlify CMS to give seamless user and roles management, without requiring individual users to have a GitHub account. Stay tuned for GitLab and Bitbucket integrations!
Biilmann: Our plan is to become the developer’s number one choice. And we will not charge devs anything at all, ever, to use Netlify. Instead, we charge the people who are getting a benefit of the final outcome. The people who pay the devs.
Feature image: Netlify co-founders Mathias Biilmann (left) and Chris Bach.