Netlify Configuration Guide

Overview

This netlify.toml file provides configuration settings for deploying the Jekyll website on Netlify. It defines build processes, environment variables, security headers, and routing rules.

Build Configuration

Build Command

command = "jekyll build"

• Specifies the command to build the Jekyll site
• Generates static files in the _site directory

Publish Directory

publish = "_site"

• Defines the directory containing the generated static site
• Netlify will serve files from this directory

Ruby Version

RUBY_VERSION = "3.1.2"

• Sets the Ruby version for the build environment
• Ensures compatibility with the project’s Ruby dependencies

Security Headers

The configuration includes several security headers to enhance website protection:

• X-Frame-Options: DENY

  • Prevents the site from being embedded in iframes
  • Mitigates clickjacking attacks

• X-XSS-Protection: 1; mode=block

  • Enables browser’s built-in XSS protection
  • Blocks detected XSS attacks

• X-Content-Type-Options: nosniff

  • Prevents MIME type sniffing
  • Reduces the risk of malicious file execution

• Referrer-Policy: strict-origin-when-cross-origin

  • Controls information sent in the Referer header
  • Enhances privacy and security

Routing and Redirects

[[redirects]]
  from = "/*"
  to = "/index.html"
  status = 200

• Implements client-side routing
• Ensures all routes are handled by index.html
• Supports single-page application (SPA) like behavior

Environment-Specific Builds

Production Environment

[context.production.environment]
  JEKYLL_ENV = "production"

• Sets Jekyll environment to “production”
• Typically used for optimizations and excluding development-specific content

Deploy Previews and Branch Deployments

[context.deploy-preview]
  command = "jekyll build --drafts --future"

[context.branch-deploy]
  command = "jekyll build --drafts --future"

• Builds site with drafts and future-dated posts
• Useful for previewing changes before merging

Best Practices

• Regularly review and update security headers
• Ensure Ruby version matches project requirements
• Use environment-specific builds for different deployment contexts

Related Documentation

• Netlify Configuration Reference
• Jekyll Documentation