Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Recent additions to this section include:

  • New sites may not be developed in Drupal, and all new CMS development plans must be reviewed by PBS.
  • Sites must still function properly if their IP address and domain name change.
  • Sites hosted on Amazon must be repeatable.
Compatible Web Server Software and Architecture

Table of Contents

Web application hosting guidance

Producers are required to develop sites and databases that are compatible with PBS's existing Web server software and architecture. Specifications for sites and databases developed on PBS's dedicated Amazon servers is available at http://docs.pbs.org/x/fYCr, and specifications for sites and databases developed on PBS's internal servers is at http://docs.pbs.org/x/fQHB.compliant with Progressive Web Application (PWA) standards and best practices. A checklist of these standards can be found at https://developers.google.com/web/progressive-web-apps/checklist. Specifications for sites and databases to be hosted by PBS can be found below

Infrastructure

  • Environment requirements e.g. Dev, QA, Staging etc.
  • Containerized applications preferred i.e. Docker
  • Preferred CMS - CraftCMS; WordPress is supported
  • Standard non-PHP env is NGINX + uWSGI
  • Set cache control headers
  • Estimated initial/current storage needs
  • Estimated rate of storage growth
  • DB requirements? – MySQL or Postgress SQL preferred 
  • CI/CD - Jenkins pipeline YAML; Bitbucket/GitHub webhook for DEV environment;
  • ApacheBench + lighthouse performance testing

Content

CMS content should be managed via Git plugin where possible, e.g., https://wppusher.com/

Otherwise, utilize a migration plugin, e.g., https://straightupcraft.com/craft-plugins/migration-manager or https://wordpress.org/plugins/all-in-one-wp-migration/

Export files must be delivered via AWS S3

XML Sitemap + Robots.txt

Estimated lifespan of site/app before first refresh

Estimated change/deployment frequency

Management

Third party development or support agreement

Source code repository – GitHub preferred. PBS can provide Bitbucket access.

Security

  • CSP Header
  • SSH via private key
  • Secrets must NOT be stored in repo/code
  • List of initial dependencies, specify version
  • Source code must NOT contain any high risk vulnerabilities listed in NVD

Support for Amazon EC2 Dedicated Hosting

In an effort to provide PBS producers greater flexibility to innovate with innovation, as well as greater freedom to tackle emerging issues, PBS is providing selected select producers with small high-performance dedicated serversdedicated compute and storage resources. These dedicated servers resources provide content producers with greater technological freedom to innovate and experiment with new technologies. They also introduce , while introducing isolation between producer sites, dramatically reducing the impact of adverse events.

With this additional freedom and flexibility the producer now has these dedicated resources, producers now have nearly complete control over their environment and the means to address all most issues . This server is autonomously. Provided resources are for the exclusive use of the producer to which it has been assigned. See PBS's Product Documentation space for detailed documentation on Amazon EC2 Dedicated hosts.access is granted. 

Technical support for Dedicated Hosts is is provided by PBS but is limited to the following:

  • Operational environment. PBS provides an operational computing environment to 3rd party third party developers and producers for PBS sponsored websites and applications. This operational computing environment is based on the LAMP (linux + apache + mysql + php/python/perl) technology stack. PBS provides Level 1 technical support necessary to insure that the services are "available" for use and as designed. 
  • PBS-sanctioned widgets, modules and applications. PBS has developed a suite of applications, widgets, modules, and scripts that may (and in some cases must) be used by 3rd party third party developers. PBS provides Level 1 technical support regarding the use of these components.
  • PBS network services. PBS provides network access (e.g. FPT, SFTP, and/or AWS S3 and SSH) to development , and  staging, or production computing resources where 3rd party third party applications may reside.

PBS does not , however, provide technical support for issues regarding the use, development, application, tuning, or customization of development and scripting languages, application frameworks, or applications developed by 3rd parties third parties and/or the open source community. PBS relies upon its 3rd party requires third party developers to be self-sufficient in these areas.

Security

PBS views web application security as a joint responsibility. In order to ensure the highest level of Confidentiality, Integrity and Availability (CIA), the following measures will be enforced wherever possible:

  1. Applications or dependencies containing known HIGH vulnerabilities will NOT be deployed and IF discovered post deployment may be taken offline based on severity
  2. AWS and/or SSH keys will be rotated periodically access may be revoked if suspicious activity is detected
  3. Sites will be monitored by AWS Guardduty for suspicious activity

Content Management Systems

All Content Management System plans must be reviewed and approved by your Program Manager program manager at the start of your project. Drupal is not allowed due to repeated File a support ticket with any questions.

Note

Due to repeated security and performance issues with high-traffic sites, Drupal is not supported.

IP Address

Sites may not assume that their IP addresses will not change. That is, In other words, your site must still function properly even if the IP address changes, the site must still function properly.

Domain Name

Sites should not assume that their domain names are fixed. That is, ; if the domain name needs to changechanges, the site should still function.

Repeatable Amazon

Immutable AWS-hosted sites

Site should be “repeatable” immutable on Amazon. That isFor legacy sites on server infrastructure, PBS should be able to back up the producers application directory and database, create a new machine, and the site should come up without any human intervention. All customizations must be automated using the boot.sh file which is run once upon server provisioning. Apart from container images, sites should be immutable via IAC (Terraform of CloudFormation) and auto-scale without user disruption.

Content Distribution Network (CDN)

All third-party developers and producers are expected to utilize the PBS Content Delivery Network, which is currently hosted by AWS CloudFront.

Full use of the CDN is a launch requirement for the following media types:

  • All media files including, including but not limited to, Flash, video, GIF, JPEG, etc.
  • All javascript files greater than 10k (except those which are hosted by 3rd third parties such as Google or Yahoo).
  • All CSS files greater than 10k.
Memcached

Key-Value Store

All database-intensive sites must implement object-based and/or page level server side caching as necessary in order to maintain high performance.

  • Use of memcached or redis is required highly recommended for all “dynamic” pages that rely upon an internal database or 3rd third-party services for real time data.  
  • PBS requires highly recommends the use of memcached or redis for all server-side object and page level caching. 
  • Implementation instructions can be found at http://docs.pbs.org/x/lQDu.

Performance and Load Testing

In order to maintain the highest level of user experience, PBS requires that all applications and sites developed by 3rd third-party developers for hosting on PBS's Amazon AWS hosting services service undergo (and pass) performance and load testing.

Performing this testing is the sole responsibility of the 3rd third-party producer or developer. The purpose of this load testing is to demonstrate that the application has been engineered to handle the high levels of traffic that the site may see experience at launch.

  • Using the small Amazon instance (LAMP stack) that has been provided by PBS, sites Sites and applications must demonstrate that they are capable of achieving 50 requests per second from 10 simulated users. All performance testing must be performed with the copy of ApacheBench that is included on the instance provided.
  • Test results are a production readiness deliverable. Upon completion of load testing, producers will be are required to submit a copy of the load testing results to PBS for review.
  • Robots.txt
  • The maximum allowable latency for the loading of any single page is five (5) seconds.

Documentation on how to perform load testing may be found at http://docs.pbs.org/x/UYPj

HTML Specifications

In order to reach the most users, sites should be developed using HTML specification 4.0 and cascading style sheet specification CSS1. Other HTML specifications may be used as long as the principals of Progressive Enhancement/Graceful Degradation are applied so that there is always a compelling and usable experience available for the site user. Compliance with The World Wide Web Consortium (W3C) guidelines and recommendations is required. HTML standards must be compliant for the doc-type it is declaringbeing declared. If it is not, PBS reserves the right to not publish or to limit the site audience.

Supported Web Browsers

Sites must be developed to support PBS-approved Web web browsers across platforms. Although it is not assumed that all users will have the identical experiences when using different browsers, it is vital that every user be able to experience the same content and as much visual richness and interactivity as possible.PBS currently supports the following

Supported desktop browsers
Supported mobile devices
  • Chrome **
,
  • Internet Explorer 9+
,
  • Firefox **
,
  • Safari **
,
  • Opera ** 
 
  • Apple iOS
  • Android 2.3
  • Android 4 **

** Latest, or most widely used version http://gs.statcounter.com/

Mobile devices running: Apple iOS, Android 2.3, & Android 4 **

Google Analytics Tagging

PBS uses Google Analytics as a preferred method of generating detailed statistics about visits to PBS.org Web sites. It is the producer's responsibility to request a Google Analytics account from their content manager during site production; metrics will be unavailable to the producer otherwise. To function properly, every page of a Web site on PBS.org must include the Google Analytics Tracking Code (GATC) through a Server Side Include. For more information and implementation techniques, visit [http:Any national producer website on the pbs,org domain should have Google Tag Manager (GTM) across all webpages. Please view all information about implementation and further details about custom event tracking here: https://docs.pbs.org/x/MICr|]

PBS Code Widgets

Standard interactive features must be created using tried-and-true code available in the PBS code widget library. If a relevant code widget exists, PBS code must be used. The PBS Product Documentation area (http://docs.pbs.org/x/sYCy ) lists the current products and applications for you to use.display/AN/Implementation+of+Google+Tag+Manager+for+PBS.org+Sites 

Registration and Authentication

Any project wishing to provide registration or authentication services to its viewers must utilize the PBS Universal Authentication Service. Further information can be found at: http://docs.pbs.org/x/dQHB.Account.

Additionally, by utilizing UUA PBS Account you agree to abide by the UUA RP Agreement. Further information about PBS Interactive's data retention policy can be found in the UUA FAQ.

Blog Publishing Platforms

PBS supports blogs developed with MovableType 4.3.4 publishing platform with Pro Pack, Perl version 5.6.1 as well as legacy versions 4.1 and 3.2.

  • If a project requires extensive customization, 3rd party producers may elect to install their own instance of Movable Type in their operational environment, or they may elect to select another blogging platform.
  • Installation, customization, debugging, and support of any such blogging platform is the exclusive responsibility of the 3rd party developer.
  • It is the developers responsibility to select a blogging platform that meets their product requirements as well as that will run using the technology stack and operational environment provided by PBS.

Privacy Policy and Terms of Use.

Plug-in Introductory Text

When a plug-in is required to view site content, the teaser must be accompanied by introduction text that:

  • Explains what the feature is
  • Lists the file size of the feature
  • Provides a link to the plug-in download page.

Cookies

Use of any cookies is subject to the oversight of the PBS technical staff and cookies that extend beyond a user session must be developed in partnership with PBS technical staff.

As a rule, always scope your cookies with the most specific path component you can. This will reduce reduces the overhead of the number of cookies that need to be sent by the client on each browser request. Where possible, cookies must be set in JavaScript instead of CGI script. Always prefix your cookies with a unique tag (such as programname.nameofcookie) that can identify your application in order help to avoid conflict on the server.

Airdate Code on PBS.org

When providing broadcast information, you must use PBS's airdates code. PBS's airdates code is a simple server-side include which can be customized by CSS. It automatically displays the correct broadcast dates and times for local stations, using data provided by TV Guide and cross-referenced with the episode titles and descriptions the producer provides to PBS Traffic and Operations.

For more information, read the detailed implementation steps on the PBS Product Documentation site at http://docs.pbs.org/x/OICr.To request Airdates code for a national program website, please contact your program manager or submit a ticket via the digital support portal

 


Panel
titleQuestions?

Livesearch
placeholderSearch the documentation