Do not underestimate the power of a single server to host you app. Sure it won't work in _all_ situations but omg you can get so much out of a single $30/month VPS .. we've been indoctrinated that everything needs to be on hyperclouds and mega scale. But that brings so much cost and complexity that most applciations don't need.
100%. And super easy to scale up to a certain point. Alternatives have it's place though (PaaS is excellent for 100% product focus in limited timeframe, cloud/orchestration when you have scale, Kamal in Rails world is a neat middleground for some extra robustness).
I moved all my stuff from AWS to a Hetzner VPS recently. I don't have much, and AWS was actually cheaper, but I'm so much happier having everything in one, simple spot.
There's a gap in my knowledge so far, which I think is mirrored in this post: I have been piecing together my server by hand, and I _know_ I will regret this at some point, but I don't know how I want to solve this yet. I don't want to involve Docker in this setup. Perhaps I should go back to Saltstack or Ansible, or maybe there's something in Nix for me, or snap/flatpack maybe, I don't know. There's a good chance I'll just never solve it, but it seems like there's a gap there that's waiting for a great, simple, small solution (or it exists and I just don't know about it).
So after all these years (decades now) of learning and working in linux every, single, day, I still have a lot to learn! :D
Something worth adding to the list: Enable rate limiting.
I'm also running my business on a single server, works perfectly, except for one time when someone tried to find some content with hash IDs through bruteforce. No problem, a tiny VPS can handle one malicious user. Except the amount of errors logged by nginx filled up the disk.
You put your reverse proxy on a publicly available machine then through strict firewalls only accept communication to your back end from the reverse proxy; effective leverage VPCs to make your backend not be on the public Internet. That should allow you to filter out malicious users without affecting your actual application and it's trivial to scale your reverse proxy horizontally or reach for a WAF if you have the need/desire.
I'm using external "send-only" SMTP server (Sendgrid) and Google Workspace as receiving/sending. Email itself is something that I'm not keen on DIYing (though I looked into it and other SMTP alternatives).
Do not underestimate the power of a single server to host you app. Sure it won't work in _all_ situations but omg you can get so much out of a single $30/month VPS .. we've been indoctrinated that everything needs to be on hyperclouds and mega scale. But that brings so much cost and complexity that most applciations don't need.
reply