
Ask HN: Advice for Hosting and Deploying My Side Project - the_wannabe
I&#x27;m finally starting to wrap up the MVP of my web app which is my side project.  Now I&#x27;m starting to look at how I&#x27;m going to host it, and I&#x27;m getting overwhelmed with the number of options.  My background is in desktop\embedded code, so I&#x27;ve not really had to deal with this much before.  My app is written in Rust on the Rocket framework and uses PostgreSQL and PostGIS.<p>I was originally looking at Digital Ocean, however I&#x27;m thinking that managing that might be too much work for me, and it will be too easy to make a stupid security mistake.  I&#x27;m currently looking at https:&#x2F;&#x2F;www.clever-cloud.com&#x2F;en&#x2F;rust-hosting which seems safe and easy.  Are there better options?<p>Should I not try and ignore this stuff and spend the time like learning something like Docker instead?<p>Any other tips?  Anything I&#x27;m overlooking?
======
dagoat
I would have said Heroku. But it doesn't appear its as straight forward for
your stack as it is for others. However this looks promising:
[https://github.com/emk/heroku-buildpack-rust](https://github.com/emk/heroku-
buildpack-rust)

I would have also suggested [https://nanobox.io/](https://nanobox.io/) \- but
their pricing is no longer transparent (used to be pretty cheap). It would
also involve dockerizing your app.

As for clever cloud, their Rust support is in beta...

I'd spend a short amount of time on Heroku though, if all goes well that's the
best option for an MVP IMO

~~~
mooreds
You might look at this for running rust on heroku:

[https://elements.heroku.com/buildpacks/rhelmer/heroku-
buildp...](https://elements.heroku.com/buildpacks/rhelmer/heroku-buildpack-
rust)

Note I haven't done this, but it turned up in a search.

~~~
dagoat
FYI that’s a fork of the repo I posted. The fork hasn’t been updated in over 3
years

~~~
mooreds
Ah, sorry about that, I thought it was better because it had on the heroku
domain.

------
chrisgoman
You were on the right track, DigitalOcean is the _easiest_ and at $5/mo for
Debian/Ubuntu, it should be sufficient for an MVP.

If you are concerned about security, just follow the "simple" steps below

[https://www.digitalocean.com/community/questions/best-
practi...](https://www.digitalocean.com/community/questions/best-practices-
for-hardening-new-sever-in-2017)

.. it's mostly just typing stuff in a terminal

You can probably skip 10, 11, 14, 15, 16, 17 (in the short run)

If you want to automate this, you can learn Ansible (or Fabric fabfile.org)
but that is probably premature

Just make sure you have a backup of everything on your server (nobody is going
to take that more seriously than you, specially for customer data)

For scaling, they have some simple Load Balancers now (pick the correct region
where it is available) ... used to have to do some DNS-based load balancing
before (AWS R53). Again, probably premature but it can be done without too
much pain once you get there

~~~
rwieruch
Second this. DO is great and I host all my projects, whether static websites,
Node.js applications or just MVPs there.

\- Static Websites on one $5 Droplet with Server Blocks:
[https://www.digitalocean.com/community/tutorials/how-to-
set-...](https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-
server-blocks-virtual-hosts-on-ubuntu-16-04)

\- Web Applications on one $5 Droplet with Dokku:
[https://www.digitalocean.com/products/one-click-
apps/dokku/](https://www.digitalocean.com/products/one-click-apps/dokku/)

In case if you are interested, I explain my setup over here:
[https://www.robinwieruch.de/deploy-applications-digital-
ocea...](https://www.robinwieruch.de/deploy-applications-digital-ocean/)

------
verdverm
Don't worry about all that security / docker with a MVP, you can deal with
that once you know your project is solving a problem and you need to scale.

My personal recommendation is a small VM in Google Cloud for the app and
another small managed postgres server (backups automated). GCloud is easier to
get started with and they automatically migrate your app VM if there are
hardware problems. This would run you less than $50 (~30 ballpark) per month.
The other consideration is https (mainly for not appearing dangerous in the
browser).

(Boycotting AWS)

~~~
robax
This comment hits the nail on the head for me.

Pick a cloud provider. Spin up an instance that will be your server. Spin up
an instance that will be your DB. Make your DB only listen to your server
instance. Make your server instance only listen on port 80/443.

As long as your app isn't vulnerable to SQL injection type stuff, that's
probably enough security for an MVP, and this kind of set up puts you on the
right track for scalability.

Source: am DevOps.

~~~
verdverm
Me too :]

------
jarfil
Docker is about uptime, consistency, integrity, CI/CD, etc. If you're just
testing stuff, and won't notice a day or two of downtime, you can skip it for
now (but it does make things easier once you learn it).

Always keep working backups of whatever you want to have on your server.
Expect your server to get erased at any moment without previous notice, be
aware of how much data are you willing to lose in case of a failed restore.

If you're processing user data, be aware of applicable data protection laws
(if any).

Security is only relevant if you become somewhat popular, or you plan on
leaving the project completely unattended for a longer period of time (don't,
you will most likely get hacked). Otherwise, apply basic security measures and
don't sweat it too much until you actually start having something worth
protecting. Erasing and re-creating a server/instance from scratch is
acceptable and secure enough in the beginning.

------
zhobbs
Might check out AWS Lambda for the Rust backend, I usually use a SAM config to
deploy ([https://aws.amazon.com/blogs/opensource/rust-runtime-for-
aws...](https://aws.amazon.com/blogs/opensource/rust-runtime-for-aws-
lambda/)).

For the DB, you could then use RDS, a managed postgres service, looks like it
supports Postgis:
[https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appen...](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.html)

------
myrloc
DigitalOcean offers the basics with a straightforward API and UI for
management at an affordable price. It won't have the offerings of AWS or
GCloud, but if you ever need to move to a larger provider, you're guaranteed
to have what you're using at DO. I'd go with DO until you have a reason to
switch.

------
qqqwerty
First piece of advice: Relax, don't sweat it too much. I 'hosted' my first
side project on a Raspberry PI. My second was on an AWS EC2 instance on the
tiny free tier. Nothing wrong with having the db and the app on the same
server (in my case Python and Postgres). The projects were mostly for fun
though, and I was not worried about scaling or anything like that, but it was
quick, cheap and easy.

If you are worried about scaling (which would be a nice problem to have), you
can still start out on AWS (or another provider's) free tier, and then just
upgrade the instance if you start getting an uptick in use. If you are lucky
enough to out grow vertical scaling, then you will have plenty of motivation
to figure out the horizontal part. Just carve out an afternoon to sort it out.
And if you are really ambitious, try setting your app up on multiple
providers. After the first one is up, figuring out the others should be easier
(cause they all basically do the same thing), and then you can play around
with them and stick with the one you like best. Might cost a little more
initially, but could help put your mind at ease.

Regarding security, just make sure you are salt+hashing users passwords. You
can worry about the other stuff later. And as others have mentioned, if you do
one thing, make sure you backup your database. You can start by just doing it
with a daily crontab (or even do it manually if you really need to). It your
app crashes, you can always restart it, but if you loose the db, you are
hosed.

Also, you might want to consider getting some test users (friends, family) to
poke at it before releasing it into the wild. This will help you surface any
bugs. If this is your first web app, I would rate your odds of having issues
large enough to ruin your launch as: 95% chance due to bugs | 4.5% chance due
to scaling issues. | 0.5% chance due to security issues. If a site is getting
the HN hug of death, it usually peaks my interest more, and I will bookmark
and come back to it. But if its buggy as hell, I loose interest right away.

------
tmaly
I used DigitalOcean for my food based web app. I would definitely recommend
them.

The skills to setup and maintain the machine are valuable to learn. I would
recommend documenting everything as you may not remember everything you
initially did. One example would be how to backup your database, or another
how to upgrade your database when a security patch comes out.

Some things I did that were helpful:

Stick with long term support (LTS) versions of the linux you choose as this
will minimize how often you have to upgrade things.

If you can automate security patches, do so ( Debian and Ubuntu have this )

Setup something like fail2ban to help monitor and block intrusions.

setup key less ssh access.

put your web app behind a proxy like nginx and have it handle the https

------
aregsarkissian
One of the more difficult parts of self hosting with a service like digital
ocean is managing your own database. Luckily DO just introduced managed
postgres databases. Also you can use DO load balancer so you don't have to
manage a load balancer and deal with setting up let's encrypt ssl certs, and
only have to worry about deploying your web app. I wouldn't go with docker for
production just yet because while docker is great for immutable servers and
dev/ops parity, it makes things like secret management, logging and monitoring
more complicated.

------
rajangdavis
Heroku isn't a bad option.

~~~
jamestimmins
I second Heroku. Definitely the most simple setup option.

~~~
czbond
I third Heroku.

~~~
thebooglebooski
I fourth Heroku.

~~~
dagoat
I fifth Heroku.

------
udia
Caveat: I have not worked with Rust. The comments below suggesting Heroku,
DigitalOcean and other PaaS are good starting points. However, I want my side
projects to be able to handle arbitrary load without managing additional
infrastructure.

I design my current web apps to work using serverless functions
[https://serverless.com/](https://serverless.com/) This ensures that if my
applications become popular, I will not have to do additional infrastructure
work to scale. I use a cloud provider managed database (AWS DynamoDB, RDS for
Postgresql) so I don't need to worry about managing that either.

There is a steep learning curve! A quick Google search shows that Rust
serverless is in its infancy ([https://github.com/softprops/serverless-
rust](https://github.com/softprops/serverless-rust)). Also, if you need to
have bi-directional communication using WebSockets (or something comparable),
the options you have to work with are limited (AWS AppSync is what I am
currently struggling with)

That being said, it has been an extremely challenging and rewarding
experience, migrating my personal projects.

------
nik736
If you are in Europe you can also check out Hetzner Cloud. Pricing is way way
better than everything else. You have to manage it yourself though, but it's
easier than you might expect and you are learning something new on the way.

~~~
majewsky
I was about to suggest Hetzner Cloud as well, but wasn't sure if OP is looking
for IaaS (like Hetzner Cloud) or PaaS.

------
soneca
I always recommend [https://codemason.io/](https://codemason.io/)

I use it for my own web app, and it is perfect. The support I get from Ben
(the founder) is awesome. He knows _a lot_ about devops and is a very kind
person.

It will take care of all the configuration for you and still let you choose
your hosting (mine is DigitalOcean). It uses Docker, so learning a little bit
of it would help.

------
lostmsu
Azure App Service is totally free for small instances.

------
strzibny
I am writing a book exactly for this purpose right now.

For someone making a project and asking "how do I host it now?". My pre-
release is still ~3 months far away, so you cannot buy it now, but if you
would like to learn the deployment yourself at some point, here it is:

[https://vpsformakers.com/](https://vpsformakers.com/)

What I recommend is to learn the fundamentals right and start with Bash before
jumping to more complex config management tools. Even if your deployment
process won't be smooth in the beginning (copy files, setting something
manually) do not underestimate the security aspect - you owe it to your users
to protect their data.

And avoid ANYTHING you don't need right now. Avoid Docker and the whole
universe of tools around Kubernetes. I imagine with Rust you can easily deploy
one binary with systemd unit, PostgreSQL service from the OS, set up NGINX and
SELinux and you are done.

Someone here said Docker is about uptime. What the *? Docker is additional
layer where something can go wrong so by definition it won't be better than
just a systemd service.

------
jtchang
What kind of budget are you on?

~~~
the_wannabe
Minimal. I don't expect this to make a raft of money any time soon, so I'm
looking for a good balance between hands off and cheap. I'm hoping $50/month
will be towards the upper end of cost, but I could go higher if needed.

------
theblackcat1002
I use Linode to host all my side project. It's similar to Digital Ocean
offerings and so far work pretty fine.

