Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Advice for Hosting and Deploying My Side Project
53 points by the_wannabe 27 days ago | hide | past | web | favorite | 36 comments
I'm finally starting to wrap up the MVP of my web app which is my side project. Now I'm starting to look at how I'm going to host it, and I'm getting overwhelmed with the number of options. My background is in desktop\embedded code, so I've not really had to deal with this much before. My app is written in Rust on the Rocket framework and uses PostgreSQL and PostGIS.

I was originally looking at Digital Ocean, however I'm thinking that managing that might be too much work for me, and it will be too easy to make a stupid security mistake. I'm currently looking at https://www.clever-cloud.com/en/rust-hosting which seems safe and easy. Are there better options?

Should I not try and ignore this stuff and spend the time like learning something like Docker instead?

Any other tips? Anything I'm overlooking?

I would have said Heroku. But it doesn't appear its as straight forward for your stack as it is for others. However this looks promising: https://github.com/emk/heroku-buildpack-rust

I would have also suggested https://nanobox.io/ - but their pricing is no longer transparent (used to be pretty cheap). It would also involve dockerizing your app.

As for clever cloud, their Rust support is in beta...

I'd spend a short amount of time on Heroku though, if all goes well that's the best option for an MVP IMO

You might look at this for running rust on heroku:


Note I haven't done this, but it turned up in a search.

FYI that’s a fork of the repo I posted. The fork hasn’t been updated in over 3 years

Ah, sorry about that, I thought it was better because it had on the heroku domain.

You were on the right track, DigitalOcean is the easiest and at $5/mo for Debian/Ubuntu, it should be sufficient for an MVP.

If you are concerned about security, just follow the "simple" steps below


.. it's mostly just typing stuff in a terminal

You can probably skip 10, 11, 14, 15, 16, 17 (in the short run)

If you want to automate this, you can learn Ansible (or Fabric fabfile.org) but that is probably premature

Just make sure you have a backup of everything on your server (nobody is going to take that more seriously than you, specially for customer data)

For scaling, they have some simple Load Balancers now (pick the correct region where it is available) ... used to have to do some DNS-based load balancing before (AWS R53). Again, probably premature but it can be done without too much pain once you get there

Second this. DO is great and I host all my projects, whether static websites, Node.js applications or just MVPs there.

- Static Websites on one $5 Droplet with Server Blocks: https://www.digitalocean.com/community/tutorials/how-to-set-...

- Web Applications on one $5 Droplet with Dokku: https://www.digitalocean.com/products/one-click-apps/dokku/

In case if you are interested, I explain my setup over here: https://www.robinwieruch.de/deploy-applications-digital-ocea...

I second using DigitalOcean. They are inexpensive and reliable.

I use ubuntu on my droplets following this guide https://www.digitalocean.com/community/tutorials/initial-ser...

I've created a simple ansible playbook that implement most of the steps in the guide.


While I do like Digital Ocean and it's perfectly fine solution, I like and use Scaleway.com which is slightly cheaper, at least for small projects and I would say equally easy to use and reliable.

This. This makes good sense, at least to try it out. I think DigitalOcean has a 60-day trial like most server providers. Vultr also has similar packages to choose from.

Don't worry about all that security / docker with a MVP, you can deal with that once you know your project is solving a problem and you need to scale.

My personal recommendation is a small VM in Google Cloud for the app and another small managed postgres server (backups automated). GCloud is easier to get started with and they automatically migrate your app VM if there are hardware problems. This would run you less than $50 (~30 ballpark) per month. The other consideration is https (mainly for not appearing dangerous in the browser).

(Boycotting AWS)

This comment hits the nail on the head for me.

Pick a cloud provider. Spin up an instance that will be your server. Spin up an instance that will be your DB. Make your DB only listen to your server instance. Make your server instance only listen on port 80/443.

As long as your app isn't vulnerable to SQL injection type stuff, that's probably enough security for an MVP, and this kind of set up puts you on the right track for scalability.

Source: am DevOps.

Me too :]

Why the boycott? (serious question)

Bezos and Amazon and the way they conduct / carry themselves. I no longer respect him as a leader or role model.

Plus the DX and quality of GCloud is way better than AWS, I just don't get why everyone is so into AWS...

I agree entirely. Especially after the realization made in this link: https://www.cnbc.com/2019/02/12/microsoft-google-cloud-pitch...

I think the nerd-on people get from AWS comes from two places. One the Amazon brand; most people have an Amazon Prime account and source a lot of their household products or small item stuff from Amazon. Second is that Amazon was first to market with a robust and comprehensive cloud, so there are a ton of learning courses to get people up to speed on AWS fast.

I wonder how the conversation around the phallic smile logo goes. I could imagine they have a jolly good laugh about shipping it to all these people. Surprised the SJWs and metoo movement haven't taken issue

Docker is about uptime, consistency, integrity, CI/CD, etc. If you're just testing stuff, and won't notice a day or two of downtime, you can skip it for now (but it does make things easier once you learn it).

Always keep working backups of whatever you want to have on your server. Expect your server to get erased at any moment without previous notice, be aware of how much data are you willing to lose in case of a failed restore.

If you're processing user data, be aware of applicable data protection laws (if any).

Security is only relevant if you become somewhat popular, or you plan on leaving the project completely unattended for a longer period of time (don't, you will most likely get hacked). Otherwise, apply basic security measures and don't sweat it too much until you actually start having something worth protecting. Erasing and re-creating a server/instance from scratch is acceptable and secure enough in the beginning.

Might check out AWS Lambda for the Rust backend, I usually use a SAM config to deploy (https://aws.amazon.com/blogs/opensource/rust-runtime-for-aws...).

For the DB, you could then use RDS, a managed postgres service, looks like it supports Postgis: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appen...

DigitalOcean offers the basics with a straightforward API and UI for management at an affordable price. It won't have the offerings of AWS or GCloud, but if you ever need to move to a larger provider, you're guaranteed to have what you're using at DO. I'd go with DO until you have a reason to switch.

First piece of advice: Relax, don't sweat it too much. I 'hosted' my first side project on a Raspberry PI. My second was on an AWS EC2 instance on the tiny free tier. Nothing wrong with having the db and the app on the same server (in my case Python and Postgres). The projects were mostly for fun though, and I was not worried about scaling or anything like that, but it was quick, cheap and easy.

If you are worried about scaling (which would be a nice problem to have), you can still start out on AWS (or another provider's) free tier, and then just upgrade the instance if you start getting an uptick in use. If you are lucky enough to out grow vertical scaling, then you will have plenty of motivation to figure out the horizontal part. Just carve out an afternoon to sort it out. And if you are really ambitious, try setting your app up on multiple providers. After the first one is up, figuring out the others should be easier (cause they all basically do the same thing), and then you can play around with them and stick with the one you like best. Might cost a little more initially, but could help put your mind at ease.

Regarding security, just make sure you are salt+hashing users passwords. You can worry about the other stuff later. And as others have mentioned, if you do one thing, make sure you backup your database. You can start by just doing it with a daily crontab (or even do it manually if you really need to). It your app crashes, you can always restart it, but if you loose the db, you are hosed.

Also, you might want to consider getting some test users (friends, family) to poke at it before releasing it into the wild. This will help you surface any bugs. If this is your first web app, I would rate your odds of having issues large enough to ruin your launch as: 95% chance due to bugs | 4.5% chance due to scaling issues. | 0.5% chance due to security issues. If a site is getting the HN hug of death, it usually peaks my interest more, and I will bookmark and come back to it. But if its buggy as hell, I loose interest right away.

I used DigitalOcean for my food based web app. I would definitely recommend them.

The skills to setup and maintain the machine are valuable to learn. I would recommend documenting everything as you may not remember everything you initially did. One example would be how to backup your database, or another how to upgrade your database when a security patch comes out.

Some things I did that were helpful:

Stick with long term support (LTS) versions of the linux you choose as this will minimize how often you have to upgrade things.

If you can automate security patches, do so ( Debian and Ubuntu have this )

Setup something like fail2ban to help monitor and block intrusions.

setup key less ssh access.

put your web app behind a proxy like nginx and have it handle the https

One of the more difficult parts of self hosting with a service like digital ocean is managing your own database. Luckily DO just introduced managed postgres databases. Also you can use DO load balancer so you don't have to manage a load balancer and deal with setting up let's encrypt ssl certs, and only have to worry about deploying your web app. I wouldn't go with docker for production just yet because while docker is great for immutable servers and dev/ops parity, it makes things like secret management, logging and monitoring more complicated.

Heroku isn't a bad option.

I second Heroku. Definitely the most simple setup option.

I third Heroku.

I fourth Heroku.

I fifth Heroku.

Caveat: I have not worked with Rust. The comments below suggesting Heroku, DigitalOcean and other PaaS are good starting points. However, I want my side projects to be able to handle arbitrary load without managing additional infrastructure.

I design my current web apps to work using serverless functions https://serverless.com/ This ensures that if my applications become popular, I will not have to do additional infrastructure work to scale. I use a cloud provider managed database (AWS DynamoDB, RDS for Postgresql) so I don't need to worry about managing that either.

There is a steep learning curve! A quick Google search shows that Rust serverless is in its infancy (https://github.com/softprops/serverless-rust). Also, if you need to have bi-directional communication using WebSockets (or something comparable), the options you have to work with are limited (AWS AppSync is what I am currently struggling with)

That being said, it has been an extremely challenging and rewarding experience, migrating my personal projects.

If you are in Europe you can also check out Hetzner Cloud. Pricing is way way better than everything else. You have to manage it yourself though, but it's easier than you might expect and you are learning something new on the way.

I was about to suggest Hetzner Cloud as well, but wasn't sure if OP is looking for IaaS (like Hetzner Cloud) or PaaS.

I always recommend https://codemason.io/

I use it for my own web app, and it is perfect. The support I get from Ben (the founder) is awesome. He knows a lot about devops and is a very kind person.

It will take care of all the configuration for you and still let you choose your hosting (mine is DigitalOcean). It uses Docker, so learning a little bit of it would help.

Azure App Service is totally free for small instances.

I am writing a book exactly for this purpose right now.

For someone making a project and asking "how do I host it now?". My pre-release is still ~3 months far away, so you cannot buy it now, but if you would like to learn the deployment yourself at some point, here it is:


What I recommend is to learn the fundamentals right and start with Bash before jumping to more complex config management tools. Even if your deployment process won't be smooth in the beginning (copy files, setting something manually) do not underestimate the security aspect - you owe it to your users to protect their data.

And avoid ANYTHING you don't need right now. Avoid Docker and the whole universe of tools around Kubernetes. I imagine with Rust you can easily deploy one binary with systemd unit, PostgreSQL service from the OS, set up NGINX and SELinux and you are done.

Someone here said Docker is about uptime. What the *? Docker is additional layer where something can go wrong so by definition it won't be better than just a systemd service.

What kind of budget are you on?

Minimal. I don't expect this to make a raft of money any time soon, so I'm looking for a good balance between hands off and cheap. I'm hoping $50/month will be towards the upper end of cost, but I could go higher if needed.

I use Linode to host all my side project. It's similar to Digital Ocean offerings and so far work pretty fine.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact