Ask HN: Advice for Hosting and Deploying My Side Project
I'm finally starting to wrap up the MVP of my web app which is my side project. Now I'm starting to look at how I'm going to host it, and I'm getting overwhelmed with the number of options. My background is in desktop\embedded code, so I've not really had to deal with this much before. My app is written in Rust on the Rocket framework and uses PostgreSQL and PostGIS.
I was originally looking at Digital Ocean, however I'm thinking that managing that might be too much work for me, and it will be too easy to make a stupid security mistake. I'm currently looking at https://www.clever-cloud.com/en/rust-hosting which seems safe and easy. Are there better options?
Should I not try and ignore this stuff and spend the time like learning something like Docker instead?
Any other tips? Anything I'm overlooking?
36 comments
[ 3.1 ms ] story [ 87.2 ms ] threadMy personal recommendation is a small VM in Google Cloud for the app and another small managed postgres server (backups automated). GCloud is easier to get started with and they automatically migrate your app VM if there are hardware problems. This would run you less than $50 (~30 ballpark) per month. The other consideration is https (mainly for not appearing dangerous in the browser).
(Boycotting AWS)
Plus the DX and quality of GCloud is way better than AWS, I just don't get why everyone is so into AWS...
I think the nerd-on people get from AWS comes from two places. One the Amazon brand; most people have an Amazon Prime account and source a lot of their household products or small item stuff from Amazon. Second is that Amazon was first to market with a robust and comprehensive cloud, so there are a ton of learning courses to get people up to speed on AWS fast.
Pick a cloud provider. Spin up an instance that will be your server. Spin up an instance that will be your DB. Make your DB only listen to your server instance. Make your server instance only listen on port 80/443.
As long as your app isn't vulnerable to SQL injection type stuff, that's probably enough security for an MVP, and this kind of set up puts you on the right track for scalability.
Source: am DevOps.
If you are concerned about security, just follow the "simple" steps below
https://www.digitalocean.com/community/questions/best-practi...
.. it's mostly just typing stuff in a terminal
You can probably skip 10, 11, 14, 15, 16, 17 (in the short run)
If you want to automate this, you can learn Ansible (or Fabric fabfile.org) but that is probably premature
Just make sure you have a backup of everything on your server (nobody is going to take that more seriously than you, specially for customer data)
For scaling, they have some simple Load Balancers now (pick the correct region where it is available) ... used to have to do some DNS-based load balancing before (AWS R53). Again, probably premature but it can be done without too much pain once you get there
I use ubuntu on my droplets following this guide https://www.digitalocean.com/community/tutorials/initial-ser...
I've created a simple ansible playbook that implement most of the steps in the guide.
https://github.com/bjacobt/digitalocean-ubuntu-ansible-setup
- Static Websites on one $5 Droplet with Server Blocks: https://www.digitalocean.com/community/tutorials/how-to-set-...
- Web Applications on one $5 Droplet with Dokku: https://www.digitalocean.com/products/one-click-apps/dokku/
In case if you are interested, I explain my setup over here: https://www.robinwieruch.de/deploy-applications-digital-ocea...
I would have also suggested https://nanobox.io/ - but their pricing is no longer transparent (used to be pretty cheap). It would also involve dockerizing your app.
As for clever cloud, their Rust support is in beta...
I'd spend a short amount of time on Heroku though, if all goes well that's the best option for an MVP IMO
https://elements.heroku.com/buildpacks/rhelmer/heroku-buildp...
Note I haven't done this, but it turned up in a search.
For the DB, you could then use RDS, a managed postgres service, looks like it supports Postgis: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appen...
If you are worried about scaling (which would be a nice problem to have), you can still start out on AWS (or another provider's) free tier, and then just upgrade the instance if you start getting an uptick in use. If you are lucky enough to out grow vertical scaling, then you will have plenty of motivation to figure out the horizontal part. Just carve out an afternoon to sort it out. And if you are really ambitious, try setting your app up on multiple providers. After the first one is up, figuring out the others should be easier (cause they all basically do the same thing), and then you can play around with them and stick with the one you like best. Might cost a little more initially, but could help put your mind at ease.
Regarding security, just make sure you are salt+hashing users passwords. You can worry about the other stuff later. And as others have mentioned, if you do one thing, make sure you backup your database. You can start by just doing it with a daily crontab (or even do it manually if you really need to). It your app crashes, you can always restart it, but if you loose the db, you are hosed.
Also, you might want to consider getting some test users (friends, family) to poke at it before releasing it into the wild. This will help you surface any bugs. If this is your first web app, I would rate your odds of having issues large enough to ruin your launch as: 95% chance due to bugs | 4.5% chance due to scaling issues. | 0.5% chance due to security issues. If a site is getting the HN hug of death, it usually peaks my interest more, and I will bookmark and come back to it. But if its buggy as hell, I loose interest right away.
Always keep working backups of whatever you want to have on your server. Expect your server to get erased at any moment without previous notice, be aware of how much data are you willing to lose in case of a failed restore.
If you're processing user data, be aware of applicable data protection laws (if any).
Security is only relevant if you become somewhat popular, or you plan on leaving the project completely unattended for a longer period of time (don't, you will most likely get hacked). Otherwise, apply basic security measures and don't sweat it too much until you actually start having something worth protecting. Erasing and re-creating a server/instance from scratch is acceptable and secure enough in the beginning.
For someone making a project and asking "how do I host it now?". My pre-release is still ~3 months far away, so you cannot buy it now, but if you would like to learn the deployment yourself at some point, here it is:
https://vpsformakers.com/
What I recommend is to learn the fundamentals right and start with Bash before jumping to more complex config management tools. Even if your deployment process won't be smooth in the beginning (copy files, setting something manually) do not underestimate the security aspect - you owe it to your users to protect their data.
And avoid ANYTHING you don't need right now. Avoid Docker and the whole universe of tools around Kubernetes. I imagine with Rust you can easily deploy one binary with systemd unit, PostgreSQL service from the OS, set up NGINX and SELinux and you are done.
Someone here said Docker is about uptime. What the *? Docker is additional layer where something can go wrong so by definition it won't be better than just a systemd service.
I use it for my own web app, and it is perfect. The support I get from Ben (the founder) is awesome. He knows a lot about devops and is a very kind person.
It will take care of all the configuration for you and still let you choose your hosting (mine is DigitalOcean). It uses Docker, so learning a little bit of it would help.
I design my current web apps to work using serverless functions https://serverless.com/ This ensures that if my applications become popular, I will not have to do additional infrastructure work to scale. I use a cloud provider managed database (AWS DynamoDB, RDS for Postgresql) so I don't need to worry about managing that either.
There is a steep learning curve! A quick Google search shows that Rust serverless is in its infancy (https://github.com/softprops/serverless-rust). Also, if you need to have bi-directional communication using WebSockets (or something comparable), the options you have to work with are limited (AWS AppSync is what I am currently struggling with)
That being said, it has been an extremely challenging and rewarding experience, migrating my personal projects.
The skills to setup and maintain the machine are valuable to learn. I would recommend documenting everything as you may not remember everything you initially did. One example would be how to backup your database, or another how to upgrade your database when a security patch comes out.
Some things I did that were helpful:
Stick with long term support (LTS) versions of the linux you choose as this will minimize how often you have to upgrade things.
If you can automate security patches, do so ( Debian and Ubuntu have this )
Setup something like fail2ban to help monitor and block intrusions.
setup key less ssh access.
put your web app behind a proxy like nginx and have it handle the https