48 comments

[ 2.7 ms ] story [ 70.4 ms ] thread
(comment deleted)
Super useful. Makes the Hetzner choice a strong one for me.
Turning these two css settings off improved the UI/UX of the blog a thousand times:

pre { margin: 2rem 0 !important; padding: 1rem !important; }

Each code block has such giant padding and margins that you can only read 3 lines of text in a viewport.

Also, I would suggest installing Webmin/Virtualmin which takes care of a lot of issues like deploying new subdomains or new users.

Kinda weird - Coolify doesn't come up except in the first and last paragraphs. Seems like the page is incomplete or just mis-titled.
It’s a classic marketing “trick”: name-drop multiple related-ish companies, even if the product applies only to one of them.
AI slop. Coolify was probably used in the original message, before OP pivoted the article to a barebone setup.
Cool guide

https://hostup.se/en

Is much cheaper than hetzner and still in Europe.

Much cheaper?

  Hetzner
  CX22  vCPU 2 4GB 40GB 20TB Traffic € 3.79 
 
  Hostup
  VPSXS vCPU 2 4GB 50GB  2TB Traffic € 3.54
As another commenter pointed out, the pricing is very similar. They charge more for networking though and they're not as well-connected as Hetzner:

Hetzner: https://bgp.he.net/AS24940

Hostup: https://bgp.he.net/AS214640

Hetzner also has extra features like firewalls and whatnot that it doesn't seem Hostup has.

This is the best example of documentation I’ve seen posted here in a very long time.
Check out the wide breadth of tuts provided by Digital Ocean. This is just one post, misleadingly titled at that, whereas DO has LOADS of excellent and clearly explained tuts.
The production app setup section should probably be replaced by Docker. Much more repeatable and easier to configure these days.
Hetzner is great, but it has some minor region problems and SLO issues, so you want to have a fallback to degrade gracefully.

I set my clients up with Hetzner for the core, and front it with Cloudflare. You can front KEDA scaled services with Cloudflare containers and you're pretty much bulletproof, even if Hetzner shits the bed you're still running.

Hetzner has been a very reliable provider for our hosting. We combine it with Cloud 66 for server hardening and deployment automation at a fraction of the cost of a PaaS
Every step to improve raw hosting as an alternative to full cloud offering is a blessing.

Cloud pricing no longer makes any sense.

I recently migrated one of my FreeBSD servers to hetzner and it was a breeze. The only wrinkle was that, until you've completed a billing cycle, you can't host an email server as the required ports are blocked.

For me this was fine and I understand why they do this but it wasn't clear to me at the start.

Great summary for beginners like me! Definitely bookmarking it.

One negative feeling however is that the author didn't mentioned Coolify in the article while being stated in the title :(

Another good article on the same topic that I have already bookmarked is: Setting up a Production-Ready VPS from Scratch (https://dreamsofcode.io/blog/setting-up-a-production-ready-v...)

To expand my knowledge on this topic, generally, after I finish reading this type of content, I copy the article link, put it in an LLM and prompt it:

"here's an article on 'topic name/article title': https://article.link. Grasp it, analyze it then expand each section mentioned from your own knowledge. Add additional sections relative to the subject"

Thank you for that useful link. I've bookmarked it as I usually go through the similar steps once in a while and I forget each, what needs to be done exactly.
it is even simpler then that: hetzner has a pre-build coolify/ubuntu image you can use on server setup/buying process
I clicked the article because I wanted to hear about Coolify, but its not mentioned at all beyond the article tag, intro, and closing statements. I don't think Coolify should be mentioned at all.

This article is really about preparing a VPS for Coolify deployment, but stops short of Coolify setup AFAICT

Beautiful, thanks!

There are many variations you can do. I would recommend caddy instead of nginx for beginners these days.

Hetzner is one terrible company to do business with and I wouldn't recommend their shit client service to anyone. I tried to make data backup work with one of their low cost storage boxes only to have them entirely block my nascent account, demand I hand over ID copies for identity verification and even take a photo of myself to make sure my face matches. Really? Who the fuck are you to demand this? Why don't I go to Wasabi or Backblaze B2 and just... pay for shit to receive it reliably, with no further problems.

I have seen that they do this very frequently to many people for all kinds of convoluted reasons, and often block accounts that have years running because they don't please the requirements of such a demand out of the blue (but without clarifying why they didn't comply well enough)

For example, the Reddit page for Hetzner has no shortage of desperate clients suddenly blocked, and trying to read the corporate runes of this company's policies and whatever means of appealing can be improvised, just so they can regain access to some service they'd come to depend on.

Imagine depending on that for your personally important backend infrastructure or data backup. No thanks, fuck them.

Great guide, but I disagree on the firewall settings, specially using Hetzner. If you only need this simple configuration, their firewall solution is more than enough, and do a great job "outsourcing" the problem.

If you want to get a bit more fancy than just using their panel for it, you can configure via API: https://docs.hetzner.cloud/reference/cloud#firewalls

Does anyone have objections against Hetzner's firewall solution that I'm not aware of?

VPS just means a rented VM right?

I only know a little bit about what Google does to secure the VMs and hypervisors and that the attitude several years ago was that even hardened VMs weren't really living up to their premise yet.

When using one of these cost-focused providers do people typically just assume the provider has root in the VM? I sometimes see them mentioned in the context of privacy but I haven't seen much about the threat model.

Does it miss 443 port config on ngnix?
>Restrict SSH to your IP (optional but recommended)

That's dangerous, because what if your IP changes? You'll be locked out?

>Unattended-Upgrade::Mail "your-email@example.com";

Interesting. How does this work? Will the emails go to spam?

I only clicked this to see if Coolify could be a compelling option against my current setup, of using Docker Compose for everything on my VM (including a private Docker registry for my images, and a Traefik frontend proxy to route it all).

Zero actual mention of Coolify, and the manual steps to PREPARE for it seem far more complicated than, "Just base your VM on the Docker Compose base image, and then tweak a couple things".

I'll stick with what I have. Nice advantage is that I can migrate from host to host and 99% of it is just copying the Docker Compose YAML file.