Check out the wide breadth of tuts provided by Digital Ocean. This is just one post, misleadingly titled at that, whereas DO has LOADS of excellent and clearly explained tuts.
Hetzner is great, but it has some minor region problems and SLO issues, so you want to have a fallback to degrade gracefully.
I set my clients up with Hetzner for the core, and front it with Cloudflare. You can front KEDA scaled services with Cloudflare containers and you're pretty much bulletproof, even if Hetzner shits the bed you're still running.
Hetzner has been a very reliable provider for our hosting. We combine it with Cloud 66 for server hardening and deployment automation at a fraction of the cost of a PaaS
I recently migrated one of my FreeBSD servers to hetzner and it was a breeze. The only wrinkle was that, until you've completed a billing cycle, you can't host an email server as the required ports are blocked.
For me this was fine and I understand why they do this but it wasn't clear to me at the start.
To expand my knowledge on this topic, generally, after I finish reading this type of content, I copy the article link, put it in an LLM and prompt it:
"here's an article on 'topic name/article title': https://article.link. Grasp it, analyze it then expand each section mentioned from your own knowledge. Add additional sections relative to the subject"
Thank you for that useful link. I've bookmarked it as I usually go through the similar steps once in a while and I forget each, what needs to be done exactly.
I clicked the article because I wanted to hear about Coolify, but its not mentioned at all beyond the article tag, intro, and closing statements. I don't think Coolify should be mentioned at all.
This article is really about preparing a VPS for Coolify deployment, but stops short of Coolify setup AFAICT
Hetzner is one terrible company to do business with and I wouldn't recommend their shit client service to anyone. I tried to make data backup work with one of their low cost storage boxes only to have them entirely block my nascent account, demand I hand over ID copies for identity verification and even take a photo of myself to make sure my face matches. Really? Who the fuck are you to demand this? Why don't I go to Wasabi or Backblaze B2 and just... pay for shit to receive it reliably, with no further problems.
I have seen that they do this very frequently to many people for all kinds of convoluted reasons, and often block accounts that have years running because they don't please the requirements of such a demand out of the blue (but without clarifying why they didn't comply well enough)
For example, the Reddit page for Hetzner has no shortage of desperate clients suddenly blocked, and trying to read the corporate runes of this company's policies and whatever means of appealing can be improvised, just so they can regain access to some service they'd come to depend on.
Imagine depending on that for your personally important backend infrastructure or data backup. No thanks, fuck them.
Great guide, but I disagree on the firewall settings, specially using Hetzner.
If you only need this simple configuration, their firewall solution is more than enough, and do a great job "outsourcing" the problem.
I only know a little bit about what Google does to secure the VMs and hypervisors and that the attitude several years ago was that even hardened VMs weren't really living up to their premise yet.
When using one of these cost-focused providers do people typically just assume the provider has root in the VM? I sometimes see them mentioned in the context of privacy but I haven't seen much about the threat model.
I only clicked this to see if Coolify could be a compelling option against my current setup, of using Docker Compose for everything on my VM (including a private Docker registry for my images, and a Traefik frontend proxy to route it all).
Zero actual mention of Coolify, and the manual steps to PREPARE for it seem far more complicated than, "Just base your VM on the Docker Compose base image, and then tweak a couple things".
I'll stick with what I have. Nice advantage is that I can migrate from host to host and 99% of it is just copying the Docker Compose YAML file.
48 comments
[ 2.7 ms ] story [ 70.4 ms ] threadpre { margin: 2rem 0 !important; padding: 1rem !important; }
Each code block has such giant padding and margins that you can only read 3 lines of text in a viewport.
Also, I would suggest installing Webmin/Virtualmin which takes care of a lot of issues like deploying new subdomains or new users.
https://hostup.se/en
Is much cheaper than hetzner and still in Europe.
Hetzner: https://bgp.he.net/AS24940
Hostup: https://bgp.he.net/AS214640
Hetzner also has extra features like firewalls and whatnot that it doesn't seem Hostup has.
I set my clients up with Hetzner for the core, and front it with Cloudflare. You can front KEDA scaled services with Cloudflare containers and you're pretty much bulletproof, even if Hetzner shits the bed you're still running.
Aside from that, which distro would you choose for Coolify? I’m debating between Ubuntu 24.04 and Debian 13.
Cloud pricing no longer makes any sense.
For me this was fine and I understand why they do this but it wasn't clear to me at the start.
One negative feeling however is that the author didn't mentioned Coolify in the article while being stated in the title :(
Another good article on the same topic that I have already bookmarked is: Setting up a Production-Ready VPS from Scratch (https://dreamsofcode.io/blog/setting-up-a-production-ready-v...)
To expand my knowledge on this topic, generally, after I finish reading this type of content, I copy the article link, put it in an LLM and prompt it:
"here's an article on 'topic name/article title': https://article.link. Grasp it, analyze it then expand each section mentioned from your own knowledge. Add additional sections relative to the subject"
This article is really about preparing a VPS for Coolify deployment, but stops short of Coolify setup AFAICT
There are many variations you can do. I would recommend caddy instead of nginx for beginners these days.
I have seen that they do this very frequently to many people for all kinds of convoluted reasons, and often block accounts that have years running because they don't please the requirements of such a demand out of the blue (but without clarifying why they didn't comply well enough)
For example, the Reddit page for Hetzner has no shortage of desperate clients suddenly blocked, and trying to read the corporate runes of this company's policies and whatever means of appealing can be improvised, just so they can regain access to some service they'd come to depend on.
Imagine depending on that for your personally important backend infrastructure or data backup. No thanks, fuck them.
If you want to get a bit more fancy than just using their panel for it, you can configure via API: https://docs.hetzner.cloud/reference/cloud#firewalls
Does anyone have objections against Hetzner's firewall solution that I'm not aware of?
I only know a little bit about what Google does to secure the VMs and hypervisors and that the attitude several years ago was that even hardened VMs weren't really living up to their premise yet.
When using one of these cost-focused providers do people typically just assume the provider has root in the VM? I sometimes see them mentioned in the context of privacy but I haven't seen much about the threat model.
That's dangerous, because what if your IP changes? You'll be locked out?
Interesting. How does this work? Will the emails go to spam?
Zero actual mention of Coolify, and the manual steps to PREPARE for it seem far more complicated than, "Just base your VM on the Docker Compose base image, and then tweak a couple things".
I'll stick with what I have. Nice advantage is that I can migrate from host to host and 99% of it is just copying the Docker Compose YAML file.