Do not underestimate the power of a single server to host you app. Sure it won't work in _all_ situations but omg you can get so much out of a single $30/month VPS .. we've been indoctrinated that everything needs to be on hyperclouds and mega scale. But that brings so much cost and complexity that most applciations don't need.
100%. And super easy to scale up to a certain point. Alternatives have it's place though (PaaS is excellent for 100% product focus in limited timeframe, cloud/orchestration when you have scale, Kamal in Rails world is a neat middleground for some extra robustness).
Something worth adding to the list: Enable rate limiting.
I'm also running my business on a single server, works perfectly, except for one time when someone tried to find some content with hash IDs through bruteforce. No problem, a tiny VPS can handle one malicious user. Except the amount of errors logged by nginx filled up the disk.
You put your reverse proxy on a publicly available machine then through strict firewalls only accept communication to your back end from the reverse proxy; effective leverage VPCs to make your backend not be on the public Internet. That should allow you to filter out malicious users without affecting your actual application and it's trivial to scale your reverse proxy horizontally or reach for a WAF if you have the need/desire.
I'm using external "send-only" SMTP server (Sendgrid) and Google Workspace as receiving/sending. Email itself is something that I'm not keen on DIYing (though I looked into it and other SMTP alternatives).
I want to upvote this 100x
Do not underestimate the power of a single server to host you app. Sure it won't work in _all_ situations but omg you can get so much out of a single $30/month VPS .. we've been indoctrinated that everything needs to be on hyperclouds and mega scale. But that brings so much cost and complexity that most applciations don't need.
100%. And super easy to scale up to a certain point. Alternatives have it's place though (PaaS is excellent for 100% product focus in limited timeframe, cloud/orchestration when you have scale, Kamal in Rails world is a neat middleground for some extra robustness).
Something worth adding to the list: Enable rate limiting.
I'm also running my business on a single server, works perfectly, except for one time when someone tried to find some content with hash IDs through bruteforce. No problem, a tiny VPS can handle one malicious user. Except the amount of errors logged by nginx filled up the disk.
Nice setup! I think containerization is worth considering if you have multiple applications.
I run 5-7 on one server, with DB, using CapRover on a $5/month Hetzner server. Serve probably around 5k users.
This looks like a "send-only" server.
> sudo ufw default deny incoming
Seriously, what does one do when accepting connections, given the onslaught of data-hungry bots out there?
I wouldn't want to deal with that in any upcoming planned servers and services.
You put your reverse proxy on a publicly available machine then through strict firewalls only accept communication to your back end from the reverse proxy; effective leverage VPCs to make your backend not be on the public Internet. That should allow you to filter out malicious users without affecting your actual application and it's trivial to scale your reverse proxy horizontally or reach for a WAF if you have the need/desire.
I'm using external "send-only" SMTP server (Sendgrid) and Google Workspace as receiving/sending. Email itself is something that I'm not keen on DIYing (though I looked into it and other SMTP alternatives).
its a typical web server setup. Only incoming allowed is http, https and ssh.
Note 2 says it uses Sendgrid for email. The server is for the web app.