Introduction #
I am using a VPS, a Virtual Private Server, hosted by someone other than the big cloud providers like Amazon and Google for a couple of reasons. First of all I only looked at Amazon and Google briefly, and didn’t really understand their offering. I realized later that I should have looked in the “compute” category, and not their entire product catalogue to find what I wanted, but that is another story. The second reason is cost, or more correctly, predictability of cost.
With the more traditional VPS providers, you normally pay for usage per the hour up to a given max, which is the specified monthly cost. So you get the benefit of only paying for what you use, if you spin up a server for only a couple of days to test something you only pay for those hours, but you also only pay the max amount of the plan should you forget to turn it off again. Another benefit is that if something happens like a process running wild and hogging all the available CPU, you still only pay the monthly cost for the plan. Now you might get your plan cancelled or available CPU throttled if it happens a lot, but the cost is given.
The exception is outgoing bandwidth of which there is normally a given amount included in the plan. It should for most cases be sufficient, it is for sure for my low traffic pages, but obviously your needs are probably different from mine. If you exceed whatever outgoing amount is included, it seems 1000 GB or 1 TB is standard, then you will have to pay for the extra usage. Fortunately data usage is not prohibitively expensive, for Digitalocean it is currently $10 per extra terrabyte of outgoing data, so you’re probably not going to get a surprise bill of thousands or even tens of thousands of dollars one month.
Digitalocean #
The provider I have the most experience with is Digitalocean. They have a decent amount of physical locations, and it’s nice to get one close to you to reduce lag when SSH’ing into it. They mostly support Linux now unfortunately, and are a little more expensive than other providers, but in my experience they provided a very stable service with no downtime. Another advantage is their cloud firewall which you can put in front of your server, so most of the persistent bot scans for open ports and services never reaches your server. I used them when they supported FreeBSD, but they unfortunately stopped supporting it in 2022. If you had a FreeBSD server with them at that time you could continue running it though, and can still today, but they don’t let you install FreeBSD on a new droplet. (At least not easily.)
Another advantage is that you can quickly spin up a server in one of their locations, delete it when not needed and only pay for the time it was running.
One disadvantage of Digitalocean is that they don’t support IPv6 properly. Yes
you can get IPv6 addresses from them, but you only get 10 addresses! The
standard for IPv6 is that a /64, or 18,446,744,073,709,551,616 addresses is the
minimal allocation, however wasteful that might seem. Normally you would be
assigned something like this: 2a03:1234:5678:9abc::/64 which we can expand
to this for the addresses you can use:
From: 2a03:1234:5678:9abc:0000:0000:0000:0000
To: 2a03:1234:5678:9abc:ffff:ffff:ffff:ffff
And anything in between those. See how the first four groups of numbers are the same? They are considered one subnet, and the smallest one in IPv6, so anything after that is normally up to you to use however you like.
This has a practical disadvantage if using Docker for instance. Docker has
quite strict limits on how many images you can pull down per day if you are
not logged in and are not a paying customer. In order to identify you when you
are not logged in they use your IP address. Can you see where this is going
yet? Given “everyone” considers anything starting with 2a03:1234:5678:9abc:
to be the same customer, while Digitalocean uses 2a03:1234:5678:9abc: for
all their customers, you probably won’t be able to pull docker images using
IPv6 on Digitalocean, as resource limits have been exhausted by someone else
already. The solution then is to either create and account and log in, or
only pull images with IPv4. And to be absolutely correct, they don’t have one
/64 for all their customers, but probably one /64 per site. But still. It
might be nit-picking, but I was surprised to learn about this and experienced
the consequence of it myself.
I digress. Back to VPS hosting providers.
Hetzner #
The provider I am using is Hetzner. They are quite strict about who can become their customer, as is their perogative. I think that is nice as it keeps the abusers out and it lets them provide a very good and stable service cheaper than others. On Digitalocean I can get a single AMD CPU, 1GB RAM, 25 GB disk and 1TB transfer for $7 a month. (Taxes will be added to that if applicable.) On Hetzner I can get 2 AMD CPUs, 2GB RAM, 40 GB disk and 20TB transfer (!) for €4.35/month. Again taxes will be added to that if applicable. Hetzner also has the option to not have an IPv4 address and save €0.5/month if you don’t need it. They also gives you a full /64 IPv6 subnet to use, avoiding the docker problems I experienced on Digitalocean.
Hetzner also provides a cloud firewall, preventing all unwanted traffic from reaching your server. I log everything that reaches closed ports on my server and for both Digitalocean and Hetzner, those logs are empty. Nice!
Hetzner is also extremely stable, and I’ve experience no downtime for the 4 months or so I’ve been a customer there. My server has obviously been down during those 4 months, but that is my own doing due to kernel updates or similar.
Hetzner has the same advatange as Digitalocean in that you can quickly spin up a server to test something, take it down again and only pay for the time you had it running.
OpenBSD.Amsterdam #
If you are interested in running something other than Linux I can recommend OpenBSD. They probably have the best man-pages of all for one thing and given their focus on security, I also feel a little more confident experimenting with different services when using OpenBSD.
Enter OpenBSD.Amsterdam
They specialize in OpenBSD and basically only have one plan where you get 1 CPU, 1 GB RAM and 50 GB disk for €69/year. Network usage is unlimited, but fair-share, so be nice to your neighbours! You can get extra RAM or disk by paying extra for it.
What might be considered a disadvantage is that you have to pay for a full year up front, so if you just want to try OpenBSD and see if it is for you this might not be the service to try.
Another disadvantage is that OpenBSD feels kind of slow to use and software support is limited. Do you want to try bun for instance? Good luck with that! Zig, which is the language Bun is built in is not very well supported on OpenBSD and so trying to compile things was way over my head.
Want to try something a little less experimental, like Deno? At the time of this writing, Deno 2 has been out for quite a while, but the latest package in OpenBSD is version 1.45.5. If you want another version you have to try and compile it yourself.
Even Nodejs
is not well supported with only version 20.17 being available. Want to use
nvm to manage Node installations? Well, OpenBSD isn’t supported as a compile-target
for Node officially, so you have to try and compile another version
yourself. Your mileage may vary of course, but I was not able to do it. While
you obviously can run Node 20.17 on OpenBSD, it feels kind of sluggish
compared to running it on Linux, where it feels “snappy”, meaning starting
and responding immediately. I’ve performed the same task on OpenBSD and
similarly specced Ubuntu Linux server, which was to read and parse some text
files and insert the data into a sqlite3 database. On my OpenBSD server it
took 2 minutes real time, while on Ubuntu it took around 40 seconds. So that’s
what I mean when I say OpenBSD feels a little slow to use.
Also, is OpenBSD really more secure than other operating systems? Some might disagree, see this for more information. My personal guess is that it definately is more obscure, and what I’ve seen is that software written to be secure on OpenBSD isn’t really portable to other operating systems, given their own special sauce way of doing things. Pledge for instance, which is a system call used to state what system calls the program use and need access to, which means other (dangerous) system calls won’t be available to the program. It is a good thing, for sure, but if it only exists on OpenBSD, programs making use of it can’t easily run on other operating systems.
OpenBSD comes with something called relayd which is used to accept incomming connections, do filtering, and then forward the connection to their destination. This is needed if you want to use OpenBSD httpd to serve web-pages and set headers like CSP in the response, as httpd does not support setting said headers itself. I’ve found this combination works quite well, though the same can probably be achived with just nginx. I have not tried to use Caddy with OpenBSD, as it looks less supported than nginx which seems to have been supported a while ago.
On the positive side, OpenBSD.Amsterdam provide the best console experience of
them all, or at least I think so! You access the console of your server by
SSH’ing into the host, which also runs OpenBSD by the way, and then use cu
to access it. Other providers mostly have a web-console where you have to
access the console from their web pages.
OpenBSD.Amsterdam also provide a very stable service. You can see their server CPU and network graphs here and that also shows their servers uptime. Looking at the OpenBSD errata page, there aren’t many issues at all, and so there is no need to reboot to update. They recently, on 2024-12-29 updated from OpenBSD 7.5 to 7.6 which is why the uptime is so low now. Before the update it was 220+ days.
1984.hosting #
1984.hosting is a provider located in Iceland, focused on powering their service using only green energy as well as having a particular focus on privacy. They mainly provide various Linux distributions out of the box, but once you get your server installed, you can go to the recovery options and choose a number of other operating systems, like OpenBSD.
You will have to pay for the full month up front, and located in Iceland, the latency to them was a little high for me so that is why I’m not using their services anymore. (The lag in SSH was noticable.) The 3-4 months I had a server there however, it was perfectly stable.
There was something a little strange with the Ubuntu mirror they had set up as default though. On July 1st when the news of a remote SSH vulnerability broke, there were no updates from said mirror. Checking the Ubuntu mirror pages, the mirror had supposedly been checked only a few hours ago, and was said to be up to date. This persisted for days. I got no response whatsoever from neither 1984 themselves, nor the people managing the mirror. I resolved the issue by switching to a different mirror, but found it disconcerning that Ubuntu supposedly checks their mirrors, says they are ok and up to date, while they really aren’t. Especially when it comes to security updates! I did check the mirror manually many times and could confirm it didn’t have the latest openssh packages available.
The last part is maybe not so much the fault of 1984.hosting, but again they had selected a local mirror that wasn’t being updated and did not respond when asked about it.
Another thing to note is that to cancel the service, per their terms they require at least 16 days notice before the service would be renwed, with a mail with a given subject sent to their billing address. The service will then be shut down when the period you have paid for ends.
Lowendtalk #
Moving on to perhaps more alternative territory, I discovered a page called Lowendtalk which is a forum for various companies offering VPS services. What they have in common is that their services are very cheap, some even extremely so. From this page I managed to get a deal for a 1 CPU, 1GB RAM, 10 GB disk for only €5 for a whole year! Yes, that is less than €0.5 per month! Sure, it isn’t fast and disk is limited, but it is located in one of the Hetzner datacentres and has been 100% stable since I got it a couple of months ago. While I won’t use it for anything “serious”, it is perfect for experimenting with.
Be aware when buying anything here though, as terms vary wildly and support staff, if there even is any, also varies a lot. One server I bought went down a mere 12 hours after I set it up, and the provider was not aware. It was not untill I, and probably a few others, pestered them about it that they noticed they had a hardware failure and moved us over to a different node. So for my first 24 hours of being a customer of this company, my service had been down for 12 hours, or only 50% uptime. It has been perfectly stable since then though so I was just unlucky with the box. Their support is extremely slow, and they keep claiming they have a huge number of tickets to go through, which I consider a bit of a red flag. If their services were stable, and they had decent self-support pages, I don’t think they would be overloaded with tickets.
With another provider I tried I experienced 3 crashes during the first 14 days, each leading to catastrophic disk corruption so I had to rebuild my server from scratch each time. Accoring to their terms they provide no uptime guarantee (!), not even a measly 95% or even 90%, so in theory they could let me install the server then shut it down and run away with my money. They wouldn’t be in business if they did that though, but just be aware you have no guarantees of the service actually being available when you want/need it.
These providers also seem to be provided by people working a regular 9-5, so if anything happens outside those hours, you’ll have to wait for support.
Having said all that though, you can get some fantastic deals here, so if you just want something to experiment with, I don’t think you can do better. Given you can get a quite powerful server for maybe only $15 total for a whole year, I’m not sure I have much grounds to complain.
So I’m not naming any names here, I don’t want to shame anyone as I could just have been unlucky, and like I said, you can get a server extremely cheap. Just do your due dilligence, read their terms, see other peoples experiences in their threads and decide what is good enough for you.
To finish this post I can share a youtube video I came across titled Setting up a production ready VPS is a lot easier than I though by Dreams of Code. He’s followed up with docker stack is my new favorite way to deploy to a VPS both of which I think is useful.