@@dreamsofcode Wow really an incredible video. I am expecting a more detailed video, especially about traefik and monitoring. And I have a confusion, you exposed port 8080, does that mean I can access your traefik dashboard?
I find that the difficulty in setting up a VPS properly does't lie in de setup itself, but knowing what things to setup in order to do it properly. This video is great in reminding you of the essentials to do so correctly and safely. Great video!
Thank you a million times for this video. I was looking for a way to get started with self hosted deployments and this video is a goldmine for information for me.
This video is a testament that it's easier and honestly better to go with the cloud provider like vercel or aws if your app doesn't have 500 active users. Just focus on writing features to attract the customers. This VPS approach can easily swallow a week of configuration. That being said, I do have a medium traffic app which costs me about $86 monthly between vercel and aws thanks to ELB and RDS. That's a lot of money for me, so I might look into alternatives, but not before I check how to use Serverless.
Another great point of VPS is that what you learn can be applied on multiple hosts. While learning how to deploy to the cloud will work only for one provider. VPS = Freedom! Well done!
Pleasantly surprised by how information dense and straight to the case this video is! About 9:55, the term "security by obscurity" has a bad connotation rightfully so, but in this case changing the default sshd port I'd say is really important. OpenSSH is a battle-tested application, by changing the port of the server you're adding an extra layer of protection. Security by obscurity is a bad when it's the only factor in your defenses, but as an extra layer can be do wonders. Your logs will have less spam, your bandwidth will be less wasted and in the worst case scenario of a 0-day you can buy yourself some time. On my previous job, I was so paranoid that I used a ssh bastion host with a non-default port while the target machine only accepted ssh traffic from within the network. This had the added bonus that the sshd exposure was minimal and reserved to only when I was working on the machine.
A while ago I noticed a sustained ~10 Mbps traffic on a very cheap VPS with a 100 Mbps link. It was all automated scanning of SSH from IPs in all the usual countries. Moving SSH to a high port wards of these low-effort scanners. If you're also running fail2ban, non-standard port means you don't end up with half the internet in your firewall rules.
@@iaadsi that would just be trading one protocol for another, both offering some attack surface. I just resort to using fail2ban and hardware SSH keys, disabling password based access. And if that is not hardened enough, I would forgo a classic OS entirely - using Talos Linux on bare metal to host the workload in Kubernetes, and having management of the host done the same way as Kubernetes does: API based, authenticated with client certificates.
Few months ago I (FE dev turned into Full Stack) struggled to setup a VPS to deploy as a testing env for a LAMP application, and later a React+JAVA app. This video covered many subjects that cost me days.
This video is amazing! i've been in the same boat as you feeling a bit "scared" of setting up a production VPS and this videos really makes it much more approachable. 100% gonna try this myself now. Thanks
In the past i used to deploy my stuff pretty similiar. Nowadays i do it using podman instead of docker, which also supports quadlets as container / network / pod definitions or if you like even kubernetes manifests and has podman auto-update included. That way you don't need to run a separate watchtower container, just add a label to containers that shuld be auto updated. Also it's daemonless and rootless which is pretty cool. You just have to allow non root users to bind to low ports sttarting at port 80 for http, so traefik can tcp bind there.
This is really great. Most of us have a vps with some app but I guess many have not containerized, load balanced, automated the deployment and implemented monitoring and observability. Thank you so much for your time on this.
0:00 - Introduction 1:17 - Make TODO list 3:25 - Ad of Hostinger 4:28 - Setting up Hostinger VPS 5:32 - Set up SSH 6:02 - Create new user account 6:25 - Add SUDO permission to new user 6:40 - Switch to new user 6:53 - TODO 1: Domain name setup 7:50 - Add TMUX 8:22 - TODO 2: Open SSH Haroening 10:19 - Check DNS recodes 10:33 - TODO 3: Go Web App Running 11:32 - Add Database and setup env 12:16 - Add Docker to VPS 13:47 - Setup docker image for web app and run 14:42 - TODO 4: Setup Firewall - UFW 17:12 - Setup Reverse Proxy - traefik 19:51 - TODO 5: Setup Load Balancer 21:14 - TODO 6: TLS Certificate 23:33 - HTTP Redirect 24:15 - TODO 7: Automated Deployments - Watchtower 27:58 - TODO 8: Monitoring
This was a great video DOC. One pendantic note: the æ in traffic is a symbol in IPA (International Phonetic Alphabet) for exactly the sound the "a" in traffic makes. Maybe not ideal to make branding that only appeals to Apex-level language nerds like myself, but it works 🙂
What I really appreciated from this video was a breakdown of how you sort of put together requirements. It would be great to have a more in depth video covering an overview. Something like the following. No need to go into too much depth but maybe each part a quick demo and things to consider. Road map Defining requirements (I like to use the WRSPM model) Assessing market value and profitability Evaluating whether or not it's a good idea? Perhaps a business model canvas or something. Wireframung UIs Designing architecture Setting up a site with a coming soon message perhaps a quick one with tailwind and astro. So you can copy paste ui elements straight in ans easily edit them. Basic GDPR compliance and considerations (privacy policy, cookie notice) astro markdown file. Maybe touch on analytics Adding a sign up and newsletter to the site Engaging with an audience. Getting feedback through surveys Basically everything you should do before you start coding.
Man, until yesterday, I only developed products in companies infrastructure, yesterday and thanks to you I managed to make my own multi-containers project online. Thanks a lot.
It's so rare to me for comment something on youtube, but you deserve it: THANK YOU A LOT. This is a gold mine. Very, very good! I have 15 years of exp and I never seen someone teach in such a simple an easy way.
Great summary! I don't really understand why people are so afraid of using VPS for production. It's not really that different from cloud bs, and companies usually have a sre team anyway 😂
@@victor141516 Will keep in mind that most cloud providers are providing software as well. People mostly go to clouds for the cloud specific software. I mean that's primarily the difference between the cloud and VPSsm
@@victor141516 You need to handle security yourself. You need to handle downtimes yourself. If your hoster goes down, your website does too. The benefit of these services is that they have an uptime of 99.99% which is on of the biggest selling points to use a cloud provider but you are right, a VPS is perfectly capable of running a production deployment.
VPS is bullshit for production, you should get a dedicated server for production in any case. If one VPS gets over its resource allocation it could affect your VPS... no way getting a VPS for an actual real production product...
@@jordixboy That's crazy cuz I've been hosting my production deployment on a vps for 1 year now. I totally agree with you on having issues when anything happens but as long as you keep an eye on your metrics, it'll be fine. Or go with a managed kubernetes cluster. As I said in my comment before which got deleted(???), is that you have to do a lot of maintance yourself. If you don't want that, then go with a dedicated or managed solution. But these can get expensive and if your product doest make any money yet, for some people that's too much. For data though, I got mongodb atlas which is expensive but data is important. If the website goes down its bad but fine. If you lose your data or get hacked you can shut down your service.
@@jordixboy vps is not a shared hosting, vps means virtual private server which as the name says it’s virtual and private and no vps can get over the allocated resource that’s one of the features of virtualisation
Next challenge for you: make all those steps part of your code. So you can spin up an instance of your app on any new Hostinger VPS 😉 As a Ruby developer, I've tried Cher recently. But I find its infrastructure very unclear and misleading. So I'm going to explore something simpler as a solo developer: Ansible maybe. In fact, I had a ToDo item on my "Do it later" list about making infrastructure as a code for a new VPS since I was 18. Your channel is the finding of the year for me. I highly appreciate the great video quality. Good job🎉
Great stuff! I would love to see you do a deep dive like this into observability. I feel like there are a billion different Grafana tools and like you mentioned, adding the LGTM or ELK stack would increase the complexity of this setup significantly. But observability is so valuable, so I’m really interested in your approach!
Nice video! I'm a huge proponent of running my stuff on VMs like this. One thing worth considering is to use something like tailscale for access to the server and configure SSHd+UFW to only be accessible over that. It is a little more secure and removes the constant annoyance of SSH scans. If you need to scale to more VMs they can talk to each other securely over tailscale even if they are on different providers.
I't the most straitforward, simple, extensive and on time vidoe I have ever seen I really was about to change setup to k8s or docker swarm and traefic and likely I saw this vidoe that pointed many potential issues before I start working in production thanks is not enough
In my opinion, this tutorial is the best practice for deploying applications to Servers from scratch to complex. I learn more about setting up my Server.
Really like this video, ground up from the first steps, clear and show the “howto parts” too. Thank you. Just a notice: Unfortunately Docker get updates frequently when you have to update/restart the whole service, and sometimes it cannot restart cause some reason (for example a config flag changed in the new version). The other sadly thing when the underlying docker image contains virus (crypto mining, bot, backeoor or other..) or just simple a bug. This is great for a small hobby or test project of course, but far from a “production” solution, theres a lot of single point of failure.
This was a cargo container load of value!!! It is so nice to see a youtuber posting a video of what he actually knows about rather than fumbling his way through pretending he does...
Nice Tutorial 🎉specially the TLS + HTTPS Part was very inspiring. But there is one thing you can add to the stack to lower costs and you are in control of monitoring: Uptime Kuma.
I expected some heavy ads and way of doing things that are integrated into hostinger's ecosystem. What I got was a bunch of really useful tips and info. Thanks a lot!
many thanks, I managed to set it up, the deploy part is slightly different for my use case but it took me only one day, which is much much better timing than a week :) Many thanks, you just made one more PROD to be up and running
But how will you be informed if Uptime Kuma is down? In this case, Uptime Robot is the better choise because it is not part of the systems to be monitored.
@@wi1h It´s a public service and when this goes down, your private homelab is not down, too. In this constellation, you have 2 different service-stacks.
@@Glatze603 but you'd set up uptime kuma on its own vps in a different region or whatever, so it's still two different "service stacks". or you can do it in your homelab with the vps outside of it, or vice versa i've had uptime kuma running on a free tier ec2 instance for about six years monitoring my homelab services, i've never had to touch it and it's never gone down
Another way to further harden SSH is by setting up a WireGuard VPN with the VPS and only allowing packets on port 22 through that VPN, thus achieving layered security. WireGuard also has a smaller attack surface than SSH.
Not using IaC I honestly don't consider as production ready, for which in this relatively simple case I'd probably pick Ansible. However this seems to be a pretty good step-by-step you can easily translate into an Ansible playbook. My main remark is that because you skipped the database setup locally, I don't see any mention of backups - which is something a lot of people forget, and absolutely critical for a production ready setup.
Agreed. Setting up a database for production ready is a more involved process. My main goal was to focus more on the application side rather than the database side of the equation
Great tutorial! I would also add a step to setup an auto run for the docker compose to run on boot. Cause once the server goes down for any reason, you would need to manually start the services again
This is so damn good. I setup my own VPS before on digitalOcean as a junior dev and it was shaky to say the least. Having everything outlined for me here is brilliant going to utilise this 100%
Please also consider IPv6 when deploying like this. It's easy enough to simply point an AAAA record of the same name to the server's IPv6 address and set any services such as a web server/load balancer to listen on [::], as well as to enable the firewall on IPv6. UFW will even add IPv6 records for you by default if you do not specify the address family explicitly.
I was about to comment about the lack of historical monitoring ability for the definition of production ready, but I appeciated your explanation at the end why you decided to just use a simple uptime monitor. I think your video definately has one of the realest takes on what considerations, challenges and viable solutions in the web development industry - not only that I am impressed you were able to create this on such a small budget. Would be interested to see you add log and performance monitoring on a budget aswell - if the off the shelf products exist and perhaps can be feasibly be run on the same box with a log retention of X amount Gbs or X amount of days. Again awesome video, I will share this with my team :)
I love using arch as server os for my side projects the arch wiki is a nice to have and unless you do some weird things it "should" never break. Ill update this comment until it does but right now rocking arch linux as a simple html/js/css website server for over a year and half
I would suggest also setting up the firewall directly in the VPS panel. This makes it so any accidental rules on the VPS don’t automatically expose the wrong ports (eg the docker iptables issue would be prevented). The obvious downside is that you need to define the rules twice.
Great Video! Very well paced and very informative. About the firewall, I have my VPS in digital ocean, and they provide a firewall layer outside the VPS. Using that I’m able to limit port access without having docker issues, this could also be a viable firewall strategy in your scenario
Great video, I was deploying my own app on a vps not that long ago and I wish I knew about traffic. Nginx is great, but sometimes it was a bit of a pain, as I practically never used it before. Traffic seems so nice with it's integrated docker compose, scaling and TLS capabilities
You can decrease the TTL to get the DNS propagation quick, but the downside is that the cache for these dns entries only live for small amount of time, meaning that the dns lookup times might go up a little. Also I would have gone with a debian image just because out of the box it is very lightweight and has like 10 processes at max running, with very less storage usage and RAM usage, Ubuntu always feels a little bloated
Awesome video as always! I have been through the same journey as you, and the outcome of that learning is the ecodev-infra repo (and an associated mkdoc documentation that may help some). There you might find dozzle interesting for quick logging, uptime-kuma (instead of uptime robot, might as well use the original OS tool ☺), more considerations on security (the ufw/docker correct interaction that you mentionned, modsecurity waf/fail2ban/secure headers via traefik...) and much more (like a simple bash script to automate the parts you did on setting up an user, installing docker, setting up ufw ...) ! Hope you can benefit from it as I benefited from your 2 channels! ☺
@@tuanvumaihuynh Thanks so much! 🥰 If you liked it, the follow up is the associated documentation, and then ecodev-app for a modern python (fullstack) web-app! Hope it can help others too! 😊I was so thrilled to see this video, if @dreamsofcode is doing it I cannot be that much in the wrong ahahah
That's the most amazing shit I ever seen on TH-cam, good job doing that kind of tutorial. I've been searching for something similar multiple times. Keep up the good work, mate.
To get your own VPS instance visit hostinger.com/dreamsofcode and use the coupon code DREAMSOFCODE
Cool video, hostinhee is fine but over all Hetzner is a lot better.
@@dreamsofcode Wow really an incredible video.
I am expecting a more detailed video, especially about traefik and monitoring.
And I have a confusion, you exposed port 8080, does that mean I can access your traefik dashboard?
@@dev-akeel When it was exposed you would have had access! But I removed it at the end of the video :)
@@dreamsofcode For yourself as well? Means you no longer have traefik dashboard access?
this dude lowkey uploaded one of the best tutorial out there for a good vps production setup
15+ Years experience and I still learned something thank you.
😢 me, more older, and learn
Dude I have so much respect for you. I can tell you write a script and you put so much effort into those vids. Mad respect dude!
I find that the difficulty in setting up a VPS properly does't lie in de setup itself, but knowing what things to setup in order to do it properly. This video is great in reminding you of the essentials to do so correctly and safely. Great video!
This definitely needs an accompanying article version to make it easier to follow (and honestly to copy-paste commands)
Thank you a million times for this video. I was looking for a way to get started with self hosted deployments and this video is a goldmine for information for me.
Dreams of Code is a legend.
This video is a testament that it's easier and honestly better to go with the cloud provider like vercel or aws if your app doesn't have 500 active users. Just focus on writing features to attract the customers. This VPS approach can easily swallow a week of configuration.
That being said, I do have a medium traffic app which costs me about $86 monthly between vercel and aws thanks to ELB and RDS. That's a lot of money for me, so I might look into alternatives, but not before I check how to use Serverless.
Another great point of VPS is that what you learn can be applied on multiple hosts. While learning how to deploy to the cloud will work only for one provider. VPS = Freedom!
Well done!
na not true dude. Almost all cloud providers offer the same services but with different names. Its all the same shit
@@jordixboy Yes and no. If you are using something proprietary you'll need to migrate. It isn't 1 click and done.
Pleasantly surprised by how information dense and straight to the case this video is!
About 9:55, the term "security by obscurity" has a bad connotation rightfully so, but in this case changing the default sshd port I'd say is really important. OpenSSH is a battle-tested application, by changing the port of the server you're adding an extra layer of protection. Security by obscurity is a bad when it's the only factor in your defenses, but as an extra layer can be do wonders. Your logs will have less spam, your bandwidth will be less wasted and in the worst case scenario of a 0-day you can buy yourself some time.
On my previous job, I was so paranoid that I used a ssh bastion host with a non-default port while the target machine only accepted ssh traffic from within the network. This had the added bonus that the sshd exposure was minimal and reserved to only when I was working on the machine.
A while ago I noticed a sustained ~10 Mbps traffic on a very cheap VPS with a 100 Mbps link. It was all automated scanning of SSH from IPs in all the usual countries. Moving SSH to a high port wards of these low-effort scanners. If you're also running fail2ban, non-standard port means you don't end up with half the internet in your firewall rules.
In my opinion using a high port becomes pointless nowadays, since IP scanners and databases like Shodan will discover SSH on a high port eventually.
@@klaernie So what's the best practice now? Hide SSH behind WireGuard?
@@iaadsi that would just be trading one protocol for another, both offering some attack surface. I just resort to using fail2ban and hardware SSH keys, disabling password based access. And if that is not hardened enough, I would forgo a classic OS entirely - using Talos Linux on bare metal to host the workload in Kubernetes, and having management of the host done the same way as Kubernetes does: API based, authenticated with client certificates.
@@klaernie thanks, I got some reading to do :)
Few months ago I (FE dev turned into Full Stack) struggled to setup a VPS to deploy as a testing env for a LAMP application, and later a React+JAVA app. This video covered many subjects that cost me days.
Thanks!
Thank you so much!
This video is amazing! i've been in the same boat as you feeling a bit "scared" of setting up a production VPS and this videos really makes it much more approachable. 100% gonna try this myself now. Thanks
In the past i used to deploy my stuff pretty similiar.
Nowadays i do it using podman instead of docker, which also supports quadlets as container / network / pod definitions or if you like even kubernetes manifests and has podman auto-update included. That way you don't need to run a separate watchtower container, just add a label to containers that shuld be auto updated. Also it's daemonless and rootless which is pretty cool. You just have to allow non root users to bind to low ports sttarting at port 80 for http, so traefik can tcp bind there.
Nice! Can you share anywhere to start reading up on this setup?
This is really great. Most of us have a vps with some app but I guess many have not containerized, load balanced, automated the deployment and implemented monitoring and observability. Thank you so much for your time on this.
This is by far the best technical video I've watched since a few years. Kudos to your efforts and best wishes from India! 👏
0:00 - Introduction
1:17 - Make TODO list
3:25 - Ad of Hostinger
4:28 - Setting up Hostinger VPS
5:32 - Set up SSH
6:02 - Create new user account
6:25 - Add SUDO permission to new user
6:40 - Switch to new user
6:53 - TODO 1: Domain name setup
7:50 - Add TMUX
8:22 - TODO 2: Open SSH Haroening
10:19 - Check DNS recodes
10:33 - TODO 3: Go Web App Running
11:32 - Add Database and setup env
12:16 - Add Docker to VPS
13:47 - Setup docker image for web app and run
14:42 - TODO 4: Setup Firewall - UFW
17:12 - Setup Reverse Proxy - traefik
19:51 - TODO 5: Setup Load Balancer
21:14 - TODO 6: TLS Certificate
23:33 - HTTP Redirect
24:15 - TODO 7: Automated Deployments - Watchtower
27:58 - TODO 8: Monitoring
THANKS 👍
This was a great video DOC. One pendantic note: the æ in traffic is a symbol in IPA (International Phonetic Alphabet) for exactly the sound the "a" in traffic makes. Maybe not ideal to make branding that only appeals to Apex-level language nerds like myself, but it works 🙂
I loved it enough to join your channel, something I don't do often. Keep up the great work you do!
TIL!
What I really appreciated from this video was a breakdown of how you sort of put together requirements. It would be great to have a more in depth video covering an overview. Something like the following. No need to go into too much depth but maybe each part a quick demo and things to consider.
Road map
Defining requirements (I like to use the WRSPM model)
Assessing market value and profitability
Evaluating whether or not it's a good idea? Perhaps a business model canvas or something.
Wireframung UIs
Designing architecture
Setting up a site with a coming soon message perhaps a quick one with tailwind and astro. So you can copy paste ui elements straight in ans easily edit them.
Basic GDPR compliance and considerations (privacy policy, cookie notice) astro markdown file.
Maybe touch on analytics
Adding a sign up and newsletter to the site
Engaging with an audience.
Getting feedback through surveys
Basically everything you should do before you start coding.
Man, until yesterday, I only developed products in companies infrastructure, yesterday and thanks to you I managed to make my own multi-containers project online.
Thanks a lot.
It's so rare to me for comment something on youtube, but you deserve it: THANK YOU A LOT. This is a gold mine. Very, very good! I have 15 years of exp and I never seen someone teach in such a simple an easy way.
Wow, thank you! I really appreciate that
Great summary! I don't really understand why people are so afraid of using VPS for production. It's not really that different from cloud bs, and companies usually have a sre team anyway 😂
@@victor141516 Will keep in mind that most cloud providers are providing software as well. People mostly go to clouds for the cloud specific software. I mean that's primarily the difference between the cloud and VPSsm
@@victor141516 You need to handle security yourself. You need to handle downtimes yourself. If your hoster goes down, your website does too. The benefit of these services is that they have an uptime of 99.99% which is on of the biggest selling points to use a cloud provider but you are right, a VPS is perfectly capable of running a production deployment.
VPS is bullshit for production, you should get a dedicated server for production in any case. If one VPS gets over its resource allocation it could affect your VPS... no way getting a VPS for an actual real production product...
@@jordixboy That's crazy cuz I've been hosting my production deployment on a vps for 1 year now. I totally agree with you on having issues when anything happens but as long as you keep an eye on your metrics, it'll be fine. Or go with a managed kubernetes cluster. As I said in my comment before which got deleted(???), is that you have to do a lot of maintance yourself. If you don't want that, then go with a dedicated or managed solution. But these can get expensive and if your product doest make any money yet, for some people that's too much. For data though, I got mongodb atlas which is expensive but data is important. If the website goes down its bad but fine. If you lose your data or get hacked you can shut down your service.
@@jordixboy vps is not a shared hosting, vps means virtual private server which as the name says it’s virtual and private and no vps can get over the allocated resource that’s one of the features of virtualisation
Next challenge for you: make all those steps part of your code. So you can spin up an instance of your app on any new Hostinger VPS 😉
As a Ruby developer, I've tried Cher recently. But I find its infrastructure very unclear and misleading. So I'm going to explore something simpler as a solo developer: Ansible maybe.
In fact, I had a ToDo item on my "Do it later" list about making infrastructure as a code for a new VPS since I was 18. Your channel is the finding of the year for me. I highly appreciate the great video quality. Good job🎉
This the best video I’ve ever seen on the topic! Great work!
Great stuff! I would love to see you do a deep dive like this into observability. I feel like there are a billion different Grafana tools and like you mentioned, adding the LGTM or ELK stack would increase the complexity of this setup significantly. But observability is so valuable, so I’m really interested in your approach!
I'll definitely do a series on observability! Maybe more SRE focused content as well!
Nice video! I'm a huge proponent of running my stuff on VMs like this. One thing worth considering is to use something like tailscale for access to the server and configure SSHd+UFW to only be accessible over that. It is a little more secure and removes the constant annoyance of SSH scans. If you need to scale to more VMs they can talk to each other securely over tailscale even if they are on different providers.
I't the most straitforward, simple, extensive and on time vidoe I have ever seen
I really was about to change setup to k8s or docker swarm and traefic and likely I saw this vidoe that pointed many potential issues before I start working in production
thanks is not enough
Damn this video needs to be bookmarked. One video covered for which i would have watched at least 10 to achieve all of the above.❤
In my opinion, this tutorial is the best practice for deploying applications to Servers from scratch to complex. I learn more about setting up my Server.
Really like this video, ground up from the first steps, clear and show the “howto parts” too. Thank you.
Just a notice: Unfortunately Docker get updates frequently when you have to update/restart the whole service, and sometimes it cannot restart cause some reason (for example a config flag changed in the new version). The other sadly thing when the underlying docker image contains virus (crypto mining, bot, backeoor or other..) or just simple a bug. This is great for a small hobby or test project of course, but far from a “production” solution, theres a lot of single point of failure.
This content is gold, it briefly summarises my 3 years of experience in 30 mins 👌🙏🏽
High quality content I have never seen before. This guy can beat 100 DevOps engineers snap of a finger especially those who teach DevOps in TH-cam 👍
The timing for this one was perfect haha, great video!
this is by far the best vps tutorial that I have ever seen, keep up man.
This is a really cool tutorial, not only do you teach tons, you also cover any step anyone else could've taken. Thanks!!
This was a cargo container load of value!!!
It is so nice to see a youtuber posting a video of what he actually knows about rather than fumbling his way through pretending he does...
I recently set up a homelab and this was the exact video I was looking for. Thank you so much for doing what you do!
That was awesome! I would love to see a observability implementation next.
That's the kind of video we love! Excellent work, and I really enjoyed the little animations with Traefik and Watchtower haha !
Dude, what was this video!? Learned more from the 30 minutes I spent here, than hours at classes in college.
what an awesome way to advertise a service. educating and selling at the same time
This was far most detailed video I've seen around VPS, Great!! 💯
Nice Tutorial 🎉specially the TLS + HTTPS Part was very inspiring.
But there is one thing you can add to the stack to lower costs and you are in control of monitoring: Uptime Kuma.
I expected some heavy ads and way of doing things that are integrated into hostinger's ecosystem. What I got was a bunch of really useful tips and info. Thanks a lot!
I don't know what to say other than thank you. You got a new subscriber here! Mad respect for your effort!
many thanks, I managed to set it up, the deploy part is slightly different for my use case but it took me only one day, which is much much better timing than a week :) Many thanks, you just made one more PROD to be up and running
If you're looking to deploy your own monitoring solution (probably best on a separate VPS), Uptime Kuma is a great FOSS project.
Yep, absolutely love it! Dozzle is also great for viewing logs from the browser.
But how will you be informed if Uptime Kuma is down? In this case, Uptime Robot is the better choise because it is not part of the systems to be monitored.
@@Glatze603 how will you know if uptime robot goes down?
@@wi1h It´s a public service and when this goes down, your private homelab is not down, too. In this constellation, you have 2 different service-stacks.
@@Glatze603 but you'd set up uptime kuma on its own vps in a different region or whatever, so it's still two different "service stacks". or you can do it in your homelab with the vps outside of it, or vice versa
i've had uptime kuma running on a free tier ec2 instance for about six years monitoring my homelab services, i've never had to touch it and it's never gone down
Another way to further harden SSH is by setting up a WireGuard VPN with the VPS and only allowing packets on port 22 through that VPN, thus achieving layered security. WireGuard also has a smaller attack surface than SSH.
@@nixigaj11 Exactly 💯
Not using IaC I honestly don't consider as production ready, for which in this relatively simple case I'd probably pick Ansible. However this seems to be a pretty good step-by-step you can easily translate into an Ansible playbook.
My main remark is that because you skipped the database setup locally, I don't see any mention of backups - which is something a lot of people forget, and absolutely critical for a production ready setup.
Agreed. Setting up a database for production ready is a more involved process. My main goal was to focus more on the application side rather than the database side of the equation
@@dreamsofcode can you make another video just for setting up a Postgres database in a VPS? That one was really helpful
@@giannissavvidis1570 I absolutely can! This is great idea.
@@dreamsofcode subbed for this - would be amazing
This is one of the best VPS setup videos on YT. Thank you
Great tutorial! I would also add a step to setup an auto run for the docker compose to run on boot. Cause once the server goes down for any reason, you would need to manually start the services again
This video is great! Thanks a lot. It's good to know that there are still talented people producing quality content.
As an SRE, I would also say amazing exlanation and walkthrough. Voice + mic also helps a lot. Great content keep it up
Thank you!
This is so damn good. I setup my own VPS before on digitalOcean as a junior dev and it was shaky to say the least. Having everything outlined for me here is brilliant going to utilise this 100%
Please also consider IPv6 when deploying like this. It's easy enough to simply point an AAAA record of the same name to the server's IPv6 address and set any services such as a web server/load balancer to listen on [::], as well as to enable the firewall on IPv6. UFW will even add IPv6 records for you by default if you do not specify the address family explicitly.
As a frontend dev who fear ci/cd and anything linux that was the best deployment walkthrough ever, great video
Nice video but you forgot backup/recover. It is the fundamental part of the cloud.
backup of the whole vps man, not more than 2 dollar a month for most provider
@@benjamismo what is your backup frequency?
@@VictorJoseph-lu2rs daily, all my vps run on linode, they have an option for that, for an extra 2$ I have daily backups
The vps provide give this option, for more payments
you have no ide how much I needed this video, it's basically perfect
Excellent presentation and channel overall, well done and thank you, sir! Found you only today and already watched a couple with great interest.
The quality of the content in this tutorial left me no choice but to subscribe 😁
I was about to comment about the lack of historical monitoring ability for the definition of production ready, but I appeciated your explanation at the end why you decided to just use a simple uptime monitor.
I think your video definately has one of the realest takes on what considerations, challenges and viable solutions in the web development industry - not only that I am impressed you were able to create this on such a small budget.
Would be interested to see you add log and performance monitoring on a budget aswell - if the off the shelf products exist and perhaps can be feasibly be run on the same box with a log retention of X amount Gbs or X amount of days.
Again awesome video, I will share this with my team :)
Thank you for the kind feedback! I really appreciate it.
This video was a game-changer for me as a junior developer. I learned so much. Thank you! 🔥
Quickly becoming my favorite tech channel!!!
I love using arch as server os for my side projects the arch wiki is a nice to have and unless you do some weird things it "should" never break. Ill update this comment until it does but right now rocking arch linux as a simple html/js/css website server for over a year and half
I would suggest also setting up the firewall directly in the VPS panel. This makes it so any accidental rules on the VPS don’t automatically expose the wrong ports (eg the docker iptables issue would be prevented). The obvious downside is that you need to define the rules twice.
Nice one. You should make a Video with VPS + Portainer in between.
Very well explained. I also liked that you did not use any proxies and CDN which are nice to haves but aren't absolutely necessary
I have been using VPS and deploying for the last 4 years, still learned some new things!
Thanks man. You saved me over 2000$ - this is the quote I received from company for similar setup.
One of the best videos I've seen out there. Thank you so much for this video!
Great Video! Very well paced and very informative.
About the firewall, I have my VPS in digital ocean, and they provide a firewall layer outside the VPS. Using that I’m able to limit port access without having docker issues, this could also be a viable firewall strategy in your scenario
Wow, I learned so many new things... Great job, sir 👏
In the end, how much did it all cost? (Hostinger, Domain, etc)
What a great video, my man! I thought this would be much more complex
Wow! This is the exact solution that I need for my homelab attempts. I know what I'll be working on this weekend. Thank you, thank you!
Great video, I was deploying my own app on a vps not that long ago and I wish I knew about traffic. Nginx is great, but sometimes it was a bit of a pain, as I practically never used it before. Traffic seems so nice with it's integrated docker compose, scaling and TLS capabilities
Dude, this video is so great of content, you did it great, congratulations!
This guy has pure passion
wow this was the coolest video ive seen lately
Excellent break down, have a similar setup using the original docker based rancher to manage the stack - cheers for sharing, watchtower is great find!
Excellent video dude! Clear explanation on everything and focusing to things that are important!
my man, you have a way to assure us and now I am planning to make a copy of this.
Thank you
What an amazing synthesis. Well done!
You can decrease the TTL to get the DNS propagation quick, but the downside is that the cache for these dns entries only live for small amount of time, meaning that the dns lookup times might go up a little. Also I would have gone with a debian image just because out of the box it is very lightweight and has like 10 processes at max running, with very less storage usage and RAM usage, Ubuntu always feels a little bloated
Awesome video! I hope to see a video about how to setup a production ready database on a vps as well
Wow what a great video. I am actually thinking to give it a try as well. Just to learn a bit more on setting up VPS for production 😃
Wow, so much information in a single video. Thank you
Would love to see a follow-up on a production-ready db!
amazing video
Thank you so much! I really appreciate it
Very good video and i loved all the details you added.
I am definitely trying this on my own VPS just to learn more.
Awesome video as always! I have been through the same journey as you, and the outcome of that learning is the ecodev-infra repo (and an associated mkdoc documentation that may help some). There you might find dozzle interesting for quick logging, uptime-kuma (instead of uptime robot, might as well use the original OS tool ☺), more considerations on security (the ufw/docker correct interaction that you mentionned, modsecurity waf/fail2ban/secure headers via traefik...) and much more (like a simple bash script to automate the parts you did on setting up an user, installing docker, setting up ufw ...) ! Hope you can benefit from it as I benefited from your 2 channels! ☺
Your repo is so good bro, I usually use caddy for reverse proxy, after watching this video may be I will give traefik a try :))
@@tuanvumaihuynh Thanks so much! 🥰 If you liked it, the follow up is the associated documentation, and then ecodev-app for a modern python (fullstack) web-app! Hope it can help others too! 😊I was so thrilled to see this video, if @dreamsofcode is doing it I cannot be that much in the wrong ahahah
Thanks for the video ! Came out at the perfect time :)
Much appreciate it. a video of how you created the the application on Golang would be great too... amazing stuff.
Great video. Thanks for sharing. I feel taking backups should also be in the checklist.
This is the only video you need to configure your VPS.
I have so much to learn form this, go prod ready code, traefic, ufu, tls management and many more. Thank you bro
That's the most amazing shit I ever seen on TH-cam, good job doing that kind of tutorial. I've been searching for something similar multiple times. Keep up the good work, mate.
this is my jam. we're on the same journey. very informative
Amazing content here, thanks for the effort!
Great video! Would have been a great resource when I set up my VPS originally. It is reassuring that I use a very similar setup on my VPS.
This video is a gem. Thank you so much!