There are many ways to host a website these days—web app if you prefer. It's kind of fun to go through and compare the ways you can do it. You may have never really considered all the options before or found it overwhelming. Some people seem to think that AWS is the only option. As always, I'd like you to take some time to more deeply consider what you're doing.
Hardware is always a foundational consideration in a software project, even if you're only renting it. If you've never really thought about the range of target platforms you intend to support, that's why it tends to only work on your machine. You implicitly wrote it to do that. Depending on what platform you choose to target, you can be signing up for a considerable rewrite if you later need to change it. You cannot future proof, but having no other option is a recipe for a vendor to take advantage of the situation once you're stuck.
There's likely an option or two you consider not covered in this post, but these should cover the bases as far as I see them. Obviously I'm having to lump together many competitors, each with their own unique offerings to paint fairly broad strokes. Many companies have a number of offerings that cross this taxonomy in an effort to target multiple markets. Similarly, I'm writing this at the beginning of 2023. It's possible a new platform will emerge in the coming years. Something like IoT swarm overlays, alt-web based backends, or some distributed protocol that provides significant cost, market, or performance benefits to make a compelling alternative.
Also remember that context is always key. There's no right or wrong, but there's definitely trade offs. Remember that any choice you make is a trade off and design is the process of making choices. If you're creating something for you and your friends that's going to entail completely different constraints than if you're considering the funding allocation for projects at your Fortune 500 company. Trying to do what an organization ten times your size does is a way to stretch your resources paper thin. Likewise trying to do what one a tenth your size does is going to create a great deal of resource contention which will bog you down. You always have to pick the best choices given the context you actually have, not the one you wish you had.
A home server is what it sounds like. Just host your site on your own computer. This is how the internet and web was conceptualized. Despite what you may think, there's nothing special about your favourite websites. They're just computers with an internet connection. You have a computer and an internet connection.
I guess it's possible with appliance computers you could be reading this on a computer you don't really own (your TV, gaming console, etc.). If you're reading this on your phone, you likely have a computer though. I guess you could be reading a printed version of this article… Okay, I'm only 95% sure you have a computer and an internet connection, but assuming you do, this may be the solution for you.
Some examples of this type of hosting include:
- a Raspberry Pi,
- WAMP on Windows,
- Termux on Android,
- iSH on iPhone,
- OpenWrt on your router, or
- literally any old computer you own.
- It's basically free! Well, you already paid for the computer and internet. Power costs extra, but that doesn't have to be a lot if you're computing efficiently on somewhat modern hardware.
- Your own computers are screaming fast compared to what you can rent from a vendor. Even a raspberry pi beats many of the low to mid tier VPS.
- Typical hardware lifetimes are 10 years for desktops, 5 years for laptops, and 3 years for phones. Most server rentals are priced to break even for the company in only a year or two.
- The typical cost comparison for rentals assumes you're spending a lot of money on salaries that go away when you rent. Is this true for you?
- You've got complete control of the server. No worries about someone at your vendor accessing it. Take a hammer to it if it goes rogue.
- If you don't plan on doing anything else with it, you don't have to worry about tenant performance impacts.
- Home servers are kind of a nerd credential because you'll learn more than you probably want to about how all this stuff works. Most of that knowledge transfers because vendors are generally just automating some of this stuff for you.
- Your upstream bandwidth is probably slow compared to what you can rent.
- Heavy network usage in your house impacts the site (can be mitigated with QoS).
- You have to run the hosting computer 24/7. That could mean investing in a UPS or other redundancy.
- You have to overcome NAT and DHCP.
- You usually can't change the reverse DNS for your IP.
- Some ISPs block traffic on certain ports.
- If you plan on doing other things with this computer, you'll be impacting site performance.
- If an attacker gains access to your site, they are now on your home network and have access to whatever else is running and stored on that machine.
- If someone wants to DDoS your site, they also target your home internet (and that may make your ISP mad).
- It's a lot of up front work. Some software packages can simplify this, but then you depend on that software.
The shared server is our first stop on the road through rented hardware. A shared server is what it sounds like. You and a bunch of other people all put your stuff on the same server. There are many ways to do this. The most obvious is what's typically referred to as web hosting.
The features of a shared server vary widely, but generally allow you to host files (HTML, CSS, JS, images, etc.) and have them served at some sort of web URL. From there, more and more features can be added (often for more money) including the ability to run backend code (like PHP, CGI, daemons, etc.), point your own domain at the server, and even store data in a managed database or file system.
Some examples of this type of hosting include:
- GitHub Pages,
- SDF Unix,
- Tilde Club,
- HostGator, or
- just your friend's server.
- Can be free or relatively inexpensive.
- Requires low technical expertise up front.
- It's completely isolated from you and your network.
- Hosting is often super reliable. Put your files up and the rest is taken care of.
- Many providers try to foster a community among fellow tenants to encourage network effects. You can use this to learn from and teach each other.
- If you're paying, your terms of service may come with technical support.
- Can be a fairly low moderation and anonymous way to publish your thoughts and ideas.
- You get what you pay for. You have to figure out who's paying if you're not.
- Often limits the types of files you can serve.
- Using your own domain is rarely free.
- It's likely you'll have wild performance swings depending on who else is doing what else on the server.
- You usually can't install your own software. If they don't have it, you may be able to request it or you'll just have to deal. Same goes for updates.
- You may have limited access to run code on the server (no port binding, limited CPU process lifetimes, etc.).
- Implications of a security breach from another tenant are hard to generalize and depend a lot on the particulars of the service.
- If you use too much bandwidth, compute, or storage expect your provider to cut you off (even if that's not explicitly stated).
- Your provider has complete access to whatever you put there (including things you store in their database). This can have implications for some privacy legislation in your jurisdiction.
Virtual Private Server
A virtual private server (VPS) is sort of the step up from shared servers. In this setup, instead of everyone sharing the server by way of an operating system (or shared serving infrastructure), the provider installs a hypervisor and tenants get a virtual machine to run their own operating systems. You get to reserve whatever resources you want to pay for (virtual CPUs, memory, disk, etc.), and it sort of looks and feels like you have your own machine.
Some examples of this type of hosting include:
- Digital Ocean,
- LunaNode (affiliate link),
- OVH, and
- many, many, many more. Honestly, do your research.
- There are thousands of VPS providers and you can super easily switch between them.
- You can host all around the world (for legal or latency reasons).
- Besides the whole website based serial console thing, it's about as close to your own server in a data centre as you can get at this price point.
- Some providers let you setup reverse DNS for the IP addresses you rent.
- You can technically host your own email server if you want, though I can't say I recommend doing this anymore.
- It's possible to go full infra-as-code if you want because most VPS providers have APIs for resource management (again, do your research here).
- Providers give you an OS install image so you don't have to worry about setting that up too much.
- You can often add full system backups with just a couple clicks and a bit more money a month.
- Some providers even rent managed hardware if you really want great performance isolation.
- Most out of the box software will work on a VPS.
- It's another monthly lease to pay.
- It's not your own server. Someone else always has access to it.
- You may experience performance isolation problems from other tenants on the machine.
- Whenever the provider decides to do maintenance or has issues, you also have maintenance or issues.
- If you want full infra-as-code, you're likely going to have to do a bunch of leg work depending on how popular your provider is among open source contributions.
- This many competitors means there's a lot of variance in service quality and picking a good one is tough.
- You're essentially limited to whatever operating systems they support.
Platform as a Service
Platform as a Service (PaaS) is where I'm going to lump many different but related offerings. A PaaS is essentially a speed versus flexibility trade off. The elevator pitch is that every website does a whole ordeal of the same sorts of things under the hood. There's URL routing, static files, executing code for dynamic content, logging, alerting, request tracing, CRUD operations on persistent data, remote administration, auditing, backups, source code deployments, production issue tracking, usage based scaling, hardware fault mitigations, etc..
What if we built a single integrated solution that did all of that out of the box? It does it one way, and so long as you agree to how it does these things, you don't have to design or build any of it. Biologically speaking, it's an application of niche adaptation. By being really good at what it competes in, it can compete much more aggressively than a less well adapted competitor. Conversely, if you need to do something it's less well adapted to, it's going to be a struggle.
Some examples of this type of hosting include:
- You don't need to administer a server.
- Horizontal scaling is usually baked in.
- The scale of hardware failures you need to worry about are usually at the natural disaster level.
- It can be quite cheap if nobody's using your stuff because often these platforms scale to zero if nobody's using you. Some even come with a free tier you have to cross before they start costing you.
- Infra-as-code is essentially expected, but also probably fairly well automated given tools available from the provider. Some even have authoring tools built in to further reduce the amount of code you need.
- You often get all the logging, monitoring, access, backup, debugging, and management you need right out of the box.
- If your expected use matches the platform's design, it can be much faster to get from research and development into production with a PaaS.
- There are few providers in this space.
- It's much more expensive per unit work than a dedicated server.
- You are likely to end up depending on platform specific behaviour and that's called lock-in.
- You usually can't run off the shelf software on them.
- They often impose a higher latency than dedicated servers.
- Databases often cost extra.
- Usage based billing is a double edged sword. If your customers are also usage based billed, it's just a marginal cost. If you have a different business model it can mean your doom if your biggest users aren't your biggest paying.
The cloud is the buzzword for companies that keep building evermore solutions you can rent to solve your technology research and development problems. Thanks to massive marketing spend to acquire new customers, they're also the companies you've probably heard the most about. Incremental spending on cloud resources is so frictionless that the core driver of growth tends to be the cost to onboard new users.
What's the point of choosing a cloud? Integration. A cloud company's core competency is integrating each solution they provide to make it trivial to leverage them when building your product. They make more money the more you use their offerings. Unlike a pure PaaS offering though, they want you to feel as little friction adopting them as possible. You can rent a VPS from them. You can host any off the shelf software with them. They just also provide lock-in opportunities if you decide you want them.
I'm mostly being harsh here because of their popularity. You should know though that companies not thinking clearly can end up with insanely high COGS for their software thanks entirely to cloud spend. Cloud vendors aren't deceptive in their costs (they're clearly published), but they're also conveniently far from sight when creating new resources so you never have to think about the bottom line impact of your decisions until you get a really nasty bill and reflect on how deeply reliant all your work is on those costs.
Some examples of this type of hosting include:
- They're essentially name brand VPS and PaaS all in one.
- The biggest are unlikely to go bankrupt in the next couple decades.
- It provides some experience working with the cloud management interfaces (if you worry about that).
- You can use some of the PaaS and SaaS offerings of the cloud as needed and practical.
- There are often free tiers for a lot of things.
- They're always adding new technologies you may find useful.
- Everyone else is doing it, so there are many third party resources.
- The cloud is usually your best value for money if you have extremely bursty workloads.
- The money foot gun is real and you have to be careful.
- They nickel and dime you for everything (storage, bandwidth, API operations, etc.).
- It's sort of a cannon to kill a fly at times.
- They're most interested in large companies (or companies that will likely get big) and cater to their complex needs. If that's not you, there's going to be an impedance mismatch.
- Clouds are complex on the whole and can take a significant amount of time to learn with limited utility outside of the cloud ecosystem.
- If you just want to rent VPS and use a message queue, database, storage API, and CDN you can almost always do that for a lot less using individual specialized competitors. Cloud resources generally cost more.
- Their hardware costs are fixed whether they have tenants or not. They amortize bursty work to those who have reliable load to cover for all the time the burst machines sit idle.
A colo is where you pay to rent space in a data centre. You co-locate your hardware alongside others. You're not renting hardware, you're renting space. You buy and bring your own hardware then pay your power and internet bills. This rental could be in many forms from subleasing to a direct rental with the data centre. Costs range from the mundane to the moon (I mean, you could rent an entire data centre if you want), but a minimal setup can be as little as a few hundred up front (for a server) and then one hundred or so a month if you don't need a lot.
Honestly, I think it'd be kind of cool to get together a group of friends or colleagues to run a sort of colo-coop near me to share costs and experience.
I'd give some examples of this type of hosting, but it's really going to depend on where you live or want to host. These are physical buildings and location is important. It'd be like me listing which apartment buildings you can rent in.
- You want some experience, look no further. Forget nerd credentials, put this on your résumé.
- You can buy a screaming fast machine and it's yours to keep.
- There are few performance isolation worries in a data centre on your own dedicated hardware.
- Some colo providers offer hardware-as-a-service, sometimes with lease-to-own agreements so they can amortize the up front cost for you.
- You can often sublease as little as 1U of space for somewhere between $50 to $250 per month (depending on location and facilities), with whole racks ~40 times the size usually only ~10 times the price.
- Second hand server hardware can be pretty cheap (a few hundred dollars).
- Security is one of a data centre's core competencies. 24/7 video surveillance, a perimeter fence, key card access, biometric authentication, mantraps, and many more security features often come standard.
- The main benefit of a colo is the ability to connect directly to ISPs and internet exchanges. Gigabit is sort of the ground floor with options for 10Gbps, 25Gbps, 40Gbps, and more.
- Latency can also be extremely low if you're in the same building as a desirable peer for your needs.
- You can usually contract on site technical support from companies near or in the facility if that makes sense given your situation.
- It's not cheap. You want a good day job or more likely a business the hardware's supporting.
- You will need to buy servers designed for rack mounting.
- If something goes wrong, you need to travel to the data centre. You'll also need to go setup your equipment (for the first little bit, expect to travel until it stabilizes).
- You'll want backup parts for your server and to buy strategically to avoid systematic failures (two of the same part tend to fail at the same time).
- You'll have to learn to handle 95th percentile billing.
- If a cloud was a canon to kill a fly, this is an orbital space laser.
- Many of the same things you need to learn for a home server apply here, possibly with more knowledge of routing and networking depending on your interconnect arrangement.
- You're going to have to sign a lease agreement.
- Location, location, location. Data centres face all the same issues any real estate does. Great locations cost more.
No great insights. Just a bunch of options on the market and a number of metrics to evaluate them against in order to help you find what fits your situation. Choose wisely because your choices matter.