@@dreamsofcode Wow really an incredible video. I am expecting a more detailed video, especially about traefik and monitoring. And I have a confusion, you exposed port 8080, does that mean I can access your traefik dashboard?
I find that the difficulty in setting up a VPS properly does't lie in de setup itself, but knowing what things to setup in order to do it properly. This video is great in reminding you of the essentials to do so correctly and safely. Great video!
This video is a testament that it's easier and honestly better to go with the cloud provider like vercel or aws if your app doesn't have 500 active users. Just focus on writing features to attract the customers. This VPS approach can easily swallow a week of configuration. That being said, I do have a medium traffic app which costs me about $86 monthly between vercel and aws thanks to ELB and RDS. That's a lot of money for me, so I might look into alternatives, but not before I check how to use Serverless.
Another great point of VPS is that what you learn can be applied on multiple hosts. While learning how to deploy to the cloud will work only for one provider. VPS = Freedom! Well done!
Thank you a million times for this video. I was looking for a way to get started with self hosted deployments and this video is a goldmine for information for me.
Few months ago I (FE dev turned into Full Stack) struggled to setup a VPS to deploy as a testing env for a LAMP application, and later a React+JAVA app. This video covered many subjects that cost me days.
This video is amazing! i've been in the same boat as you feeling a bit "scared" of setting up a production VPS and this videos really makes it much more approachable. 100% gonna try this myself now. Thanks
This is really great. Most of us have a vps with some app but I guess many have not containerized, load balanced, automated the deployment and implemented monitoring and observability. Thank you so much for your time on this.
In the past i used to deploy my stuff pretty similiar. Nowadays i do it using podman instead of docker, which also supports quadlets as container / network / pod definitions or if you like even kubernetes manifests and has podman auto-update included. That way you don't need to run a separate watchtower container, just add a label to containers that shuld be auto updated. Also it's daemonless and rootless which is pretty cool. You just have to allow non root users to bind to low ports sttarting at port 80 for http, so traefik can tcp bind there.
Next challenge for you: make all those steps part of your code. So you can spin up an instance of your app on any new Hostinger VPS 😉 As a Ruby developer, I've tried Cher recently. But I find its infrastructure very unclear and misleading. So I'm going to explore something simpler as a solo developer: Ansible maybe. In fact, I had a ToDo item on my "Do it later" list about making infrastructure as a code for a new VPS since I was 18. Your channel is the finding of the year for me. I highly appreciate the great video quality. Good job🎉
This was a great video DOC. One pendantic note: the æ in traffic is a symbol in IPA (International Phonetic Alphabet) for exactly the sound the "a" in traffic makes. Maybe not ideal to make branding that only appeals to Apex-level language nerds like myself, but it works 🙂
Man, until yesterday, I only developed products in companies infrastructure, yesterday and thanks to you I managed to make my own multi-containers project online. Thanks a lot.
Great summary! I don't really understand why people are so afraid of using VPS for production. It's not really that different from cloud bs, and companies usually have a sre team anyway 😂
@@victor141516 Will keep in mind that most cloud providers are providing software as well. People mostly go to clouds for the cloud specific software. I mean that's primarily the difference between the cloud and VPSsm
@@victor141516 You need to handle security yourself. You need to handle downtimes yourself. If your hoster goes down, your website does too. The benefit of these services is that they have an uptime of 99.99% which is on of the biggest selling points to use a cloud provider but you are right, a VPS is perfectly capable of running a production deployment.
VPS is bullshit for production, you should get a dedicated server for production in any case. If one VPS gets over its resource allocation it could affect your VPS... no way getting a VPS for an actual real production product...
@@jordixboy That's crazy cuz I've been hosting my production deployment on a vps for 1 year now. I totally agree with you on having issues when anything happens but as long as you keep an eye on your metrics, it'll be fine. Or go with a managed kubernetes cluster. As I said in my comment before which got deleted(???), is that you have to do a lot of maintance yourself. If you don't want that, then go with a dedicated or managed solution. But these can get expensive and if your product doest make any money yet, for some people that's too much. For data though, I got mongodb atlas which is expensive but data is important. If the website goes down its bad but fine. If you lose your data or get hacked you can shut down your service.
@@jordixboy vps is not a shared hosting, vps means virtual private server which as the name says it’s virtual and private and no vps can get over the allocated resource that’s one of the features of virtualisation
It's so rare to me for comment something on youtube, but you deserve it: THANK YOU A LOT. This is a gold mine. Very, very good! I have 15 years of exp and I never seen someone teach in such a simple an easy way.
Great stuff! I would love to see you do a deep dive like this into observability. I feel like there are a billion different Grafana tools and like you mentioned, adding the LGTM or ELK stack would increase the complexity of this setup significantly. But observability is so valuable, so I’m really interested in your approach!
Pleasantly surprised by how information dense and straight to the case this video is! About 9:55, the term "security by obscurity" has a bad connotation rightfully so, but in this case changing the default sshd port I'd say is really important. OpenSSH is a battle-tested application, by changing the port of the server you're adding an extra layer of protection. Security by obscurity is a bad when it's the only factor in your defenses, but as an extra layer can be do wonders. Your logs will have less spam, your bandwidth will be less wasted and in the worst case scenario of a 0-day you can buy yourself some time. On my previous job, I was so paranoid that I used a ssh bastion host with a non-default port while the target machine only accepted ssh traffic from within the network. This had the added bonus that the sshd exposure was minimal and reserved to only when I was working on the machine.
A while ago I noticed a sustained ~10 Mbps traffic on a very cheap VPS with a 100 Mbps link. It was all automated scanning of SSH from IPs in all the usual countries. Moving SSH to a high port wards of these low-effort scanners. If you're also running fail2ban, non-standard port means you don't end up with half the internet in your firewall rules.
@@iaadsi that would just be trading one protocol for another, both offering some attack surface. I just resort to using fail2ban and hardware SSH keys, disabling password based access. And if that is not hardened enough, I would forgo a classic OS entirely - using Talos Linux on bare metal to host the workload in Kubernetes, and having management of the host done the same way as Kubernetes does: API based, authenticated with client certificates.
This was a cargo container load of value!!! It is so nice to see a youtuber posting a video of what he actually knows about rather than fumbling his way through pretending he does...
Nice video! I'm a huge proponent of running my stuff on VMs like this. One thing worth considering is to use something like tailscale for access to the server and configure SSHd+UFW to only be accessible over that. It is a little more secure and removes the constant annoyance of SSH scans. If you need to scale to more VMs they can talk to each other securely over tailscale even if they are on different providers.
What I really appreciated from this video was a breakdown of how you sort of put together requirements. It would be great to have a more in depth video covering an overview. Something like the following. No need to go into too much depth but maybe each part a quick demo and things to consider. Road map Defining requirements (I like to use the WRSPM model) Assessing market value and profitability Evaluating whether or not it's a good idea? Perhaps a business model canvas or something. Wireframung UIs Designing architecture Setting up a site with a coming soon message perhaps a quick one with tailwind and astro. So you can copy paste ui elements straight in ans easily edit them. Basic GDPR compliance and considerations (privacy policy, cookie notice) astro markdown file. Maybe touch on analytics Adding a sign up and newsletter to the site Engaging with an audience. Getting feedback through surveys Basically everything you should do before you start coding.
In my opinion, this tutorial is the best practice for deploying applications to Servers from scratch to complex. I learn more about setting up my Server.
I expected some heavy ads and way of doing things that are integrated into hostinger's ecosystem. What I got was a bunch of really useful tips and info. Thanks a lot!
Nice Tutorial 🎉specially the TLS + HTTPS Part was very inspiring. But there is one thing you can add to the stack to lower costs and you are in control of monitoring: Uptime Kuma.
Not using IaC I honestly don't consider as production ready, for which in this relatively simple case I'd probably pick Ansible. However this seems to be a pretty good step-by-step you can easily translate into an Ansible playbook. My main remark is that because you skipped the database setup locally, I don't see any mention of backups - which is something a lot of people forget, and absolutely critical for a production ready setup.
Agreed. Setting up a database for production ready is a more involved process. My main goal was to focus more on the application side rather than the database side of the equation
Really like this video, ground up from the first steps, clear and show the “howto parts” too. Thank you. Just a notice: Unfortunately Docker get updates frequently when you have to update/restart the whole service, and sometimes it cannot restart cause some reason (for example a config flag changed in the new version). The other sadly thing when the underlying docker image contains virus (crypto mining, bot, backeoor or other..) or just simple a bug. This is great for a small hobby or test project of course, but far from a “production” solution, theres a lot of single point of failure.
But how will you be informed if Uptime Kuma is down? In this case, Uptime Robot is the better choise because it is not part of the systems to be monitored.
@@wi1h It´s a public service and when this goes down, your private homelab is not down, too. In this constellation, you have 2 different service-stacks.
@@Glatze603 but you'd set up uptime kuma on its own vps in a different region or whatever, so it's still two different "service stacks". or you can do it in your homelab with the vps outside of it, or vice versa i've had uptime kuma running on a free tier ec2 instance for about six years monitoring my homelab services, i've never had to touch it and it's never gone down
Great tutorial! I would also add a step to setup an auto run for the docker compose to run on boot. Cause once the server goes down for any reason, you would need to manually start the services again
many thanks, I managed to set it up, the deploy part is slightly different for my use case but it took me only one day, which is much much better timing than a week :) Many thanks, you just made one more PROD to be up and running
This is so damn good. I setup my own VPS before on digitalOcean as a junior dev and it was shaky to say the least. Having everything outlined for me here is brilliant going to utilise this 100%
Another way to further harden SSH is by setting up a WireGuard VPN with the VPS and only allowing packets on port 22 through that VPN, thus achieving layered security. WireGuard also has a smaller attack surface than SSH.
Mate, I believe you're required to flip the 'sponsored video' toggle in youtube. It displays a little label at the start of the video indicating that it's sponsored. Great vid! 👍👍
I would suggest also setting up the firewall directly in the VPS panel. This makes it so any accidental rules on the VPS don’t automatically expose the wrong ports (eg the docker iptables issue would be prevented). The obvious downside is that you need to define the rules twice.
Awesome video as always! I have been through the same journey as you, and the outcome of that learning is the ecodev-infra repo (and an associated mkdoc documentation that may help some). There you might find dozzle interesting for quick logging, uptime-kuma (instead of uptime robot, might as well use the original OS tool ☺), more considerations on security (the ufw/docker correct interaction that you mentionned, modsecurity waf/fail2ban/secure headers via traefik...) and much more (like a simple bash script to automate the parts you did on setting up an user, installing docker, setting up ufw ...) ! Hope you can benefit from it as I benefited from your 2 channels! ☺
@@tuanvumaihuynh Thanks so much! 🥰 If you liked it, the follow up is the associated documentation, and then ecodev-app for a modern python (fullstack) web-app! Hope it can help others too! 😊I was so thrilled to see this video, if @dreamsofcode is doing it I cannot be that much in the wrong ahahah
Great video, I was deploying my own app on a vps not that long ago and I wish I knew about traffic. Nginx is great, but sometimes it was a bit of a pain, as I practically never used it before. Traffic seems so nice with it's integrated docker compose, scaling and TLS capabilities
I was about to comment about the lack of historical monitoring ability for the definition of production ready, but I appeciated your explanation at the end why you decided to just use a simple uptime monitor. I think your video definately has one of the realest takes on what considerations, challenges and viable solutions in the web development industry - not only that I am impressed you were able to create this on such a small budget. Would be interested to see you add log and performance monitoring on a budget aswell - if the off the shelf products exist and perhaps can be feasibly be run on the same box with a log retention of X amount Gbs or X amount of days. Again awesome video, I will share this with my team :)
Great Video! Very well paced and very informative. About the firewall, I have my VPS in digital ocean, and they provide a firewall layer outside the VPS. Using that I’m able to limit port access without having docker issues, this could also be a viable firewall strategy in your scenario
I love using arch as server os for my side projects the arch wiki is a nice to have and unless you do some weird things it "should" never break. Ill update this comment until it does but right now rocking arch linux as a simple html/js/css website server for over a year and half
Please also consider IPv6 when deploying like this. It's easy enough to simply point an AAAA record of the same name to the server's IPv6 address and set any services such as a web server/load balancer to listen on [::], as well as to enable the firewall on IPv6. UFW will even add IPv6 records for you by default if you do not specify the address family explicitly.
0:00 - Introduction 1:17 - Make TODO list 3:25 - Ad of Hostinger 4:28 - Setting up Hostinger VPS 5:32 - Set up SSH 6:02 - Create new user account 6:25 - Add SUDO permission to new user 6:40 - Switch to new user 6:53 - TODO 1: Domain name setup 7:50 - Add TMUX 8:22 - TODO 2: Open SSH Haroening 10:19 - Check DNS recodes 10:33 - TODO 3: Go Web App Running 11:32 - Add Database and setup env 12:16 - Add Docker to VPS 13:47 - Setup docker image for web app and run 14:42 - TODO 4: Setup Firewall - UFW 17:12 - Setup Reverse Proxy - traefik 19:51 - TODO 5: Setup Load Balancer 21:14 - TODO 6: TLS Certificate 23:33 - HTTP Redirect 24:15 - TODO 7: Automated Deployments - Watchtower 27:58 - TODO 8: Monitoring
Thanks for this really great video. I would add another layer of security concerning the access of your web applications: add authelia in combination of traefik, so you are able to bypass authentication (like for your guestbook) or you configure simple authentication or 2fa authentication for each web app. With this option, you could add further web based docker images, you can protect with this step.
You can decrease the TTL to get the DNS propagation quick, but the downside is that the cache for these dns entries only live for small amount of time, meaning that the dns lookup times might go up a little. Also I would have gone with a debian image just because out of the box it is very lightweight and has like 10 processes at max running, with very less storage usage and RAM usage, Ubuntu always feels a little bloated
Please can you make a video to convert this into terraform? That would be amazing. Also, adding a video for logging, custom metrics, and APM would make this a fantastic series.
To get your own VPS instance visit hostinger.com/dreamsofcode and use the coupon code DREAMSOFCODE
Cool video, hostinhee is fine but over all Hetzner is a lot better.
@@dreamsofcode Wow really an incredible video.
I am expecting a more detailed video, especially about traefik and monitoring.
And I have a confusion, you exposed port 8080, does that mean I can access your traefik dashboard?
@@dev-akeel When it was exposed you would have had access! But I removed it at the end of the video :)
@@dreamsofcode For yourself as well? Means you no longer have traefik dashboard access?
Dude I have so much respect for you. I can tell you write a script and you put so much effort into those vids. Mad respect dude!
I find that the difficulty in setting up a VPS properly does't lie in de setup itself, but knowing what things to setup in order to do it properly. This video is great in reminding you of the essentials to do so correctly and safely. Great video!
15+ Years experience and I still learned something thank you.
😢 me, more older, and learn
this dude lowkey uploaded one of the best tutorial out there for a good vps production setup
This video is a testament that it's easier and honestly better to go with the cloud provider like vercel or aws if your app doesn't have 500 active users. Just focus on writing features to attract the customers. This VPS approach can easily swallow a week of configuration.
That being said, I do have a medium traffic app which costs me about $86 monthly between vercel and aws thanks to ELB and RDS. That's a lot of money for me, so I might look into alternatives, but not before I check how to use Serverless.
This definitely needs an accompanying article version to make it easier to follow (and honestly to copy-paste commands)
Another great point of VPS is that what you learn can be applied on multiple hosts. While learning how to deploy to the cloud will work only for one provider. VPS = Freedom!
Well done!
na not true dude. Almost all cloud providers offer the same services but with different names. Its all the same shit
@@jordixboy Yes and no. If you are using something proprietary you'll need to migrate. It isn't 1 click and done.
Thank you a million times for this video. I was looking for a way to get started with self hosted deployments and this video is a goldmine for information for me.
Dreams of Code is a legend.
Few months ago I (FE dev turned into Full Stack) struggled to setup a VPS to deploy as a testing env for a LAMP application, and later a React+JAVA app. This video covered many subjects that cost me days.
This video is amazing! i've been in the same boat as you feeling a bit "scared" of setting up a production VPS and this videos really makes it much more approachable. 100% gonna try this myself now. Thanks
This is really great. Most of us have a vps with some app but I guess many have not containerized, load balanced, automated the deployment and implemented monitoring and observability. Thank you so much for your time on this.
In the past i used to deploy my stuff pretty similiar.
Nowadays i do it using podman instead of docker, which also supports quadlets as container / network / pod definitions or if you like even kubernetes manifests and has podman auto-update included. That way you don't need to run a separate watchtower container, just add a label to containers that shuld be auto updated. Also it's daemonless and rootless which is pretty cool. You just have to allow non root users to bind to low ports sttarting at port 80 for http, so traefik can tcp bind there.
Nice! Can you share anywhere to start reading up on this setup?
Next challenge for you: make all those steps part of your code. So you can spin up an instance of your app on any new Hostinger VPS 😉
As a Ruby developer, I've tried Cher recently. But I find its infrastructure very unclear and misleading. So I'm going to explore something simpler as a solo developer: Ansible maybe.
In fact, I had a ToDo item on my "Do it later" list about making infrastructure as a code for a new VPS since I was 18. Your channel is the finding of the year for me. I highly appreciate the great video quality. Good job🎉
This is by far the best technical video I've watched since a few years. Kudos to your efforts and best wishes from India! 👏
This was a great video DOC. One pendantic note: the æ in traffic is a symbol in IPA (International Phonetic Alphabet) for exactly the sound the "a" in traffic makes. Maybe not ideal to make branding that only appeals to Apex-level language nerds like myself, but it works 🙂
I loved it enough to join your channel, something I don't do often. Keep up the great work you do!
TIL!
Man, until yesterday, I only developed products in companies infrastructure, yesterday and thanks to you I managed to make my own multi-containers project online.
Thanks a lot.
Great summary! I don't really understand why people are so afraid of using VPS for production. It's not really that different from cloud bs, and companies usually have a sre team anyway 😂
@@victor141516 Will keep in mind that most cloud providers are providing software as well. People mostly go to clouds for the cloud specific software. I mean that's primarily the difference between the cloud and VPSsm
@@victor141516 You need to handle security yourself. You need to handle downtimes yourself. If your hoster goes down, your website does too. The benefit of these services is that they have an uptime of 99.99% which is on of the biggest selling points to use a cloud provider but you are right, a VPS is perfectly capable of running a production deployment.
VPS is bullshit for production, you should get a dedicated server for production in any case. If one VPS gets over its resource allocation it could affect your VPS... no way getting a VPS for an actual real production product...
@@jordixboy That's crazy cuz I've been hosting my production deployment on a vps for 1 year now. I totally agree with you on having issues when anything happens but as long as you keep an eye on your metrics, it'll be fine. Or go with a managed kubernetes cluster. As I said in my comment before which got deleted(???), is that you have to do a lot of maintance yourself. If you don't want that, then go with a dedicated or managed solution. But these can get expensive and if your product doest make any money yet, for some people that's too much. For data though, I got mongodb atlas which is expensive but data is important. If the website goes down its bad but fine. If you lose your data or get hacked you can shut down your service.
@@jordixboy vps is not a shared hosting, vps means virtual private server which as the name says it’s virtual and private and no vps can get over the allocated resource that’s one of the features of virtualisation
It's so rare to me for comment something on youtube, but you deserve it: THANK YOU A LOT. This is a gold mine. Very, very good! I have 15 years of exp and I never seen someone teach in such a simple an easy way.
Wow, thank you! I really appreciate that
Great stuff! I would love to see you do a deep dive like this into observability. I feel like there are a billion different Grafana tools and like you mentioned, adding the LGTM or ELK stack would increase the complexity of this setup significantly. But observability is so valuable, so I’m really interested in your approach!
I'll definitely do a series on observability! Maybe more SRE focused content as well!
Pleasantly surprised by how information dense and straight to the case this video is!
About 9:55, the term "security by obscurity" has a bad connotation rightfully so, but in this case changing the default sshd port I'd say is really important. OpenSSH is a battle-tested application, by changing the port of the server you're adding an extra layer of protection. Security by obscurity is a bad when it's the only factor in your defenses, but as an extra layer can be do wonders. Your logs will have less spam, your bandwidth will be less wasted and in the worst case scenario of a 0-day you can buy yourself some time.
On my previous job, I was so paranoid that I used a ssh bastion host with a non-default port while the target machine only accepted ssh traffic from within the network. This had the added bonus that the sshd exposure was minimal and reserved to only when I was working on the machine.
A while ago I noticed a sustained ~10 Mbps traffic on a very cheap VPS with a 100 Mbps link. It was all automated scanning of SSH from IPs in all the usual countries. Moving SSH to a high port wards of these low-effort scanners. If you're also running fail2ban, non-standard port means you don't end up with half the internet in your firewall rules.
In my opinion using a high port becomes pointless nowadays, since IP scanners and databases like Shodan will discover SSH on a high port eventually.
@@klaernie So what's the best practice now? Hide SSH behind WireGuard?
@@iaadsi that would just be trading one protocol for another, both offering some attack surface. I just resort to using fail2ban and hardware SSH keys, disabling password based access. And if that is not hardened enough, I would forgo a classic OS entirely - using Talos Linux on bare metal to host the workload in Kubernetes, and having management of the host done the same way as Kubernetes does: API based, authenticated with client certificates.
@@klaernie thanks, I got some reading to do :)
This was a cargo container load of value!!!
It is so nice to see a youtuber posting a video of what he actually knows about rather than fumbling his way through pretending he does...
This content is gold, it briefly summarises my 3 years of experience in 30 mins 👌🙏🏽
Nice video! I'm a huge proponent of running my stuff on VMs like this. One thing worth considering is to use something like tailscale for access to the server and configure SSHd+UFW to only be accessible over that. It is a little more secure and removes the constant annoyance of SSH scans. If you need to scale to more VMs they can talk to each other securely over tailscale even if they are on different providers.
What I really appreciated from this video was a breakdown of how you sort of put together requirements. It would be great to have a more in depth video covering an overview. Something like the following. No need to go into too much depth but maybe each part a quick demo and things to consider.
Road map
Defining requirements (I like to use the WRSPM model)
Assessing market value and profitability
Evaluating whether or not it's a good idea? Perhaps a business model canvas or something.
Wireframung UIs
Designing architecture
Setting up a site with a coming soon message perhaps a quick one with tailwind and astro. So you can copy paste ui elements straight in ans easily edit them.
Basic GDPR compliance and considerations (privacy policy, cookie notice) astro markdown file.
Maybe touch on analytics
Adding a sign up and newsletter to the site
Engaging with an audience.
Getting feedback through surveys
Basically everything you should do before you start coding.
In my opinion, this tutorial is the best practice for deploying applications to Servers from scratch to complex. I learn more about setting up my Server.
I expected some heavy ads and way of doing things that are integrated into hostinger's ecosystem. What I got was a bunch of really useful tips and info. Thanks a lot!
Nice Tutorial 🎉specially the TLS + HTTPS Part was very inspiring.
But there is one thing you can add to the stack to lower costs and you are in control of monitoring: Uptime Kuma.
This the best video I’ve ever seen on the topic! Great work!
Not using IaC I honestly don't consider as production ready, for which in this relatively simple case I'd probably pick Ansible. However this seems to be a pretty good step-by-step you can easily translate into an Ansible playbook.
My main remark is that because you skipped the database setup locally, I don't see any mention of backups - which is something a lot of people forget, and absolutely critical for a production ready setup.
Agreed. Setting up a database for production ready is a more involved process. My main goal was to focus more on the application side rather than the database side of the equation
@@dreamsofcode can you make another video just for setting up a Postgres database in a VPS? That one was really helpful
@@giannissavvidis1570 I absolutely can! This is great idea.
@@dreamsofcode subbed for this - would be amazing
Really like this video, ground up from the first steps, clear and show the “howto parts” too. Thank you.
Just a notice: Unfortunately Docker get updates frequently when you have to update/restart the whole service, and sometimes it cannot restart cause some reason (for example a config flag changed in the new version). The other sadly thing when the underlying docker image contains virus (crypto mining, bot, backeoor or other..) or just simple a bug. This is great for a small hobby or test project of course, but far from a “production” solution, theres a lot of single point of failure.
This is a really cool tutorial, not only do you teach tons, you also cover any step anyone else could've taken. Thanks!!
what an awesome way to advertise a service. educating and selling at the same time
If you're looking to deploy your own monitoring solution (probably best on a separate VPS), Uptime Kuma is a great FOSS project.
Yep, absolutely love it! Dozzle is also great for viewing logs from the browser.
But how will you be informed if Uptime Kuma is down? In this case, Uptime Robot is the better choise because it is not part of the systems to be monitored.
@@Glatze603 how will you know if uptime robot goes down?
@@wi1h It´s a public service and when this goes down, your private homelab is not down, too. In this constellation, you have 2 different service-stacks.
@@Glatze603 but you'd set up uptime kuma on its own vps in a different region or whatever, so it's still two different "service stacks". or you can do it in your homelab with the vps outside of it, or vice versa
i've had uptime kuma running on a free tier ec2 instance for about six years monitoring my homelab services, i've never had to touch it and it's never gone down
As an SRE, I would also say amazing exlanation and walkthrough. Voice + mic also helps a lot. Great content keep it up
Thank you!
Great tutorial! I would also add a step to setup an auto run for the docker compose to run on boot. Cause once the server goes down for any reason, you would need to manually start the services again
many thanks, I managed to set it up, the deploy part is slightly different for my use case but it took me only one day, which is much much better timing than a week :) Many thanks, you just made one more PROD to be up and running
As a frontend dev who fear ci/cd and anything linux that was the best deployment walkthrough ever, great video
This was far most detailed video I've seen around VPS, Great!! 💯
this is by far the best vps tutorial that I have ever seen, keep up man.
That was awesome! I would love to see a observability implementation next.
I recently set up a homelab and this was the exact video I was looking for. Thank you so much for doing what you do!
This is so damn good. I setup my own VPS before on digitalOcean as a junior dev and it was shaky to say the least. Having everything outlined for me here is brilliant going to utilise this 100%
Would love to see a follow-up on a production-ready db!
I don't know what to say other than thank you. You got a new subscriber here! Mad respect for your effort!
Another way to further harden SSH is by setting up a WireGuard VPN with the VPS and only allowing packets on port 22 through that VPN, thus achieving layered security. WireGuard also has a smaller attack surface than SSH.
@@nixigaj11 Exactly 💯
This video was a game-changer for me as a junior developer. I learned so much. Thank you! 🔥
Mate, I believe you're required to flip the 'sponsored video' toggle in youtube. It displays a little label at the start of the video indicating that it's sponsored. Great vid! 👍👍
Very well explained. I also liked that you did not use any proxies and CDN which are nice to haves but aren't absolutely necessary
That's the kind of video we love! Excellent work, and I really enjoyed the little animations with Traefik and Watchtower haha !
I would suggest also setting up the firewall directly in the VPS panel. This makes it so any accidental rules on the VPS don’t automatically expose the wrong ports (eg the docker iptables issue would be prevented). The obvious downside is that you need to define the rules twice.
I have been using VPS and deploying for the last 4 years, still learned some new things!
Excellent break down, have a similar setup using the original docker based rancher to manage the stack - cheers for sharing, watchtower is great find!
I'd never used Watchtower in a Dockerized environment, how cool! Like Vercel for backends. Thanks!
I was pleasantly surprised by how easy it was with docker compose!
Awesome video as always! I have been through the same journey as you, and the outcome of that learning is the ecodev-infra repo (and an associated mkdoc documentation that may help some). There you might find dozzle interesting for quick logging, uptime-kuma (instead of uptime robot, might as well use the original OS tool ☺), more considerations on security (the ufw/docker correct interaction that you mentionned, modsecurity waf/fail2ban/secure headers via traefik...) and much more (like a simple bash script to automate the parts you did on setting up an user, installing docker, setting up ufw ...) ! Hope you can benefit from it as I benefited from your 2 channels! ☺
Your repo is so good bro, I usually use caddy for reverse proxy, after watching this video may be I will give traefik a try :))
@@tuanvumaihuynh Thanks so much! 🥰 If you liked it, the follow up is the associated documentation, and then ecodev-app for a modern python (fullstack) web-app! Hope it can help others too! 😊I was so thrilled to see this video, if @dreamsofcode is doing it I cannot be that much in the wrong ahahah
Great video, I was deploying my own app on a vps not that long ago and I wish I knew about traffic. Nginx is great, but sometimes it was a bit of a pain, as I practically never used it before. Traffic seems so nice with it's integrated docker compose, scaling and TLS capabilities
I was about to comment about the lack of historical monitoring ability for the definition of production ready, but I appeciated your explanation at the end why you decided to just use a simple uptime monitor.
I think your video definately has one of the realest takes on what considerations, challenges and viable solutions in the web development industry - not only that I am impressed you were able to create this on such a small budget.
Would be interested to see you add log and performance monitoring on a budget aswell - if the off the shelf products exist and perhaps can be feasibly be run on the same box with a log retention of X amount Gbs or X amount of days.
Again awesome video, I will share this with my team :)
Thank you for the kind feedback! I really appreciate it.
Much appreciate it. a video of how you created the the application on Golang would be great too... amazing stuff.
The quality of the content in this tutorial left me no choice but to subscribe 😁
The timing for this one was perfect haha, great video!
Wow what a great video. I am actually thinking to give it a try as well. Just to learn a bit more on setting up VPS for production 😃
This video is great! Thanks a lot. It's good to know that there are still talented people producing quality content.
Awesome video! I hope to see a video about how to setup a production ready database on a vps as well
Great Video! Very well paced and very informative.
About the firewall, I have my VPS in digital ocean, and they provide a firewall layer outside the VPS. Using that I’m able to limit port access without having docker issues, this could also be a viable firewall strategy in your scenario
I love using arch as server os for my side projects the arch wiki is a nice to have and unless you do some weird things it "should" never break. Ill update this comment until it does but right now rocking arch linux as a simple html/js/css website server for over a year and half
Thanks man. You saved me over 2000$ - this is the quote I received from company for similar setup.
Wow, I learned so many new things... Great job, sir 👏
In the end, how much did it all cost? (Hostinger, Domain, etc)
This is one of the best VPS setup videos on YT. Thank you
This is the only video you need to configure your VPS.
Wow! This is the exact solution that I need for my homelab attempts. I know what I'll be working on this weekend. Thank you, thank you!
Nice video but you forgot backup/recover. It is the fundamental part of the cloud.
backup of the whole vps man, not more than 2 dollar a month for most provider
@@benjamismo what is your backup frequency?
@@VictorJoseph-lu2rs daily, all my vps run on linode, they have an option for that, for an extra 2$ I have daily backups
The vps provide give this option, for more payments
Please also consider IPv6 when deploying like this. It's easy enough to simply point an AAAA record of the same name to the server's IPv6 address and set any services such as a web server/load balancer to listen on [::], as well as to enable the firewall on IPv6. UFW will even add IPv6 records for you by default if you do not specify the address family explicitly.
Excellent presentation and channel overall, well done and thank you, sir! Found you only today and already watched a couple with great interest.
you have no ide how much I needed this video, it's basically perfect
What a great video, my man! I thought this would be much more complex
Thank you for this! I think I am cured from my VPS-phobia 😅
I thought it was much more difficult
this is my jam. we're on the same journey. very informative
Quickly becoming my favorite tech channel!!!
Excellent video dude! Clear explanation on everything and focusing to things that are important!
One of the best videos I've seen out there. Thank you so much for this video!
This is the practical version of what you learn in a 1+year of SRE course
Great video. Thanks for sharing. I feel taking backups should also be in the checklist.
my man, you have a way to assure us and now I am planning to make a copy of this.
Thank you
Would love a follow-up to this to see how to setup multiple different websites on the same VPS
This guy has pure passion
What an amazing synthesis. Well done!
I have so much to learn form this, go prod ready code, traefic, ufu, tls management and many more. Thank you bro
Dude, this video is so great of content, you did it great, congratulations!
Great video! Would have been a great resource when I set up my VPS originally. It is reassuring that I use a very similar setup on my VPS.
Something is missing on your list. System Maintenance. Running a VPS means you have to take care of ensuring system updates and security patching.
any advice on tools or resources to do so?
@@personofsomething6205 probably start with IaC and Ansible, from there you'll get some ideas
@@eldaria A lot of production requirements are missing, it’s more of a personal project tutorial than anything else.
@@quentin.aventure What are the other requirements someone would need to consider? Genuine question.
Wow, so much information in a single video. Thank you
wow this was the coolest video ive seen lately
Caddy is king for most prod needs
0:00 - Introduction
1:17 - Make TODO list
3:25 - Ad of Hostinger
4:28 - Setting up Hostinger VPS
5:32 - Set up SSH
6:02 - Create new user account
6:25 - Add SUDO permission to new user
6:40 - Switch to new user
6:53 - TODO 1: Domain name setup
7:50 - Add TMUX
8:22 - TODO 2: Open SSH Haroening
10:19 - Check DNS recodes
10:33 - TODO 3: Go Web App Running
11:32 - Add Database and setup env
12:16 - Add Docker to VPS
13:47 - Setup docker image for web app and run
14:42 - TODO 4: Setup Firewall - UFW
17:12 - Setup Reverse Proxy - traefik
19:51 - TODO 5: Setup Load Balancer
21:14 - TODO 6: TLS Certificate
23:33 - HTTP Redirect
24:15 - TODO 7: Automated Deployments - Watchtower
27:58 - TODO 8: Monitoring
Thanks for this really great video. I would add another layer of security concerning the access of your web applications: add authelia in combination of traefik, so you are able to bypass authentication (like for your guestbook) or you configure simple authentication or 2fa authentication for each web app. With this option, you could add further web based docker images, you can protect with this step.
You can decrease the TTL to get the DNS propagation quick, but the downside is that the cache for these dns entries only live for small amount of time, meaning that the dns lookup times might go up a little. Also I would have gone with a debian image just because out of the box it is very lightweight and has like 10 processes at max running, with very less storage usage and RAM usage, Ubuntu always feels a little bloated
Very good video and i loved all the details you added.
I am definitely trying this on my own VPS just to learn more.
Nice one. You should make a Video with VPS + Portainer in between.
Please can you make a video to convert this into terraform? That would be amazing. Also, adding a video for logging, custom metrics, and APM would make this a fantastic series.
I've reached to 12 min of your video and already felt like deployment is harder than I thought.