Like the author, we self-host our git repos at work with Gitea, and it's working very well and brings a rather large set of features you'd expect from a GH alternative.

A great thing is that it's almost fully compatible with Github actions, so migrating an existing CI/CD should not be too painful. If you plan to move, make sure to read this first: https://docs.gitea.com/usage/actions/comparison#missing-feat...

For sure, it requires a bit of maintenance, mainly for updates, but that's all.

How has your experience with Bunny been? I'm quite split on it.

I used to work for a business in a pretty competitive area, where tactics like fake DMCA requests and abuse cases are routinely used to attempt to take down information, be it from Google, or from the CDN/hosting provider. While at first Bunny support seemed understanding of it, later they unceremoniously blocked the account on the basis of too many complaints having been filed, despite all of them being responded to in due time and being proven false.

OTOH, their support staff would respond lightning-fast, which was a breath of fresh air compared to other CDNs we used before.

I could see myself using Bunny for personal projects, or some non-vital business, but probably not for anything with lots of competition.

For CDN, you can try CDN77, they have servers all around the world. No affil, just they are based in Europe (Prague) :)

For domains i find Openprovider.eu is pretty cheap imo, especially if you have a lot and buy in a package it is nearly costprice. Their DNS isn't great though, good enough for personal projects but not for business, would set that somewhere else.

Why do you need to move from Porkbun though? I don't get it.

How does dot.bs make money? The about page and FAQ don’t explain what they’re monetizing.

I have no idea how to setup something like this. How hard is to hire somebody competent enough to set a system like this in-house?

You say no VMs and are using Apple hardware. Are you running this all directly on macOS?

> Managed databases are a scam.

I, too, once believed this. Then I had the displeasure of watching a $10,000 server fail during Christmas travel (about 20 years ago now). A single RAID drive failed. Then, during the rebuild, a second drive failed. Then the RAID controller itself failed catastrophically, losing all the RAID volume metadata. When we restored from backup, we discovered that the sysadmin who had just quit a few weeks before had lied to us about the backup system, and we had no backups.

This is the sort of black swan event that happens every 5-10 years. It's an unusually bad event, even by black swan standards, but stuff like this happens.

The fundamental problem of self-hosted databases is that you test the happy path every day, but you only test true disaster recovery every 5-10 years. And in practice, this means that disaster recovery will usually fail.

With a managed database service, most of what you're paying goes to making sure that disaster recovery works. And in my experience, it does. I've seen RDS database servers fail catastrophically, and completely rebuild in under 15 minutes with virtually no data loss, with almost no human intervention at all.

If you care about your customers' data, I think that a reputable managed database is the right move until roughly the point that you can pay for a full time database administrator. At that point, sure, roll your own. But do regular disaster recovery tests, lest you discover that a recently departed DBA has been lying to you.

Thanks for the post. How do you currently deal with HD failures/redundancy? That’s my main concern leaving a managed database provider.

>However, I've realized you can stay sovereign and independent in any jurisdiction (not just Europe) just by simplifying your stack and running a few baremetal servers in-house.

Only if you have physical offices and staff in every jurisdiction you're serving.

How do you handle anti-DDOS, zero-trust and WAF duties to a cloudflare-esque equivalency (e.g. a reverse-proxy style setup)?

While I definitely concur with your conclusions re VMs and GCP hosting overhead, did you benchmark a container based setup in GKE or similar?

I have been self hosting since couple of years, yes I got very very interested in self hosting my apps, away from the cloud overlords, but the major issue is the network.

You'll need business internet plans with redundancy and based on locations that might be prohibitively expensive. Some startups might even require their own AS numbers.

Also the connectivity to the data centers or cloud infra like WAF , CDNs etc will be definitely worse compared to cloud instances. Then comes firewalls, their configuration and their redundancy.

These things will matter if you're serious about your SaaS.You could definitely co-locate, but that's another cost, then comes the redundancy of everything, from servers, to disks to network (routers and switches etc).

I personally believe that modern hardware is pretty reliable and doesn't need redundancy in every layer, but most people won't agree with and when startups have enough money, this doesn't matter to them.

I think the only reason the common public is unable to start SaaS is handling and managing these problems. Redundancy costs a lot. And many startups don't want to deal with it even if it'll help them in long run. They just gather enough cash and throw at the overlords.

I do hope that the general infra should improve so that can properly host their own.

Nevertheless I'm still trying to start something in SaaS space and self host from my home...

> Just buy a few Mac Studios and run them in-house

I fail to see the point of this when the system you've to decided to run "yourself" is entirely owned and dependent on another American company.

What does your networking redundancy setup look like?

Ah yes, MinIO, that open source S3 alternative that got archived last week. To me that's the biggest problem when self-hosting services. On day to day operations, some times it just breaks and the time to get it back varies from a couple of hours to a couple of days. And for the longer term you regularly have to upgrade things yourself which takes time and energy and is stressing for stateful deployment. And then you have it, at some point maintainers are just exhausted and the project is gone.

Are you actually using Exo for local clustered AI inference? I’ve considered it a few times and keep finding horror stories. Never seen someone report it’s actually working well for them.

Great post, and interesting setup - harkens to days of old, when this was simply how things were done in the first place - but one question that I have, apropos:

>.. serve more than 10k - 100k requests/second which is good enough to serve a million customers.

What is your network connectivity like for this setup? Presumably you operate in a building capable of giving you fiber, with a fixed IP, or something like that?

You really don't? It's just a ton easier for most users: it's (almost) like already having an account. Just click a couple times and you're in, no typing at all, no email confirmation or anything like that.

I also avoid it because I'm concerned about being over-reliant on google (what if they close my account?) and I know how to use a password manager, but I easily understand how 90-99% of the population doesn't care enough and goes the low-friction route.

I assume your circle is mostly tech people? Outside that bubble, it's pretty obvious. People just want easy, don't understand security in many cases, it's the simplest path.

Even absent the above. Imagine a signup flow. I can either click <Sign Up With Google> or I can go through a manual flow with input fields. The former is much faster than the latter. It surprises you people choose the path of least resistance?

People usually have either one or the other account already, because it came with their smartphone. It is friction less from their point of view.

HN is going to skew towards people with password managers & concerns about vendors locking you out. I think most people just want low friction - be that 'Sign in with', or passwordless-based authentication like 404media (you want to sign in? You've been emailed a code)

“Sign in with Apple” allows me to use a random “Hide My Email” address for services that I can’t bother with so it’s absolutely a godsend for me.

Something I didn't see in the other comments is users who are using the startup's service for work, as an employee.

Why wouldn't you choose the simplicity of "sign in with Google" if your work email is on Google Workspace, using the entire Google suite of business tools for everything (gmail, chat, meet, docs, drive, auth, etc) any everything you do at work is known to Google anyway?

Making an email/password account with your work Gmail is just extra steps, one more password to store, and perhaps the inconvenience of one more 2FA thing. Google gets the same information either way.

Similarly why wouldn't you choose the "sign in Microsoft" if your work is all in on the Microsoft suite of business tools (teams, office, onedrive, auth, etc.) and everything you do at work is known to Microsoft anyway?

> I just don't get why people love this.

For the same reason why companies implement SSO for employees? It's just easier to have one account with one password to rule them all.

> I just don't get why people love this.

For a single personal user it's only a small bit of friction but if you're in charge of 30 people SSO is a godsend for boring compliance work and managing groups of people. You want to change a domain in the company not a big deal. Don't have to rotate passwords every quarter, need to restrict an employee from a service etc. You aren't imagining other challenges other than your own here.

My email goes to the same company I can login with so might as well tap the button.

In my experience its been the users who principally only have a mobile phone - i.e. no desktop - and therefore want the benefit of the phone-managed account system tied to .. biometrics, etc...

> I just don't get why people love this.

I wonder if there will ever come a day where the average HN user actually understands how normal people use technology.

Just observe anyone in your social circle that does not "care" about technology and you'll see their reaction to a login prompt when trying, not rarely under time pressure, to access a service they haven't used for a while.

They will sigh, maybe roll their eyes. And who can blame them? The same goes for registering to a new service. Normal people don't use password managers, they don't have Bitwarden with auto-fill, nor do they ever "generate" passwords.

"Sign in with..." offers them a way out of a frustrating experience, it's the device telling them "Hey, would you just like to use this thing you're already logged into instead?" -- yes, obviously they would like that.

Heard of haveibeenpwned? You'll end up there, eventually.

Interesting. I actually had a human translator do the french translation because I didn't trust deepl/LLMs on certain languages. He was Belgian though. Thanks for the feedback, I will certainly consider it - I don't speak french myself.

I really like Scaleway too ! I went with them because Linode got bought and I thought, since I was moving my things anyway, let's go to a French provider. And I got a bad experience with OVH, so Scaleway it was.

But really, I wonder why it's not used more ? Price are maybe a bit high for some things ?

+1 for Scaleway, I've been migrating some of my customers on it and I love it's simplicity and reliability. Costs are also fine.

Unless I'm mistaken you can install hetzner from ISO allowing you to use LUKS. You could use teng/clevis to allow it to automatically unlock (or refuse to, given certain conditions)

Scaleway is so close to being a great product but they need to hire a really visionary Product leader

I found scaleway's IAM system pretty solid so far. Right balance between "gives you nightmares" (GCP) and "one key to rule them all" (Hetzner.. Bunny.. and so many others)

Can you expand on the Scaleway comment? Would be interested in the details.

Also aren't their data centres all in the Paris area? Do they have any geo-redundancy?

What makes Gitea controversial nowadays, I'm out of the loop.

I was roughly familiar with Github Action/Gitea Action compatibility and had a self hosted Gitea already... I found codeberg interesting though!

Isn't Codeberg only for Open Source ?

Codeberg is immense buuut it's only intended for open source projects really, so might not be a good fit for all.

It seems smart to me. Our leaders are intent on burning it all down, and I don't think anyone should be shocked as the smoke starts to billow.

Competition is great.

Different industries have different customers with different needs and funnels.

None of my businesses use a "sign in with..." option and I highly doubt it would increase conversions, however the article and many commenters here are adament (based on their experience) that it is integral.

I'm not sure it's day trading per se, I think it's just a lot more relevant to some industries/products than others.

Google Ads does "kind of" work in the niche I am in, usually with low competition key words.... but I did stop throwing money at it. I am never going to return the investment per conversion... but if you want a search engine to throw your money at.. it is still pretty much without alternative to me.

Which platforms/avenues do you recommend?

Mistral seems great and offers great functionality and maybe fair pricing. However, I have used their LLM API (Le Chat?) in a project and unfortunately the API times out sooooo often. I had to add retry logic and have timeouts of 5 minutes and such, and sometimes there is just never a response from the API. If they could make that more stable ...

(I am using their official Python client library.)

Have you tried Mistral? Admittedly I've only used it twice but I was disappointed. It feels like comparing openoffice to word 20 years ago - does the job but at an obvious compromise

I am still baffled.. compare a domain like .party or .parts between porkbun or your major US based providers and a EU based registrar of your choosing.... It's not pretty, at least it wasn't to me.

Sounds like the EU Digital Identity Wallet project: https://ec.europa.eu/digital-building-blocks/sites/spaces/EU...

BankID is very convenient but the lock in is ridiculous. Owned by a private company and pretty much every service that you use depends on it. You're forced to own a new Google-approved Android or iPhone to use it and to function in society.

We definitely need a vendor independent ID system.

Many European countries have decent authentication, banking and payment system alternatives or even innovative solutions. I think, like usually, it's just a problem to break out of national or regional circles into something pan-European.

A lot of people seem to agree that relying on a handful of too powerful American companies, especially in the ad and social media space, is a terrible idea and running foul of privacy requirements. Remains to be seen if some larger alternatives manage to pop up though. The European landscape is pretty fragmented.

Once the chips are there in a EU datacenter, no geopolitical change can bring them away. And that already makes some difference.

I am trying to be on top of the legal stuff. I did start EU first with GDPR compliance and expanding to the UK was kind of low effort. Comparatively little changes are required. I might expand on that in a future article.. all that legal stuff was quite a bit of effort but I got lucky with my lawyer choice and felt very supported from them at reasonable cost.

I think Mailjet is now owned by Sinch and Sinch is swedish?

Mailersend is EU and fantastic

Nice try by them but the Amazon is still a river and "AWS European Sovereign Cloud" is an oxymoron.

The Chinese version of AWS isn't the full offering, offering less than 1/3 of the services. ESC appears to be more complete, but it's not a third party local company, but rather, a walled-off subsidy of AWS in Germany.

>Now how bulletproof it is in practice will be tested in years to come

Zero chance the data stays in the EU. Just think about it for a moment. US CLOUD Act directly conflicts with EUs GDPR. Amazon doesn't want to risk losing EU markets but it can't lose the US market by not complying with US law.

If these two conflict Amazon will side with the US. The savvy business move is to pretend to serve the EU market exclusively while privately adhering to the US demands.

I am at Lettermint for a month now, coming from Postmark.app (US) and I only can tell positives things about it, works very well and is reasonably priced.

AWS SES does not work for me at all, the sending success rate is really bad.

Yes, exactly! Marketing emails are a whole other story. I was planning on mailjet - thoughts?

Slop text generation is equally good with chinese and european LLMs don't worry about that part

Hanko can be self hosted, if needed - it is one of the few products I chose actively to NOT self host. I am aware of Authentik and do like it.

My advice and experience is don't use Netcup. They are abysmal at customer service. I once registered a domain with them, and hadn't even paid, but then couldn't get my account deleted at all. Even multiple e-mails did not help and they insisted on keeping my data until half a year later or so. They absolutely behaved like complete holes, and I will never trust them again with anything. I don't know what they do with user data. Maybe they systems are just so terrible, that it is a huge effort for them to go and comply with GDPR deletion request and then they just don't do it.

Also their web interface doesn't allow you to delete your domain, even if you have not paid yet. So anyone could come and make some account and register a domain, but then not pay and they wouldn't remove it from their systems. The feel of their website is very antiquated and due to not being able to delete your domains, feels buggy.

The finished product has an imprint (with commercial name, according to Spanish law). The blog post isn't commercial.

good catch, will fix.

I am simply not at that phase yet... I considered revolut pay (UK) or adyen (NL)?

Data sovereignty, avoiding monopolistic dark patterns by big American corporations and choosing local business partners that you can keep accountable is not political, it’s logical choice.

It's funny that you say that because any time I sign in to one of the big cloud providers I wonder how anyone gets any work done there _at all_...

But to answer your question it's the top one from the menu and then you get a page that couldn't be more clear (IMHO as a customer)

Hetzner is juggling quite a bit of legacy systems (konesoleH, Robot) around at the same time.. bare metal (root) is still on Robot, a system from the early 2000s I believe.. konsoleH is for classic website hosting and console is what oyu need for cloud. They are progressively moving over stuff to console now, DNS and Storage Boxes have recently moved.

Just try AWS! :-P

Claude helped write the article. It is 2026. I proof read it though and yes, giving an LLM a list of specific criteria of what you are looking for in a product is actually a pretty good experience.

Perhaps the term is overloaded, and a better one would suffice, but the bigger point is to ensure that none of their infrastructure is under the purview of any US entity, public or private.

US admin is threatening the EU on multiple fronts if you haven't reading the news. Invasions of sovereign territory, dismantling the EU etc.. This is unprecedented and without merit and a lot of EU citizens and governments have reached their patience threshold and are choosing to buy elsewhere.

The US has simply casually mentioned they could turn off all access to US digital services and products that we currently pay good money for. The concern is that they might maybe not all at once but I'm not waiting to find out that they're testing the waters with a single provider.

So we're getting security and independence and promoting the EU tech scene! EU has better privacy laws as well. Before this the US was seen as a reliable ally.

It was a mix of stubbornness and curiosity how far you could push this experiment.

Can't speak for the author, but freedom from US spying ideally. Additionally, not providing any revenue to a US-company that in turn pays taxes to a government that they don't support the actions of.

If you build microservices you should always assume that links go down! So what is the deal here? Think about it as a feature to make your application more error prone. :-)

I think this is short-sighted - there are many applications where a single node is all one needs, and this is a huge part of Hetzners user base, presumably.

A bit of anecdote from me, as a decades-long Hetzner user: I have personally felt no real impact whatsoever with their internal network suffering from intermittent failures. The downtime incurred by Hetzner admin I've experienced is measured in minutes, in my case over a 10 year period as a customer...

Billions of euros over multiple decades? Why?

Seems to me like it's mainly regulation. The thing that makes people in China, or Russia, for example, not use Google - isn't that Yandex / Baidu got tons of investments. It is that people can't easily access Google. If the EU decides to pull the switch (or if the US decides to do so), we have enough competence people here to build a search engine.

In the history of geopolitics, even with what little I've learned of it, "will never happen" can be as soon as two years.

While it's true Europe might not be producing the next Apple or Google, there are lots of alternatives, like national academic login systems, logging into third parties with bank credentials or government IDs... Solutions that depend less on one commercial company capturing the market, that are in place on a national level and work well. It's a different landscape. Factors like current day political turmoil make people much less trusting of "American" solutions. It remains to be seen if this goes beyond sentiment into some actual pan-European solutions that (claim to) safeguard privacy and data.

yeah I think trillions alone wouldn't be enough to replicate Apple's success and market dominance (especially the most valuable demographic)

Yeah, they sell you that with the devices. You would need to crack iOS/Android dominance first before you could realistically consider NOT assuming someone has at least one or the other account.

Agreed mate, it took absolute trillions of Euros for "Sign in with VK" to become a common option in Russia. No clue how they did it while also waging wars.

"Sign in with LINE" in Japan? Quintillions of Yen were spent.

It's possible that will get ""solved"" overnight when some critical service gets cut off or banned in one direction or the other for political reasons.

This is a weird take. It is completely arbitrary.

I could say that you cannot run entirely on US technology, because electronics comes from China. Does that mean that we should just strive to move everything to China, so that we only depend on them?

Makes no sense to me.

are you aware of https://github.com/vitobotta/hetzner-k3s ? I am using it and I can wholeheartedly recommend.

You know, Hetzner is around since 1997, the term cloud didn't even exists then. Or AWS... The only hard truth is something when I see my wife.

Hetzner is a very particular product. They openly cop to being "overly cautious" with even letting people open accounts because they're playing with razor thin margins: I wouldn't engage with an organization like that for serious production workloads.

At least, where "serious" is defined as making enough money that paying AWS $200 a month for $20 a month worth of compute is worth it in exchange for an actual SLA*, paid support, and knowing that even if you drop of the face of the Earth, the account will probably run unfunded months before your users even notice.

I've been bitten by using "quirky" tier-3 providers for savings on projects that really should have just ate the cost of a bigger provider.

(* Yes an SLA is not a magic uptime guarantee, but it creates an expectation which is a lot better than nothing.)

But the argument is reversed! The more boring your tech stack, the _easier_ it is to host it anywhere (including Europe). So choosing boring tech is actually an enabler of this (and other) choices down the line.

It's only "a political commitment" as long as it doesn't affect you yet; and from the European perspective I'd say "the affecting has begun".