Ziglang.org migrates from AWS to self-hosting

64 pointsposted 4 days ago
by apitman
(ziglang.org)

26 Comments

rafaelturk

4 days ago

Kudos! We’ve successfully migrated away from the cloud, and it was an epic decision. It’s cheaper, insanely faster, easier to maintain, and unexpectedly more secure. I strongly recommend any startup or corporation to explore how modern frameworks like K8S, Ansible, Proxmox, and OpenStack—whichever suits your needs—can be incredibly easier to manage on-premises.

christophilus

4 days ago

> unexpectedly more secure

How so?

rafaelturk

4 days ago

* Fewer things to manage.

* Less prone to human error. We have one well-secured, central firewall that only a few developers can access. So, even if a developer forgets to properly secure something downstream, it will still be protected by the firewall. One could argue that this is possible in the cloud, but managing VPCs, etc., introduces risks. There’s always the possibility of something critical being left outside the VPC. On-prem, there’s no way something can physically escape our ethernet cables.

* IAM and bucket management issues. Anything in the cloud is inherently exposed to the Internet and, in most cases, open by default. You need to manage countless IAM configurations.

* Physical inspection. We can actually look at our setup, and if necessary, visually inspect if a server is physically encrypted.

* Simplicity and transparency. Things are simpler and more straightforward: Storage is storage, a disk is a disk, and ethernet is ethernet. Canot stress how beatufill this is, even with 100 servers it easy to manage them than in the cloud.

* Modern open-source software. Modern open-source solutions have incorporated many smart features from the cloud, making on-premise setups more powerful and easier to manage.

31337Logic

4 days ago

Well your private data isn't hosted in a public cloud, for starters.

tronical

4 days ago

What’s the difference between having your data in an AWS data center versus having it in Hetzner’s data center from the point of view of “private data in cloud”?

(Good move IMO nevertheless)

Brian_K_White

4 days ago

Your own hardware in a data center is specced, procured, installed, managed, and operated by you, which is more secure and more provable than letting anyone else do all that.

But they said on prem. Hetzner or any other data center is not on prem.

Ah.. TFA is on a Hetzner vps. Well it's 2 different conversations anyway. TFA doesn't say they did it for security but for efficiency.

ppeetteerr

4 days ago

As someone who started in this industry when full stack meant you did CSS and Apache configuration, I'm often surprised by the need for AWS for most startups. A single machine can grow to two machines + a load balancer + a database instance. If you reach that point, then yes, explore AWS. Until then, is the cost really worth it?

sshine

4 days ago

I worked for the biggest job site in my country.

They get thousands of doom-scrollers every day, and their revenue was ~$55M last year.

Admittedly, those numbers are peanuts compared to some global SaaS providers.

But they managed to work for decades on two moderately beefy servers, and a database server, behind a load balancer.

Heck, one server was always enough. The second one was there for redundancy, during releases and in case of emergency.

Traffic peaked at 80% during nation-wide flow-tv commercials. As flow-tv is on the way out, the traffic has spread out a lot more.

They used Perl, which isn't insanely fast, it was just well-made (enough caching, no N+1 queries, etc.).

"That point" where auto-scaling is the obvious choice is pretty far out.

orev

4 days ago

I think one of the biggest reasons is just because everyone else is using it, so you need to use it too to either be able to hire people, or so you can get hired at the next gig.

Us on-prem regular server people are hard to find.

corytheboyd

4 days ago

AWS/GCP throws tons and tons of free credits at startups, I get why it happens. Especially when they can now say things like “we will throw in AI too!” when every startup is some AI wrapper thing.

vitaminCPP

4 days ago

I really like this mentality.

I whish there was more ressource to learn this "low-level" approached to web developpement.

rafaelturk

4 days ago

Now that you’ve mentioned this, I feel compelled to share the lessons we’ve learned from moving from the cloud to on-premises.

ksec

3 days ago

>we'll look into providing torrent files for releases

It is sort of interesting we are back to torrenting. Especially when bandwidth outside of the cloud are relatively cheap. I wonder how many TB they are using per month.

bauruine

3 days ago

They mention a 700$ AWS bill using S3 + Cloudfront (0.08 per GB) so about 700/0.08 ~9TB. In the range of what every 10$ VPS can do a month.

daoistmonk

4 days ago

seems ipv6 is broken atm for ziglang.org :(

ping -6 ziglang.org PING ziglang.org (2a01:4f9:3051:4bd2::) 56 data bytes ^C --- ziglang.org ping statistics --- 7 packets transmitted, 0 received, 100% packet loss, time 6135ms

just noticed because zigup has failed..

kristoff_it

4 days ago

should be fixed now

AndyKelley

3 days ago

just wanted to add... that was totally my fault, I didn't know how to read ipv6 addresses very well and bungled the DNS entry. Neat that you casually get an entire subnet for a rented computer.

mlugg

3 days ago

> Neat that you casually get an entire subnet for a rented computer.

Here's a little more info on this, because it's fun: it looks like Hetzner give you a /64, which by convention is indeed the size of one IPv6 subnet. That's also the minimum size block any IPv6 provider will give you (the spec essentially requires this). My ISP gives me a /64 by default, but upon request will route a /56 or even an entire /48 to me, meaning I can actually get a block of 65k subnets, for free. Hell, if you're on an IPv4-only connection, you can set up a tunnel with Hurricane Electric and get a /48 for free -- that's what I did for several years!

IPv6 is pretty objectively amazing -- huge address space to the point where we can just give people a few hundred or even thousand subnets if they need them, no need for NAT or the accursed CG-NAT meaning IPs are actually globally unique, stateless client configuration (SLAAC), backwards-compatible at the software layer via IPv4-mapped addresses, probably more things I've forgotten...

Unfortunately, the world has been slow to figure this out; there's no real incentive to migrate. You can find the global IPv6 stats online, but as a personal data point which surprised me, I can tell you (unless it's changed in the past few months) that the University of Oxford's network (which you'd expect to be pretty modernized!) is still entirely IPv4-only.

ksec

3 days ago

>just wanted to add... that was totally my fault, I didn't know how to read ipv6 addresses very well and bungled the DNS entry.

I would argue that is the fault of ipv6.

daoistmonk

3 days ago

can confirm it's fixed, thanks!

poisonborz

4 days ago

I wish more high(er) profile examples would come from the industry. Cloud bills of any mid-large company are already sky high - that money could go to hiring staff for selfhosting, a win-win in this economy. Success stories would help a lot.

ahaferburg

3 days ago

> we don't like begging for money, especially from Jeff Bezos and his ilk

Heh.

user

4 days ago

[deleted]

user

4 days ago

[deleted]

user

4 days ago

[deleted]