Hosting isn't easy. There's a multitude of options to pick from, dozens upon dozens of different hosts, and it's impossible to know how much capacity you need—unless you know what you're doing or you're willing to wait and see what happens when you go live.
There's some really excellent guides out there to help flesh out what you might already know, but we thought it was about time that someone talked about some of the lesser-known complexities and difficulties.
Just about anything can be done for free
From cPanel to NewRelic, you can deck out even the cheapest of VPSs with a veritable stockpile of paid apps that will make your administration duties easier or more efficient.
Most of these paid options are great, but it's important to remember that there's always a free alternative—that's precisely why the FOSS community is such an invaluable asset. These FOSS alternatives might not be as feature-rich, or have quite the contemporary-looking GUI, but they can solve just about any problem, if you're willing to put in the work.
The idea that you have to pay anything beyond the cost of your VPS to get services running or keep tabs on its status is, quite frankly, ridiculous.
Triple-check that you have your domain locked in
Once you set your domain's DNS to point to your server and the DNS propagates through these systems, there's not much more for you to do. This means it's easy to forget about the status of your domains. Forgetting to renew them, for example, can lead to you losing control altogether.
If your domain expires, it you don't lose it straightaway. There is a 30-day grace period when you can renew the domain, followed by a 30-day frozen period. In this time, reinstating the domain is possible, but it'll cost you.
After that period of time, the domain is available for anyone to pick up—even the same registrar you were using. As long as the domain isn't a registered trademark, you'll have to pay up whatever this squatter asks to get your domain back, even if it's thousands of dollars, or more.
The best policy is to set your domains to auto-renew, and make sure your billing information is up-to-date. Better yet, check in on your domain around its renewal time even after you've set up auto-renew, just in case.
You're going to mess everything up... at least once
Whether it's your first time logging into a VPS or you're a seasoned professional to LAMP stacks and complex Docker installs, you're eventually going to make a mistake that either brings the server to a halt or takes your site/app down completely. There's unnecessary updates that break dependencies, minute changes to obscure config files, and just plain bad luck.
The thing to remember is that it's okay to break things. Doubly so if you're not running mission critical applications on that VPS. The good news is that getting back to a blank slate is as easy as reinstalling the OS.
Of course, messing up to that degree still means you have to start from scratch, but maybe you set up some configuration management processes. Or, better yet, you documented your processes—more on that in a moment—and all you need to do is retrace your steps.
Documentation is imperative
Documentation is often the last thing that developers think about, but when it comes to maintaining some control of what you've done with your VPS, writing a few things down can make all the difference.
Imagine a situation where you've spent a half-dozen hours configuring your LAMP stack and Wordpress blog, only to make a change that brings the site down. After rounding off that dozen hours trying to figure out what went wrong, you settle on reinstalling.
If you documented your processes, you can at least jump ahead, in a fraction of the time, to the point where everything went wrong. If you didn't, you'll have to wade through all the same tutorials a second (or third) time. Save yourself some headache down the road and make sure you remember how you got to where you are.
Security is important, but sometimes it's better to build
Many people shy away from VPSs because they get inundated with fear-mongering about how necessary and difficult it is to set up layer after layer of security. Firewalls, fail2ban, IP blacklists, hundreds of obscure settings—it can all be a bit much. The truth is a little more nuanced.
Yes, your VPS will get scanned by hackers for vulnerabilities. They use automated tools that search for the lowest-hanging fruit—we're talking about root accounts with passwords like
password. If you do even the basic steps to improve security, you're more than likely going to be okay.
Here's our recommendations: use only SSH keys to log in, turn off root logins (and all password logins), use strong passwords/passphrases where needed (such as a Wordpress admin account), don't run any services you don't need, and enable two-factor authentication for your account.
If you get too stuck in the weeds on making sure your VPS is completely locked down, you won't have anything worth hacking.
A serious note: If you're running any applications that store sensitive data, whether about yourself or your customers, then, yes, you should spend a lot of time (and probably money) on security.
Sometimes, think about your users' location, not yours
Established hosting providers offer you a number of datacenter locations to choose from, and it's tempting to just pick the one that's closest to you. It's nice to have low latency between yourself and your VPS, but that's not the only variable.
If you're hosting a website or application and know most of your customers will initially be on the West Coast, and you're in the east, or even in a different country, it's probably better to sacrifice a little of your own speed in favor of your user experience. In a time where slow loads can affect your bottom line, it's important to be considerate.
Hosting is all about balance—between security and productivity, between moving fast and moving smart. By thinking through things a little differently, you can save yourself a bit of a headache, and maybe some time, as you expand your presence online.
Have any other under-the-radar tips about hosting and its many complexities? We'd be happy to hear them—let us know in the comments.