NixNet
/
NixNet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
NixNet/_posts/2019-12-18-vps-providers.md

8.5 KiB
Raw Blame History

layout title subtitle description cover tags date
post VPS providers Some recommendations and considerations Some recommendations and considerations to keep in mind when choosing a VPS provider /assets/posts/disk.png sysadmin hosting self self2019 2019-12-18 21:35 -0500

Forward

You should always be careful when choosing a VPS provider. In the online world, everyone relies on someone somewhere in the chain. Even if you're self-hosting your services on your own hardware in your living room, your ISP could suddenly decide that you're using too much bandwidth and throttle your speeds or possibly cut you off entirely. When you're using a VPS provider (as will be discussed further down), someone in the datacentre could make a mistake and power down the machine your VM is running on.

Choosing a dependable and trustworthy provider is of paramount importance when deciding to run web services for yourself and especially for others.

Considerations to keep in mind

Key disclosure

This is one of the more important facets of choosing a provider. Key disclosure laws can be used to force server administrators1 to give their encryption keys to law enforcement. If you use full disk encryption, you might have to give up the passphrase used to decrypt the server. If files are encrypted on-disk, these might be subject to surrender as well. It depends on the country and their implementation of the law. These are the nations that have some form of legislation pertaining to key disclosure:

  1. Antigua and Barbuda
  2. Australia
  3. Canada
  4. France
  5. India
  6. Ireland
  7. Norway
  8. Russia
  9. South Africa
  10. United Kingdom
  11. Belgium2
  12. Estonia
  13. Finland2
  14. New Zealand (unclear)
  15. The Netherlands2
  16. United States (see the Wikipedia article as this is an unusual situation)

These nations don't have key disclosure legislation and can be considered safe to use in this respect.

  1. Czech Republic
  2. Germany
  3. Iceland
  4. Italy
  5. Poland
  6. Sweden (it has been proposed, however)
  7. Switzerland

Local laws

In addition to key disclosure, you're also generally subject to the laws of that nation, whatever they may be. For example, Germany requires that an Impressum be displayed on any public website. I have chosen to ignore that as they rarely enforce the law for non-German citizens; this is just an example. A more serious one that would be enforced is their censorship rules meaning that anything with user-generated content must be moderated or provide plausible deniability3.

Speeds

Another factor to consider under location is distance from you. If you're running a game server such as Minetest, you'll want it to be as geographically close to you as possible to reduce latency. That said, my Minecraft server (yes, Minecraft 😞) is in Germany while I'm in the US. Neither me nor any of my friends have actually noticed high latency so it's not such a huge deal, just something to keep in mind if speed is of great import.

KVM vs OpenVZ

Make sure your provider offers full KVM virtualisation, not OpenVZ. VPS providers that use OpenVZ tend to grossly oversell4 their platform and you may run into performance issues if they don't plan properly. Overselling is still possible with KVM but providers tend to do it much less.

You would also be unable to have full disk encryption, custom operating systems, custom kernels, etc. You wouldn't be able to do anything at a particularly low level like install WireGuard DKMS modules or even choose an OS they don't already provide. For example, if you want Alpine Linux for how lightweight it is or RancherOS for its container optimisation, you wouldn't be able to use them unless your provider has already set up and configured OpenVZ images for them.

Providers

I have personal experience with Digital Ocean, netcup, and BuyVM. In my opinion, DO is terribly overpriced if you're not wanting to scale like a huge enterprise and make use of their Teams features, the API for spinning up high-compute droplets on-demand for a short period of time, things like that. I would only recommend DO for larger businesses. netcup, BuyVM, and Hetzner are much better options.

netcup

The majority of my services run on servers from netcup and I highly recommend them. They're based in Germany and thus not subject to key disclosure laws. Depending on where in the world you are, they may or may not require legal identification such as your passport or driver's license; I'm in the US and wasn't required to do any of that. Payment is done through PayPal but does not require a PayPal account. They offer full KVM virtualisation so you're not limited to images they provide.

Head to my Affiliates page for discounts on their various offerings.

BuyVM

My DNS and Tor exits are on BuyVM "slices". I'm using Slice 1024 for them but may consider upgrading if there's enough interest. BuyVM has an interesting story; they started out as an "arm" of Frantech but are now the sole service provided by them. Frantech was originally a more user-friendly service similar to Digital Ocean that sort of held your hand through the setup and BuyVM was the "do it yourself" version. They provided servers and expected you to know what to do with them. BuyVM was way more popular than Frantech; the latter actually ended up losing money. They eventually shut Frantech down and just run BuyVM under the name.

They are very Tor-friendly and pretty much forward all DMCA reports to /dev/null. After paying for my servers, I opened a support ticket letting them know that they would be Tor exits. I got a response saying something along the lines of "cool! 👍" and that's it. I set Tor up, configured the system to auto-update and reboot as needed, and they've run themselves since. I've never gotten an abuse report of any kind or an email about them even though they've been online for over five months.

I have nothing but good to say about BuyVM but I wouldn't use them when you need something with more power.

Hetzner

I haven't personally used Hetzner yet but I plan to eventually. I find that netcup and Hetzner have complementing plans; if Hetzner has something with specs below what you would like but the next one up is too expensive, netcup like has something in the middle. The reverse is also true; Hetzner fills gaps that netcup might have. In addition, they have dedicated server plans. This gives you remote access to baremetal machines so you get much more performance, you can run your own VMs, etc.

Hetzner also has auctions quite often. This gives you the opportunity to rent physical hardware at a lower price, rather than paying for a virtual machine or for one of their dedicated plans. You can also ship them a server you own and pay for space on a rack in their datacentre (this is colocating). It can be very expensive though; their cheapest option starts at 119.00€/mo.

  1. It can really be used to compell anyone to surrender their keys ↩︎

  2. Those who know how to access a given system may be compelled to share their knowledge. This, however, does not apply to the suspect or to their family members ↩︎

  3. This is where the user-generated content is hidden from the owner in such a way that it can't be easily removed. PrivateBin is one such service that provides plausible deniability; everything is encrypted and decrypted client-side so the server (and, by extension, the admin) can't see any of the public data to remove it ↩︎

  4. "Overselling" is when a provider takes advantage of "ballooning" with KVM or "bursting" with OpenVZ. These features allow VMs or containers to borrow resources from others; when a provider oversells a machine, they are banking on their clients not using all of the resources they're paying for ↩︎