Ghost blog on Docker and Terraform at minimal cost
If you don't like DIY, Infrastructure as a Code (IaaC) and not interested in running our own newsletter at lowest possible cost, you can stop reading here.
This is an experimental to run production grade Ghost blog & newsletter at minimal cost in cloud, using Docker Compose, maintaining infrastructure with Terraform and custom CLI.
Objectives
- Upper limit for infrastructure costs is $5 per month in total (excluding domain name fee).
- Production grade security.
- Low response time (500ms on average).
- Low maintenance effort and infrastructure automatization though IaaC and CLI.
We can achieve it by the following technology stack.
Stack
- Hetzner Cloud (this is a referral link with bonus for you and me) as a cloud provider. It offers very democratic prices and decent performance. A special point of interest is Ampere Altra (arm64) platform. Such compute instances are twice cheaper than usual x86 instances.
- Terraform and Ansible to build, run and maintain the infrastructure as a code.
- Custom CLI implemented with Docker and Shell to automate deployment and maintain the project with short console commands. Backup/restore and complete deployment will take ~2 minutes, which is a great metric for such price. You don't need to install development tools like Terraform locally, as CLI image already contains it.
- Docker on a single cloud node to run the following containers with Docker Compose:
- Cloudflare to manage DNS, provide CDN and DDOS protections. We use three more services:
- Zero Trust to handle secure connection with cloud and internet. It automatically manages SSL connection, allows keeping node ports closed and renders SSH console in the browser.
- Access to manage access to internal tools (like backup system or SSH console).
- R2 is S3-like storage with zero egress fee for data and backups.
- Mailgun to send emails reliably (as a part of the newsletter feature).
Sidenote
It might seem counterintuitive to run the production system on a single node due to reliability issues, however, the main objective is cost. IaaC and CLI allow redeploying the stack in a few minutes (in case of a complete rundown). Backup and restore systems takes care of data persistence. Moreover, from the business perspective, any newsletter system should send emails reliably. All the content will be available in your mailbox.
Living example
This blog is run with this stack.
Ready to dive deep?
Check the repository and follow the README for detailed architecture description, prerequisites, installation and operation instructions.