What's All Am I Hosting? Full Infrastructure Breakdown
Every few months, someone asks me how I run my entire online presence for basically nothing. The short answer is: I don't pay for what I can get for free. The long answer is this post.
My entire infrastructure - this site, APIs, email, monitoring, URL shortener, dev tools - runs on free-tier cloud services. Total cost: $0/month. That's less than a single AWS load balancer costs for an hour. Here's exactly how it works, why I chose each piece, and what I'd do differently.
The Philosophy: Free Tier First
I have a simple rule: if a service has a generous free tier that covers my use case, I use it. If I outgrow it, I'll pay - but most of us never outgrow free tiers for personal projects.
The second rule: own the critical paths. DNS is the backbone, so it's on Cloudflare (free, but best-in-class). The main site is on Vercel (free, seamless Next.js deployment). Everything else - databases, email, APIs, monitoring - is a managed service that solves exactly one problem well.
DNS: Cloudflare (The Glue That Holds It All Together)
Everything starts with DNS. Cloudflare runs chan.ns.cloudflare.com and dave.ns.cloudflare.com as my authoritative nameservers. Every subdomain in this post is a DNS record that Cloudflare serves for free.
I use Cloudflare as a pure DNS provider - no CDN proxying on most records except a few redirects (cal, link, mail). The proxied records hide my origin IP and give me free SSL termination, but I keep most records direct because I want full control over the traffic path.
Why Cloudflare over Route53 or self-hosted? Cloudflare's free plan includes unlimited DNS queries, DNSSEC, easy API access, and their dashboard is fast. Route53 charges per query. Self-hosting DNS is unnecessary complexity. Free + best-in-class = no contest.
The Main Site: Vercel
shubhkumar.in is hosted on Vercel's free tier. The apex domain uses an A record to 216.198.79.1 (Vercel's anycast IP for apex domains - you can't use a CNAME at the root).
Vercel's free tier includes 100GB bandwidth, 6000 build minutes, automatic SSL, and edge network distribution. For a Next.js site with ISR, this is more than enough. The site loads fast everywhere because Vercel serves it from their edge network. The www subdomain CNAMEs to the root - standard practice.
Other Vercel-Hosted Sites
cv.shubhkumar.in- Resume site. Next.js, deploys from GitHub.news.shubhkumar.in- Another Next.js site.
Hosted Applications: The Free Tier Dream Team
Render API Server
api.shubhkumar.in runs on Render's free tier. It handles contact forms, webhooks, and server-side endpoints the static site can't handle. Render gives 750 hours/month - plenty for a low-traffic personal API.
Why Render over Railway or Fly.io? Render has the most generous free tier for this use case. The deploy experience is smooth (Git push → deploy), and SSL is automatic.
GitHub Pages Lightweight Pages
connect.shubhkumar.in is a simple social link aggregator - Linktree-style but self-hosted. Single HTML page, zero cost, instant deploy from a GitHub repo.
Infrastructure: The Stuff That Runs in the Background
Tailscale Private Network Bridge
tail.shubhkumar.in points to my Tailscale node at 100.115.133.19. Tailscale creates a WireGuard mesh across all my devices - laptop, home server, cloud VMs. The DNS record lets me reach my home lab from anywhere using a proper subdomain.
The real magic: Tailscale handles NAT traversal automatically. My home server is behind CGNAT (common with Indian ISPs), and Tailscale punches through without any port forwarding. Free tier: up to 100 devices.
Databases: Managed, Never Self-Hosted
I use managed databases exclusively:
- Supabase (Postgres) for anything that needs relational queries and real-time subscriptions.
- MongoDB Atlas for document storage when the schema is fluid.
Both on free tiers or their cheapest paid plans - whichever covers the workload. Self-hosting a database is the fastest way to turn a weekend into an ops nightmare. Backups, replication, patches, disk space - all someone else's problem. The managed premium is worth every rupee.
Fly.io Lightweight Apps
track.shubhkumar.in hosts WakaAPI (self-hosted WakaTime stats) on Fly.io. Free allowance covers the tiny resource usage - 3 shared-CPU VMs with 256MB RAM, 3GB storage, 160GB outbound.
Cal.com Scheduling
cal.shubhkumar.in - Cloudflare-proxied redirect to Cal.com. Self-hosting a calendar scheduler isn't worth my weekend.
Better Uptime Monitoring
status.shubhkumar.in - Free tier. Monitors all endpoints, notifies on Slack. 10 monitors with 3-minute checks and a public status page.
Tools and Redirects
Dub.co URL Shortener
go.shubhkumar.in runs on Dub.co's free tier. Short, memorable links - go.shubhkumar.in/github, etc. Open-source, great API, free tier includes custom domains and basic analytics. Used to run YOURLS on a VPS. Moving to Dub.co saved maintenance and gave better analytics.
Simple Redirects
link.shubhkumar.in and mail.shubhkumar.in are Cloudflare-proxied redirects using 192.0.2.1 (Cloudflare's placeholder IP). No server needed - Cloudflare page rules handle the redirects.
Email Infrastructure: The Hardest Part
Email is the hardest thing on a personal domain. I run three services for different purposes because each solves a specific problem.
Zoho Mail - Primary
Primary email on Zoho's free plan - 5 mailboxes with 5GB each, custom domain, IMAP/SMTP, calendar. The last remaining free tier for professional email on a custom domain after Outlook killed their free custom domain offering and Google Workspace charges $6/user/month.
MX: mx.zoho.com (priority 10), mx2/mx3 as fallbacks. DMARC set to reject with Cloudflare reporting.
Trade-off: Zoho's spam filtering is decent but not Gmail-level. For free, acceptable.
SimpleLogin - Email Aliases
simple.shubhkumar.in - Creates aliases that forward to my primary inbox. If a service sells my email, I delete the alias. Free tier: 15 aliases, PGP encryption, open-source.
Resend - Transactional + Broadcast Emails
I use Resend for all outgoing emails - transactional notifications, broadcast newsletters, and contact form submissions. It handles everything through a single clean API with good deliverability out of the box. Resend's free tier includes 100 emails/day, which covers my low-volume needs. DKIM and SPF configured through forms.shubhkumar.in for proper authentication.
Security and Verification Records
- DMARC (reject) - Strictest policy. Reports to Cloudflare's DMARC reporting. Caught email spoofing attempts at least twice.
- BIMI - Shows my logo next to authenticated emails. Mostly vanity but looks professional.
- Keybase - Domain ownership proof.
- Google Search Console - Site ownership for search analytics.
What I Don't Use (And Why)
- No Kubernetes. Everything fits in docker-compose or managed platforms. K8s is operational overkill for one person.
- No AWS. Pricing model punishes hobbyists. One misconfigured resource = surprise bill. I use SES for email only when necessary.
- No self-hosted CI. GitHub Actions is free for public repos.
- Databases: Managed - Supabase (Postgres), MongoDB Atlas, etc. Free tiers + cheapest plans cover everything. Self-hosting a database is unnecessary ops overhead.
Cost Breakdown
| Service | Cost | What It Runs |
|---|---|---|
| Vercel | $0 | Main site (Next.js) + CV + News |
| Cloudflare DNS | $0 | All DNS records, proxied redirects |
| Render | $0 | API server |
| GitHub Pages | $0 | Link aggregator |
| Fly.io | $0 | WakaAPI instance |
| Better Uptime | $0 | 10 monitors, status page |
| Dub.co | $0 | URL shortener |
| Zoho Mail | $0 | Primary email, custom domain |
| SimpleLogin | $0 | 15 email aliases |
| Resend | $0 | Transactional + broadcast emails |
| Tailscale | $0 | Mesh VPN, 100 devices |
| Supabase | $0 | Managed Postgres (free tier) |
| MongoDB Atlas | $0 | Managed MongoDB (free tier) |
| Total | $0/mo | ~15 services, one domain, full infra |
Lessons Learned
- You don't need to self-host everything. Used to run my own email server, Git server, CI - huge time sink for zero benefit. Managed services let you focus on what matters.
- DNS TTL matters. Low TTL (1–300s) on frequently changed records. High TTL (86400) on stable records for faster lookups.
- Email deliverability is a second job. DKIM + SPF + DMARC + BIMI + reverse DNS + feedback loops takes a full day to set up. Get it right once, don't touch it.
- Free tiers are designed to hook you. That's fine as long as you understand the migration cost before you're locked in.
- Monitoring is not optional. Better Uptime caught three outages I wouldn't have noticed until someone emailed me.
The Reality
Running your own infrastructure is a trade-off - setup time and occasional debugging for complete control and zero ongoing cost. For me, it's worth it. But I also know when to stop. I don't self-host email. I don't run a Docker registry. I don't build custom dashboards. The services I chose handle those well enough that my time is better spent building on top of them.
Comments
No comments yet. Start the discussion.