What's All Am I Hosting? Full Infrastructure Breakdown
DEV Community

What's All Am I Hosting? Full Infrastructure Breakdown

Every few months, someone asks me how I run my entire online presence for basically nothing. The short answer is: I don't pay for what I can get for free. The long answer is this post.

My entire infrastructure - this site, APIs, email, monitoring, URL shortener, dev tools - runs on free-tier cloud services. Total cost: $0/month. That's less than a single AWS load balancer costs for an hour. Here's exactly how it works, why I chose each piece, and what I'd do differently.

The Philosophy: Free Tier First

I have a simple rule: if a service has a generous free tier that covers my use case, I use it. If I outgrow it, I'll pay - but most of us never outgrow free tiers for personal projects.

The second rule: own the critical paths. DNS is the backbone, so it's on Cloudflare (free, but best-in-class). The main site is on Vercel (free, seamless Next.js deployment). Everything else - databases, email, APIs, monitoring - is a managed service that solves exactly one problem well.

DNS: Cloudflare (The Glue That Holds It All Together)

Everything starts with DNS. Cloudflare runs chan.ns.cloudflare.com and dave.ns.cloudflare.com as my authoritative nameservers. Every subdomain in this post is a DNS record that Cloudflare serves for free.

I use Cloudflare as a pure DNS provider - no CDN proxying on most records except a few redirects (cal, link, mail). The proxied records hide my origin IP and give me free SSL termination, but I keep most records direct because I want full control over the traffic path.

Why Cloudflare over Route53 or self-hosted? Cloudflare's free plan includes unlimited DNS queries, DNSSEC, easy API access, and their dashboard is fast. Route53 charges per query. Self-hosting DNS is unnecessary complexity. Free + best-in-class = no contest.

The Main Site: Vercel

shubhkumar.in is hosted on Vercel's free tier. The apex domain uses an A record to 216.198.79.1 (Vercel's anycast IP for apex domains - you can't use a CNAME at the root).

Vercel's free tier includes 100GB bandwidth, 6000 build minutes, automatic SSL, and edge network distribution. For a Next.js site with ISR, this is more than enough. The site loads fast everywhere because Vercel serves it from their edge network. The www subdomain CNAMEs to the root - standard practice.

Other Vercel-Hosted Sites

  • cv.shubhkumar.in - Resume site. Next.js, deploys from GitHub.
  • news.shubhkumar.in - Another Next.js site.

Hosted Applications: The Free Tier Dream Team

Render API Server

api.shubhkumar.in runs on Render's free tier. It handles contact forms, webhooks, and server-side endpoints the static site can't handle. Render gives 750 hours/month - plenty for a low-traffic personal API.

Why Render over Railway or Fly.io? Render has the most generous free tier for this use case. The deploy experience is smooth (Git push → deploy), and SSL is automatic.

GitHub Pages Lightweight Pages

connect.shubhkumar.in is a simple social link aggregator - Linktree-style but self-hosted. Single HTML page, zero cost, instant deploy from a GitHub repo.

Infrastructure: The Stuff That Runs in the Background

Tailscale Private Network Bridge

tail.shubhkumar.in points to my Tailscale node at 100.115.133.19. Tailscale creates a WireGuard mesh across all my devices - laptop, home server, cloud VMs. The DNS record lets me reach my home lab from anywhere using a proper subdomain.

The real magic: Tailscale handles NAT traversal automatically. My home server is behind CGNAT (common with Indian ISPs), and Tailscale punches through without any port forwarding. Free tier: up to 100 devices.

Databases: Managed, Never Self-Hosted

I use managed databases exclusively:

  • Supabase (Postgres) for anything that needs relational queries and real-time subscriptions.
  • MongoDB Atlas for document storage when the schema is fluid.

Both on free tiers or their cheapest paid plans - whichever covers the workload. Self-hosting a database is the fastest way to turn a weekend into an ops nightmare. Backups, replication, patches, disk space - all someone else's problem. The managed premium is worth every rupee.

Fly.io Lightweight Apps

track.shubhkumar.in hosts WakaAPI (self-hosted WakaTime stats) on Fly.io. Free allowance covers the tiny resource usage - 3 shared-CPU VMs with 256MB RAM, 3GB storage, 160GB outbound.

Cal.com Scheduling

cal.shubhkumar.in - Cloudflare-proxied redirect to Cal.com. Self-hosting a calendar scheduler isn't worth my weekend.

Better Uptime Monitoring

status.shubhkumar.in - Free tier. Monitors all endpoints, notifies on Slack. 10 monitors with 3-minute checks and a public status page.

Tools and Redirects

Dub.co URL Shortener

go.shubhkumar.in runs on Dub.co's free tier. Short, memorable links - go.shubhkumar.in/github, etc. Open-source, great API, free tier includes custom domains and basic analytics. Used to run YOURLS on a VPS. Moving to Dub.co saved maintenance and gave better analytics.

Simple Redirects

link.shubhkumar.in and mail.shubhkumar.in are Cloudflare-proxied redirects using 192.0.2.1 (Cloudflare's placeholder IP). No server needed - Cloudflare page rules handle the redirects.

Email Infrastructure: The Hardest Part

Email is the hardest thing on a personal domain. I run three services for different purposes because each solves a specific problem.

Zoho Mail - Primary

Primary email on Zoho's free plan - 5 mailboxes with 5GB each, custom domain, IMAP/SMTP, calendar. The last remaining free tier for professional email on a custom domain after Outlook killed their free custom domain offering and Google Workspace charges $6/user/month.

MX: mx.zoho.com (priority 10), mx2/mx3 as fallbacks. DMARC set to reject with Cloudflare reporting.

Trade-off: Zoho's spam filtering is decent but not Gmail-level. For free, acceptable.

SimpleLogin - Email Aliases

simple.shubhkumar.in - Creates aliases that forward to my primary inbox. If a service sells my email, I delete the alias. Free tier: 15 aliases, PGP encryption, open-source.

Resend - Transactional + Broadcast Emails

I use Resend for all outgoing emails - transactional notifications, broadcast newsletters, and contact form submissions. It handles everything through a single clean API with good deliverability out of the box. Resend's free tier includes 100 emails/day, which covers my low-volume needs. DKIM and SPF configured through forms.shubhkumar.in for proper authentication.

Security and Verification Records

  • DMARC (reject) - Strictest policy. Reports to Cloudflare's DMARC reporting. Caught email spoofing attempts at least twice.
  • BIMI - Shows my logo next to authenticated emails. Mostly vanity but looks professional.
  • Keybase - Domain ownership proof.
  • Google Search Console - Site ownership for search analytics.

What I Don't Use (And Why)

  • No Kubernetes. Everything fits in docker-compose or managed platforms. K8s is operational overkill for one person.
  • No AWS. Pricing model punishes hobbyists. One misconfigured resource = surprise bill. I use SES for email only when necessary.
  • No self-hosted CI. GitHub Actions is free for public repos.
  • Databases: Managed - Supabase (Postgres), MongoDB Atlas, etc. Free tiers + cheapest plans cover everything. Self-hosting a database is unnecessary ops overhead.

Cost Breakdown

Service Cost What It Runs
Vercel $0 Main site (Next.js) + CV + News
Cloudflare DNS $0 All DNS records, proxied redirects
Render $0 API server
GitHub Pages $0 Link aggregator
Fly.io $0 WakaAPI instance
Better Uptime $0 10 monitors, status page
Dub.co $0 URL shortener
Zoho Mail $0 Primary email, custom domain
SimpleLogin $0 15 email aliases
Resend $0 Transactional + broadcast emails
Tailscale $0 Mesh VPN, 100 devices
Supabase $0 Managed Postgres (free tier)
MongoDB Atlas $0 Managed MongoDB (free tier)
Total $0/mo ~15 services, one domain, full infra

Lessons Learned

  • You don't need to self-host everything. Used to run my own email server, Git server, CI - huge time sink for zero benefit. Managed services let you focus on what matters.
  • DNS TTL matters. Low TTL (1–300s) on frequently changed records. High TTL (86400) on stable records for faster lookups.
  • Email deliverability is a second job. DKIM + SPF + DMARC + BIMI + reverse DNS + feedback loops takes a full day to set up. Get it right once, don't touch it.
  • Free tiers are designed to hook you. That's fine as long as you understand the migration cost before you're locked in.
  • Monitoring is not optional. Better Uptime caught three outages I wouldn't have noticed until someone emailed me.

The Reality

Running your own infrastructure is a trade-off - setup time and occasional debugging for complete control and zero ongoing cost. For me, it's worth it. But I also know when to stop. I don't self-host email. I don't run a Docker registry. I don't build custom dashboards. The services I chose handle those well enough that my time is better spent building on top of them.

Comments

No comments yet. Start the discussion.