1---
  2layout: post
  3title: VPS providers
  4subtitle: Some recommendations and considerations
  5description: Some recommendations and considerations to keep in mind when choosing a VPS provider
  6cover: /assets/posts/disk.png
  7tags: sysadmin hosting self self2019
  8date: 2019-12-18 21:35 -0500
  9---
 10# Forward
 11You should always be careful when choosing a VPS provider. In the online world,
 12*everyone* relies on someone somewhere in the chain. Even if you're
 13[self-hosting](https://en.wikipedia.org/wiki/Self-hosting_(web_services)) your
 14services on your own hardware in your living room, your ISP could suddenly
 15decide that you're using too much bandwidth and throttle your speeds or possibly
 16cut you off entirely. When you're using a VPS provider (as will be discussed
 17further down), someone in the datacentre could make a mistake and power down the
 18machine your VM is running on.
 19
 20Choosing a dependable and trustworthy provider is of paramount importance when
 21deciding to run web services for yourself and especially for others.
 22
 23# Considerations to keep in mind
 24## Key disclosure
 25This is one of the more important facets of choosing a provider. [Key disclosure
 26laws](https://en.wikipedia.org/wiki/Key_disclosure_law) can be used to force
 27server administrators[^1] to give their encryption keys to law enforcement. If
 28you use full disk encryption, you might have to give up the passphrase used to
 29decrypt the server. If files are encrypted on-disk, these might be subject to
 30surrender as well. It depends on the country and their implementation of the
 31law. These are the nations that have some form of legislation pertaining to key
 32disclosure:
 33
 341. Antigua and Barbuda
 352. Australia
 363. Canada
 374. France
 385. India
 396. Ireland
 407. Norway
 418. Russia
 429. South Africa
 4310. United Kingdom
 4411. Belgium[^2]
 4512. Estonia
 4613. Finland[^2]
 4714. New Zealand (unclear)
 4815. The Netherlands[^2]
 4916. United States (see the [Wikipedia
 50    article](https://en.wikipedia.org/wiki/Key_disclosure_law#United_States) as
 51    this is an unusual situation)
 52
 53These nations *don't* have key disclosure legislation and can be considered safe
 54to use in this respect.
 551. Czech Republic
 562. Germany
 573. Iceland
 584. Italy
 595. Poland
 606. Sweden (it has been proposed, however)
 617. Switzerland
 62
 63## Local laws
 64In addition to key disclosure, you're also *generally* subject to the laws of
 65that nation, whatever they may be. For example, Germany requires that an
 66[Impressum](https://en.wikipedia.org/wiki/Impressum) be displayed on any public
 67website. I have chosen to ignore that as they rarely enforce the law for
 68non-German citizens; this is just an example. A more serious one that *would* be
 69enforced is their [censorship
 70rules](https://en.wikipedia.org/wiki/Censorship_in_Germany) meaning that
 71anything with user-generated content must be moderated or provide plausible
 72deniability[^3].
 73
 74## Speeds
 75Another factor to consider under location is distance from *you*. If you're
 76running a game server such as
 77[Minetest](https://wiki.minetest.net/Setting_up_a_server), you'll want it to be
 78as geographically close to you as possible to reduce latency. That said, my
 79Minecraft server (yes, Mine*craft* 😞) is in Germany while I'm in the US.
 80Neither me nor any of my friends have actually *noticed* high latency so it's
 81not such a huge deal, just something to keep in mind if speed is of great
 82import.
 83
 84## KVM vs OpenVZ
 85Make sure your provider offers full KVM virtualisation, not OpenVZ. VPS
 86providers that use OpenVZ tend to grossly oversell[^4] their platform and you
 87may run into performance issues if they don't plan properly. Overselling is
 88still possible with KVM but providers tend to do it much less.
 89
 90You would also be unable to have full disk encryption, custom operating systems,
 91custom kernels, etc. You wouldn't be able to do anything at a particularly low
 92level like install WireGuard DKMS modules or even choose an OS they don't
 93already provide. For example, if you want [Alpine
 94Linux](https://alpinelinux.org/) for how lightweight it is or
 95[RancherOS](https://rancher.com/rancher-os/) for its container optimisation, you
 96wouldn't be able to use them unless your provider has already set up and
 97configured OpenVZ images for them.
 98
 99# Providers
100I have personal experience with [Digital Ocean](https://www.digitalocean.com/),
101[netcup](https://netcup.eu), and [BuyVM](https://buyvm.net/). In my opinion, DO
102is terribly overpriced if you're not wanting to scale like a huge enterprise and
103make use of their Teams features, the API for spinning up high-compute droplets
104on-demand for a short period of time, things like that. I would *only* recommend
105DO for larger businesses. netcup, BuyVM, and Hetzner are much better options.
106
107## netcup
108The majority of my services run on servers from [netcup](https://netcup.eu) and
109I highly recommend them. They're based in Germany and thus not subject to key
110disclosure laws. Depending on where in the world you are, they may or may not
111require legal identification such as your passport or driver's license; I'm in
112the US and wasn't required to do any of that. Payment is done through PayPal but
113does not require a PayPal account. They offer full KVM virtualisation so you're
114not limited to images they provide.
115
116Head to my [Affiliates](/affiliates) page for discounts on their various
117offerings.
118
119## BuyVM
120My [DNS](/dns) and [Tor exits](/tor-nodes) are on [BuyVM](https://buyvm.net)
121"slices". I'm using Slice 1024 for them but may consider upgrading if there's
122enough interest. BuyVM has an interesting story; they started out as an "arm" of
123[Frantech](https://frantech.ca) but are now the sole service provided by them.
124Frantech was originally a more user-friendly service similar to Digital Ocean
125that sort of held your hand through the setup and BuyVM was the "do it yourself"
126version. They provided servers and expected you to know what to do with them.
127BuyVM was *way* more popular than Frantech; the latter actually ended up losing
128money. They eventually shut Frantech down and just run BuyVM under the name.
129
130They are *very* Tor-friendly and pretty much forward all DMCA reports to
131/dev/null. After paying for my servers, I opened a support ticket letting them
132know that they would be Tor exits. I got a response saying something along the
133lines of "cool! 👍" and that's it. I set Tor up, configured the system to
134auto-update and reboot as needed, and they've run themselves since. I've never
135gotten an abuse report of any kind or an email about them even though they've
136been online for over five months.
137
138I have nothing but good to say about BuyVM but I wouldn't use them when you need
139something with more power.
140
141## Hetzner
142I haven't personally used [Hetzner](https://www.hetzner.com/) yet but I plan to
143eventually. I find that netcup and Hetzner have complementing plans; if Hetzner
144has something with specs below what you would like but the next one up is too
145expensive, netcup like has something in the middle. The reverse is also true;
146Hetzner fills gaps that netcup might have. In addition, they have dedicated
147server plans. This gives you remote access to baremetal machines so you get
148*much* more performance, you can run your own VMs, etc.
149
150Hetzner also has auctions quite often. This gives you the opportunity to rent
151physical hardware at a lower price, rather than paying for a virtual machine or
152for one of their dedicated plans. You can also ship them a server you *own* and
153pay for space on a rack in their datacentre (this is colocating). It can be very
154expensive though; their cheapest option starts at 119.00€/mo.
155
156[^1]: It can really be used to compell *anyone* to surrender their keys
157[^2]: Those who know how to access a given system may be compelled to share
158    their knowledge. This, however, does not apply to the suspect or to their
159    family members
160[^3]: This is where the user-generated content is hidden from the owner in such
161    a way that it can't be easily removed.
162    [PrivateBin](https://privatebin.info/) is one such service that provides
163    plausible deniability; everything is encrypted and decrypted client-side so
164    the server (and, by extension, the admin) can't see any of the public data
165    *to* remove it
166[^4]: "Overselling" is when a provider takes advantage of "ballooning" with KVM
167    or "bursting" with OpenVZ. These features allow VMs or containers to borrow
168    resources from others; when a provider oversells a machine, they are banking
169    on their clients not using all of the resources they're paying for
170[^5]: "Colocate" means that their hardware is in the same datacentre as someone
171    else's. Providers that colocate often share the cost of the building,
172    utilities, internet service, etc. though netcup and Hetzner have their own
173    networks.