Server Management, Self-Hosting, and DevOps Basics

The Constraint: Why Infrastructure Decisions Compound

Most development teams treat infrastructure as an afterthought. The application gets attention; the server gets whatever the default setup provides. This works until it does not.

A single misconfigured Nginx worker pool causes request queuing under load. A database running on the same disk as the application means a large import fills the volume and crashes both. An SSL certificate that renews manually gets forgotten and takes the site offline on a Saturday morning.

The constraint is this: infrastructure must be reproducible, observable, and recoverable. If you cannot rebuild a server from scratch in under an hour, you do not have infrastructure. You have a snowflake.

The Naive Approach: Manual Servers and Hope

The tutorial version of deployment looks like this: SSH into a server, run git pull, run composer install, run php artisan migrate, restart PHP-FPM. It works on the first deploy. It fails on the fiftieth.

The problems accumulate gradually. File permissions drift. Environment variables get edited directly on the server and never recorded anywhere. A failed migration leaves the database in a half-applied state. A composer install downloads a new dependency version that breaks the application, and there is no way to roll back without restoring a full backup.

The pattern extends to hosting decisions. A team starts on shared hosting because it is cheap. The application grows. Shared hosting throttles CPU during peak hours. The response is to upgrade to a bigger plan, then a VPS, then a managed platform, each migration requiring a full rebuild because nothing was documented or automated.

The Robust Pattern: Infrastructure as a Managed System

We treat web application infrastructure as code, not as a set of manual configurations. Every server we provision follows a repeatable process. Every deployment is atomic and produces an immutable build artefact. Every failure mode has a documented recovery path.

The stack

Our standard Laravel infrastructure stack uses these components, each chosen for a specific reason and managed against a specific failure mode.

This is not a complex stack. It is deliberately simple. Fewer moving parts means fewer failure points, and every component has been battle-tested across hundreds of thousands of production hours.

PHP-FPM worker sizing

Most PHP hosting guides say "tune your workers" without providing the actual calculation. Here it is.

Why Laravel Forge

We use Laravel Forge to provision and manage servers. Forge handles the tedious parts of server setup while still allowing SSH access for the remaining 10% that requires custom configuration. The alternative is maintaining Ansible playbooks or shell scripts for server provisioning. We have done both. Forge reduces the operational burden for the 90% case.

Forge also provides a deployment pipeline: pull code, install dependencies, run migrations, build assets, restart PHP-FPM. Each step is logged. Failures halt the pipeline before the application is affected. For teams that need more control over deployment orchestration, Envoyer provides dedicated zero-downtime deployment management with release history and one-click rollback.

Hosting Decisions: VPS, Cloud, and Managed Platforms

Choosing where to host a web application is a decision with long-term consequences. The wrong choice costs money, limits scaling options, or creates vendor dependency.

VPS hosting (our default)

For most Laravel applications serving under 50,000 daily users, a well-configured VPS is the correct choice. A single server with 4 vCPUs, 8GB RAM, and SSD storage handles more traffic than most businesses generate.

We default to Hetzner for European hosting. The cost difference is significant: a Hetzner CPX31 (4 vCPU, 8GB RAM, 160GB SSD) costs approximately €15/month. The equivalent DigitalOcean droplet costs $48/month. The equivalent AWS EC2 instance costs roughly $70/month before storage and data transfer. That price gap compounds over years.

VPS hosting also means you own your infrastructure. No platform lock-in, no proprietary APIs, no sudden pricing changes. This ties directly into digital sovereignty: if your business logic, customer data, and operational processes live on servers you control, you retain the freedom to move, modify, or scale without asking a platform vendor for permission.

When to use cloud platforms

AWS, Google Cloud, and Azure make sense when you need specific managed services: object storage with CDN (S3 + CloudFront), managed database clusters with automated failover, or serverless compute for unpredictable workloads.

Our rule: start with a VPS. Move specific services to cloud platforms when you have a concrete requirement that a VPS cannot satisfy. Do not start on AWS because it feels professional. Start on a VPS because it is simple, fast, and cheap.

Managed application platforms

Laravel Vapor, Railway, and similar platforms abstract away server management entirely. These platforms suit applications with highly variable traffic or teams with no infrastructure expertise. The cost per request is higher, but the operational burden is near zero. The limitation is control: when something goes wrong at the platform level, you wait for their support team.

Containerisation: when it helps and when it does not

Docker and Kubernetes appear in most infrastructure discussions. For teams running fewer than five services with a development team under ten people, containerisation adds operational overhead without proportional benefit. The debugging complexity, resource consumption, and learning curve exceed what most SMB applications require.

Containers become genuinely useful when you manage five or more distinct services, need environment parity across a large development team, or run a mature CI/CD pipeline that benefits from immutable build artefacts. Below those thresholds, Forge on a VPS has a lower total cost of ownership and a simpler failure surface. This is not an opinion against containers. It is a decision framework: match the tooling to the complexity of the problem.

Zero-Downtime Deployments

Every production deployment we run follows the atomic deployment pattern. A deployment pipeline is not a luxury. It is the difference between a five-second rollback and a two-hour recovery.

Some teams adopt blue-green deployment or canary deployment strategies at this stage, running the new release alongside the old and shifting traffic gradually. For most single-server Laravel applications, the symlink swap achieves the same outcome with less operational overhead. The naive approach (running git pull in the live directory) means the application serves partially-updated code during deployment. A request hitting the server mid-pull might load old controllers with new views. This causes errors that are difficult to reproduce and diagnose.

When deployments fail

Every zero-downtime deployment guide covers the happy path. The harder question is what happens when a migration fails mid-deploy, when the new release passes health checks but breaks under real traffic, or when a Composer dependency introduces a runtime error that only surfaces in production.

The answer depends on the type of migration that ran. Additive migrations (adding columns, creating tables) are rollback-safe: point the symlink back to the previous release and the old code ignores the new columns. Destructive migrations (dropping columns, renaming tables) are not rollback-safe: the previous release expects columns that no longer exist. This is why we separate additive schema changes from destructive cleanup, deploying them in different releases with a buffer period between.

Monitoring and Alerting

Monitoring without alerting is data collection. Alerting without monitoring is guesswork. We configure both.

Tool selection for small server estates

Enterprise APM tools (Datadog, New Relic) cost more per month than the servers they monitor at SMB scale. For teams running 1-5 servers, a layered approach covers every metric without enterprise pricing. This is the practical side of site reliability engineering (SRE): matching observability tooling to the size of the estate.

Lessons from production

Certain monitoring lessons only come from experience. These are the ones that have saved us repeatedly.

Backup Strategy

We follow the 3-2-1 rule: three copies of data, on two different storage types, with one copy off-site.

The critical discipline is testing restores. A backup that has never been restored is a hope, not a backup. We test database restores monthly and document the recovery time.

Two numbers govern backup strategy: RTO (Recovery Time Objective, how long the business can tolerate being offline) and RPO (Recovery Point Objective, how much data loss is acceptable). A nightly pg_dump gives an RPO of up to 24 hours. WAL archiving with continuous shipping can reduce RPO to seconds. If a full restore takes longer than the business can tolerate, we adjust the strategy: faster storage, parallel restore, or a standby replica that can be promoted immediately.

Scaling: Vertical First, Then Horizontal

Premature scaling wastes money and adds operational complexity. Most Laravel applications never need horizontal scaling. Vertical scaling (upgrading the server) is simpler, cheaper, and sufficient for the vast majority of workloads.

Vertical scaling

A single well-configured server handles more traffic than most teams expect. Nginx serves static assets from memory. Redis eliminates repeated database queries. PHP-FPM worker tuning ensures available memory is used efficiently. When a server is genuinely under-resourced, the fix is straightforward: increase RAM, add CPU cores, switch to faster storage.

When horizontal scaling is necessary

Horizontal scaling becomes necessary when a single server cannot handle the requirements regardless of size, or when you need geographic distribution for latency reasons. It requires architectural changes that are best planned before they are needed.

The decision rule: if your monthly hosting cost is under £500 and you are not experiencing performance problems, you do not need horizontal scaling. Invest that engineering time in application-level optimisation instead: query optimisation, caching strategies, and efficient background job processing.

Common Infrastructure Symptoms

When something goes wrong in production, the symptom is rarely the cause. This reference maps the errors you see to the infrastructure problems that produce them.

Infrastructure as an Asset

Web application infrastructure is not a cost centre. It is an operational asset that determines uptime, deployment speed, and recovery capability.

• ✓
  Deployments happen multiple times per day Atomic deploys with one-second rollback. No stress, no downtime, no maintenance windows.
• ✓
  Failures are detected before users notice Continuous monitoring with targeted alerts. Problems found in minutes, not days.
• ✓
  Recovery follows a documented procedure Tested backups, rehearsed restores, known recovery times. No panicked improvisation.
• ✓
  Provider independence Standard Linux servers on standard infrastructure. Move providers in a day, not a quarter.

This is closely related to the question of owning versus renting your systems. Infrastructure decisions also affect your security and operational posture. Every component in the stack is a potential attack surface. Fewer components, kept current and monitored, means a smaller surface to defend. If you are migrating from a legacy system, the infrastructure plan must account for the transition period: running old and new systems in parallel, data synchronisation, and the eventual cutover. And infrastructure is not a one-time decision. It is an ongoing maintenance commitment that compounds in value when treated as a first-class concern.