.png)
5 hours ago
1
I'm sharing the tech stack I use, including for "vibe coding" output and for instructing LLMs. Throughout this post, I'll explain my reasoning and summarize it at the end. While you could certainly host from your own hardware with an open-source networking stack, that's a topic for a separate blog post. I wouldn't recommend it for fast-moving prototyping or for projects in the idea-validation or demand-evaluation stage.
Serving Infrastructure Stack
Domain Name Management: Namecheap
I've used Namecheap for about 10 years and have no complaints. I've used it historically, its prices are reasonable, and I've had good experiences with its customer support when I haven't understood how to enter a particular DNS record.
- Getting Started: To buy a domain, you can just go to the site and figure it out. To set up A, CNAME, TXT, etc., records, their knowledge base is a good starting point: How do I set up host records for a domain?
Load Balancing & WAF: Google Cloud Platform Application Load Balancer
For most projects, the GCP Application Load Balancer (ALB) will be the most expensive part, averaging around $26/month. The ALB handles load balancing, provides a Web Application Firewall (WAF), and helps address threats outlined in the OWASP Top 10.
You can use a single ALB for multiple domains. If you attach more backends (e.g., Google Cloud Storage buckets) than the default quota allows, you'll need to request an increase. For low-traffic projects, these requests seem to be automatically approved.
One thing I do need to call out here is that for server side rendered apps, setting up routing rules for each path can be a real PITA. I generally wouldn’t expect paths to have .html at the end, but there doesn’t seem to be a good way to default an unmatched route to it’s .html postfixed equivalent without conflicting with other routes, even if the fallback .html match is a lower priority. There did seem to be a decent eventual consistency w.r.t. rules rolling out, so maybe I was just impatient when testing this — but my at this point decade old memory of experience with httpd or IIS was that this was not nearly so hard or finicky with LB’s purpose built for web serving. Do comment if you think you know why I found this so problematic.
Static Assets (JS, Images, Video): Google Cloud Storage
Your object storage should be an inexpensive and fast remote file system. You shouldn't pay more than pennies for ingress or egress, the only real cost should be for the total amount of stored bytes.
Using only GCS and a domain name is enough to host a static site over HTTP. However, to serve your site over HTTPS (which you almost certainly want for anything professional or intended for strangers on the internet), you'll need to use a load balancer like the GCP ALB.
- Getting Started: Hosting a static website
Runtime Hosting: GCP Cloud Run
Cloud providers will run web app server binaries for free for you (free for any normal early project traffic). See Cloud Run’s free tier. Running gcloud run deploy ... against local source code that uses a standard web stack saves me time for more important things.
If you don't mind longer response times when a container spins up from zero, this is effectively free. If you're running a single backend and need to avoid these occasional long spin-up times and high latency, you can set a minimum instance count of 1. It still seems to be very cheap (pennies to dollars per month) to do this. This is the first month I've cared about latency, so I can’t quote a definitive cost for 2 deployments serving a minimal number of requests with a single minimum replica scaling.
Database: Firestore
I use Firestore, an ACID-compliant document store like MongoDB but without Mongo’s operational sharp edges.
I'd prefer to use a SQL database, but that costs money. Firestore's API is relatively simple with widely available user examples, and I usually have an LLM write most of the boilerplate code anyway, which I then review for performance. I haven't yet found something I couldn't index after the fact (at least at low data volumes). If you want regular backups, that adds a small cost, I think roughly $5-$10 range but I didn’t notice my bill increase so there may be some free quota covering this. Otherwise, the default Firestore instance is effectively free for any reasonable usage that isn't analytics.
Software Stack
Front-end Framework: React + Next.js
I prefer statically generated output, though server-side rendering (SSR) isn't much more complicated and is generally what I end up with to avoid overly complex client-side code or streaming large amounts of data to the client.
I let an LLM "vibe code" my Next.js setup. I started out using create-vite to create a single-page application (SPA). You can’t get social media sites to give link previews for pages on a SPA (not without hacks), and search engines don’t index SPAs. If you want any kind of SEO or even just link previews on social media, you'll need a framework that either uses SSR or creates a static bundle.
After vibe-coding three different React apps, I'd encourage you to start a front-end project by telling the LLM to create a new Next.js app using the App Router. This is the modern approach and where maintainers are focusing their efforts. Depending on when the model you're using was trained, it may not default to this. The older pages/ directory model is fine if it's what you know, but as someone who prefers a vendor agnostic API, I found the App Router API was more often what I’d expect and was similar to a typical SPA using e.g. react-router.
Next.js might not be bleeding edge tech in 2025, but I had to work with Webpack and Babel in the 2010s enough to not want to be there anyway. My main criterion was finding something that reliably creates previewable and search-engine-indexable pages. As far as I know, Next.js is the only thing that fits that bill.
Backend Framework: FastAPI
I use FastAPI, which is built on top of Starlette. Flask and Django are too opinionated for me. My sense is that any tech aimed at the mainstream will have a Python SDK, and if I need a library for some processing, Python's coverage is almost as good as Java's and of course has the best AI & ML coverage. Starlette doesn't have a huge hobby-project user base, but it is bulletproof. FastAPI isn’t used as much as I usually set the bar for frameworks, but I consider it a low-risk choice since it's largely syntactic sugar over Starlette.
- Getting Started: The generic Python quickstart from Google Cloud is a good place to start. I can't remember how I figured out to add a Procfile for FastAPI, but the one-liner you need is:
The standard approach here would be to write a Dockerfile. However, I prefer to avoid that until I'm forced to use one because of a system-specific dependency, as I find managing Dockerfiles over time to be a huge time suck. By intentionally choosing "commodity" web technologies, the cloud provider can manage keeping the runtime container up-to-date and secure, so I don’t have to.
Services Stack
Application Tracing - OpenTelemetry libs & GCP Cloud Trace
Use OpenTelemetry. It’s not perfect, and it may not scale, but by the time its not scaling you’ll be rich on your yacht, so don’t worry about it.
Implementing application tracing gives you callstack-like traces of different hops in your service stack, which is useful for understanding how a request was served and understanding where latency comes from in your tech stack.
GCP OpenTelemetry Cloud Trace Exporter
[Application Analytics] - Google Analytics
I’ve heard really good things about Plausible, but have not explored it. Based on what people I know have told me, I should be using it, but I’m in the Google ecosystem and Google Analytics fits the need here.
Analytics is code you install into your js front-end and it tracks user visits, page visits, regions, what time of day users visited, for how long, etc.. Without some analytics on your webpage, you have very little information on how long users actually spend doing anything on your front end, and are essentially flying blind. You can collect metrics on your back end, but anything you do there won’t substitute for good front-end analytics.
[Ad-driven Demand] Google Ads
I suspect Facebook and/or TikTok are better sources of traffic for most startup or hobby websites. I don’t imagine much of my target users clicking a link on a search page. Youtube traffic (which requires videos that you can auto generate with templates in Google Ads) is more interesting as Youtube and podcasts further takeover the world.
If you want search ads, theres not really an alternative.
Why Write This?
There are a lot more people today who are "within striking distance" of hosting their own web app (because of LLMs). AFAICT from my experience, the LLM training corpus has a lot less unbiased/user reports on cloud hosting infra, and so it can be harder to evaluate whats good hosting advice vs not.
Services like Vercel, Cloudflare, and Fly.io offer abstractions that can be simpler to use and make it even easier to deploy a new app. But these aren’t "commodity" offerings or architecture. The tech stack described above uses commodity tech. Firestore as the database would take the most work to migrate away from, but I let the LLM write all of the firestore code and just review it for performance anyways, and it would be low effort to have an LLM re-generate the types of db queries I’m writing. Everything else has a functionally identical alternative at other cloud providers.
Vendor lock-in is a real thing. But more importantly, your app will inevitably have niche performance needs that cloud providers don't solve for out-of-the-box. If you are using a commodity stack that deals with widely used primitives, you'll more likely be able to triage, debug, and solve whatever problem you're facing with information on the internet. If you're using a more exotic deployment model, this is often more difficult and occasionally impossible, even with a cooperative support team from your provider.
I hope this is helpful. I am certain there are a lot of people out there who would disagree with some or all of the choices here. I’d love to hear what you think in comments. I’ll tell you in advance I have no interest in bike shedding among roughly equal tech though.
Thanks for reading!
N.B.
One thing I don't really cover here is authentication & authorization which is probably the most important thing for a lot of apps, but something I am comfortable enough with that I can confidently use Open Source primitives to construct a solid authentication & OAuth2 authorization flow to build. I'm not rolling my own crypto, usually, but for storing user passwords I am using cryptographic libraries to hash pws, verify tokens, etc.. This is absolutely something anyone can learn to do, but it is incredibly tricky to do right, and isn't the kind of thing that can or should be "vibe coded". Leave it to the professionals, and find an off the shelf solution you can live with like Auth0 -- which may or may not be a good solution since its purchase by Okta. Basically, this blog post leaves you on your own for the auth space, but is very much encouraging you to take it seriously and talk to a vendor if you don't have expertise here.
