Migrating from DigitalOcean to Hetzner

I moved two servers, one from Linode and the other from DO to Hetzner a few months ago, with similar savings. The best part was that the two servers had tens of different sites running, implemented in different languages, with obsolete libraries, MySQL and Redis instances. A total mess. Well: Claude Code migrated it all, sometimes rewriting parts when the libraries where no longer available. Today complex migrations are much simpler to perform, which, I believe, will increase the mobility across providers a lot.

I’m formulating plans to switch from AWS to Hetzner. Amazon gets you by charging high prices (sometimes 20x more than competitors) and forcing you to make long-term commitments in order to get the prices to somewhere more reasonable. Then they make it exorbitantly expensive to migrate your data anywhere else. It’s a very customer-hostile approach that I’m tired of at this point.

Amazon might think that they’re locking people in with the egress fees. But they’re also locking people out. As soon as you switch one part to a competitor, the high egress forces you to switch over everything.

It’s going to be complicated to switch, but it’s made easier by the fact that I didn’t fall into the trap of building my platform on Amazon-specific services.

Every time I see this kind of article, no one really bothers about sb/server redundancy, load balancers, etc. are we ok with just 1 big server that may fail and bring several services down?

You saved a lot of money but you'll spend a lot of time in maintenance and future headaches.

This is something we've[0] done a number of times for customers coming from various cloud providers. In our case we move customers onto a multi-server (sometimes multi-AZ) deployment in Hetzner, using Kubernetes to distribute workloads across servers and provide HA. Kubernetes is likely a lot for a single node deployment such as the OP, but it makes a lot more sense as soon as multiple nodes are involved.

For backups we use both Velero and application-level backup for critical workloads (i.e. Postgres WAL backups for PITR). We also ensure all state is on at least two nodes for HA.

We also find bare metal to be a lot more performant in general. Compared to AWS we typically see service response times halve. It is not that virtualisation inherently has that much overhead, rather it is everything else. Eg, bare metal offers:

- Reduced disk latency (NVMe vs network block storage)

- Reduced network latency (we run dedicated fibre, so inter-az is about 1/10th the latency)

- Less cache contention, etc [1]

Anyway, if you want to chat about this sometime just ping me an email: adam@ company domain.

[0] https://lithus.eu

[1] I wrote more on this 6 months ago: https://news.ycombinator.com/item?id=45615867

Hard to read this article as it was written by Claude as a report after the migration that Claude did for you. If an llm helped you migrate and save this much money, kudos. But if you decide to write about it at least proof read it and remove redundant parts and llm storytelling.

Yeah, well be careful of Hetzner, I used to love them but I just migrated away. They just shut all all of our VMs over a $36 billing dispute. (~30 VMs we were using for our CI/CD pipeline) We provided them evidence with records of the payment in totality from our bank, they refused to look at it / discuss the dispute, even when we were communicating urgently and just ultimately shut off all our access. We're on Scaleway now.

The migration sharing is admirable and useful teaching, thank you!

I see the DigitalOcean vs Hetzner comparison as a tradeoff that we make in different domains all day long, similar to opening your DoorDash or UberEats instead of making your own dinner(and the cost ratio is similar too).

I work in all 3 major clouds, on-prem, the works. I still head to the DigitalOcean console for bits and pieces type work or proof of concept testing. Sometimes you just want to click a button and the server or bucket or whatever is ready and here's the access info and it has sane defaults and if I need backups or whatnot it's just a checkbox. Your time is worth money too.

A few months ago, I looked into AWS alternatives for my small SaaS side project. My main motivations were to save money and maybe support some EU cloud providers. At first, I planned to go with Hetzner and accepted that I would need to do a lot of things myself.

However, the dealbreaker for me was that Hetzner IPs have a bad reputation. At work, I learned that one of the managed AWS firewall rules blocks many (maybe all) of their IPs. I can’t even open a website hosted on a Hetzner IP from my work laptop because it’s blocked by some IT policy (maybe this is not an issue for you if you are using CloudFlare or similar).

I've read online that the DDoS protection is very bad as well.

So in the end, I picked DO App Platform in one of the EU regions. Having the option to use a managed DB was a big plus as well.

What are you doing for DB backups? Do you have a replica/standby? Or is it just hourly or something like that?

Because with a single-server setup like this, I'd imagine that hardware (e.g. SSD) failure brings down your app, and in the case of SSD failure, you then have hours or days downtime while you set everything up again.

I have been using hetzer for a few years now. I realized I just need a Linux VM and snapshots. It is so freeing to not have to deal with big tech's VMs and their cumbersome and soul-sucking steps and documentation.

I just want to point out this guide uses many of the same tasks I use when migrating websites between servers while minimizing downtown.

- reduce dns ttl (if not doing an ip swap)

- rsync website files

- rsync /etc/letsencrypt/ ssl certificates

- copy over database (if writes don't happen often and database is small enough, this can be done without replica, just go read_only during migration)

- test new server by putting new ip in local /etc/hosts

- turn off cron on old server

- convert old server nginx to reverse proxy to new server

- change dns (or ip swap between old and new server)

- turn on cron on new server

AWS only requires a card from me. I tried registering at Hetzner and they wanted a picture of my passport.

I saved about $1200 a year by moving from AWS to Hetzner. Can’t recommend it enough. AWS has kind of become a scam.

Hey I made the meme in the header https://wasp.sh/blog/2025/04/02/an-introduction-to-database-...

Nice to see it used _twice_ :D

In the big corporate world, this would be a $600m budget, creating multiple VPs, thousands of positions, multi-cloud and multi-dc kubernetes, tons of highly paid consultants, the migration would take 9 - 12 years, create so many success stories, lessons learnt, promotions, etc etc.

  If you’re migrating a large MySQL database and you’re not 
  using mydumper/myloader, you’re doing it the hard way.

If you aren't using xtrabackup you are doing it wrong. I recently migrated a database with 2TB of data from 5.7 to 8.4 with about 15 seconds of down time. It wouldn't have been possible without xtrabackup. Mysqldumper requires a global write block, I wouldn't call blocking writes for hours a "zero downtime migration".

Really interesting sharing, thanks! Why lower the TTL to 300 instead of something like 60 or 30, to make the switch even faster? The nameservers were DO's, so they should've been more than able to handle the increased load.

BTW, I've been a client of Hetzner (Cloud, Object Storage, and Storage Box) for a few years now, very happy with them!

I know they've been bought out by Akamai or whatever but I've been using Linode for over 10 years and I still go to them if I need a VPS. I don't have extreme needs, but they seem to be always improving or adding features comparable to other providers and the UI is consistent so I don't see a reason to change. Any time there has been an issue they've migrated me to a new host automatically without even needing to do anything. I combine it with Dokploy now and just deploy most of my projects via Docker Compose and private GitHub repos.

I've had excellent experiences with Percona xtrabackup for MySQL migration and backups in general. It runs live with almost no performance penalty on the source. It works so well that I always wait for them to release a new matching version before upgrade to a new MySQL version.

Might give this a whirl, not move business infrastructure here, but see how it works for my personal VPN server.

I set up a VM on Hetzner a few weeks ago. I've been quite impressed so far, and was able to orchestrate everything with Terraform without a problem.

> The key: proxy_ssl_verify off — the new server’s SSL cert is valid for the domain, not for the IP address. Disabling verification here is fine because we control both ends.

Not really, a MITM could do anything here. It's not very likely to happen here, but I think this comment shows a misunderstanding of what certificates and verification does.

What's the HA plan?

Sounds like from the requirement to live migrate you can't really afford planned downtime, so why are you risking unplanned downtime?

>Skyrocketing inflation and a dramatically weakening Turkish Lira against the US dollar

This reasoning does not add up. They could simply say they needed to move somewhere cheaper, like Hetzner. Inflation is still high but getting lower. Weakened Turkish Lira part is not correct because dollar is artificially suppressed for a very long time.

They're great but I wish Hetzner had a US (or CA) east coast presence, the latency of going across the ocean is really troublesome. They have some presence for their cloud offering, so they at least have some experience with the idea.

I had my fair share of Hyperscaler -> $something_else migrations during the past year. I agree, especially with rented hardware the price-difference is kind of ridiculous.

The issue is though, that you loose the managed part of the whole Cloud promise. For ephemeral services this not a big deal, but for persistent stuff like databases where you would like to have your data safe this is kind of an issue because it shifts additional effort (and therefore cost) into your operations team.

For smaller setups (attention shameless self-promotion incoming) I am currently working on https://pellepelster.github.io/solidblocks/cloud/index.html which allows to deploy managed services to the Hetzner Cloud from a Docker-Compose like definition. E.g. a PostgreSQL database with automatic backup and disaster recovery.

I wish we had something like Hetzner dedicated near us-east-1.

They do offer VPS in the US and the value is great. I was seriously looking at moving our academic lab over from AWS but server availability was bad enough to scare me off. They didn't have the instances we needed reliably. Really hoping that calms down.

> Old server nginx converted to reverse proxy We wrote a Python script that parsed every server {} block across all 34 Nginx site configs, backed up the originals, and replaced them with proxy configurations pointing to the new server. This meant that during DNS propagation, any request still hitting the old IP was silently forwarded. No user would see a disruption.

What was the config on the receiving side to support this? Did you whitelist the old server IP to trust the forwarding headers? Otherwise you’d get the old server IP in your app logs. Not a huge deal for an hour but if something went wrong it can get confusing.

Hetzner oversells hardware which means your neighbors are a drag on your performance. If your server is mostly idle, this might be a good move. If not, it probably won't be worth it.

When you find a gold, why tell everyone where it is? Silent happiness keeps the benefits:)

Congrats on doing this successfully, but your setup is amateur. This would have been infinitely easier if you were using IaC (Terraform/Ansible), containerized applications (that you're not already doing that is madness), and had a high-availability cluster setup in place already. It sounds like avoiding downtime is important to you, yet there's no redundancy in the existing stack at all, and everything is done by hand.

This isn't something others should use as an example.

yeah we did the same, however we also run an identical backup server in a different data center so we can switch over in matter of minutes if needed.

We need more competition across the board. These savings are insane and DO should be sweating, right?

I did the same this year. I really liked Digital Ocean though, compared to more complex cloud offerings like AWS. AWS feels like spending more for the same complexity. At least DO feels like it does save time and mental band width. Still though, the performance of cloud VPS is abysmal for the price. I'm now on Hetzner + K3's plus Flux CD (with Cloudflare for file storage (R2) and caching. I run postgres on the same machine with frequent dump backups. If I ever need realtime read replicas, I'll likely just migrate the DB to Neon or something and keep Hetzner with snapshots for running app containers.

Love Hetzner. Cheapest prices in all the land (aside from Hosting your own server) from what I’ve gathered online. Host:

https://slitherworld.com

My foray into multiplayer games.

Given the premise that zero day exploits are going to be frequent going forward, I feel like there is a new standard for secure deployment.

Namely, all remote access (including serving http) must managed by a major player big enough to be part of private disclosure (e.g. Project Glasswing).

That doesn't mean we have to use AWS et al for everything, but some sort of zero trust solution actively maintained by one of them seems like the right path. For example, I've started running on Hetzner with Cloudflare Tunnels.

Anyone else doing something similar?

does anyone else start to wonder about these companys issuing vps/online space with no hardening and no warning

you can basically go on hetzner and spin up a vps with linux that is exposed to the open internet with open ports and user security and within a few hours its been hacked, there is no like warning pop up that says "if you do this your server will be pwnd"

i especialy wonder with all the ai provisioned vps and postgres dbs what will happen here

I’ve had Proxmox on one of their AX42 servers for a year now. All of it is backed up to PBS, backed by Cloudflare R2 storage.

None of it is mission critical - but it’s certainly something I’d use in production with a few more instances.

Networking over Tailscale works flawlessly with my Proxmox nodes at home.

If I remember correctly (it has been a while since I looked), Hetzner although is a lot cheaper on the price sheet, they're European region by default and then if you look to get US region servers at Hetzner, the pricing is a lot higher and similar to Digital Ocean. Is that still the case?

For OP though who is a Turkey-based company and want European region servers anyway, it might make sense.

I assume a vm on DO is HA protected. Also storage might live on a Cluster. Did you consider a socond dedi or do you just accept the risk of longer failover time and data loss time (RPO) for recovering to a newly provisioned server? Would love to know your thoughts on this especially as the migration was well designed and executed.

I started with DO in 2013 when they offered 20GB SSD, 512MB RAM for $5/mo. For some reason I paid no VAT then, but I do now. Their $4/mo option now is still 512MB, still 1 vCPU, but 10GB SSD. So it's like the last decade of technological progress with regards to RAM, CPU and storage that should either lead to price cuts/spec bumps didn't happen. And yeah, DO got expensive before AI bought up all the memory.

Did this about a year ago, went smoother than expected tbh. the main gotcha for us was DO's managed postgres — had to dump/restore manually since there's no direct migration path to Hetzner's managed DBs. ended up just self-hosting postgres on a separate box which has been fine, maybe even better.

A zero-downtime migration to a single database server? Power fails, disks fail, even CPU fans sometimes fail and bring a single server to a halt. Somehow I would have expected at least a high-available database cluster with multiple machines for applications "serving hundreds of thousands of users".

We are currently moving from heroku to Hetzner. Same story, thousands saved / month.

I considered going to hetzner at one point but I read a lot of stories around hetzner that didn't inspire confidence. Primarily that they're not really that much cheaper than going to other companies offering something similar.

If some people can chime in with their positive experiences I might switch.

Am I missing something? I'm genuinely surprised it was not deployed from the start on a dedicated server. Don't you make a cost analysis before deploy? And if the cost analysis was ok at initial deploy, why wait to have such a difference in cost before migrating? How much money goes wasted in such situations?

Migrated from OVH to Hezner last Winter too, 0 downtime since, rolling backup running fine and lower bill too.

I'm currently paying $800ish a month for digital ocean servers that I know would fit on a single hetzner machine :/

> Cloud providers are expensive for steady-state workloads.

Asking the obvious question: why not your own server in a colo?

> The key: proxy_ssl_verify off — the new server’s SSL cert is valid for the domain, not for the IP address. Disabling verification here is fine because we control both ends.

Yeah - no, it's not. They made the MitM attack possible with this change. The exposure was limited to those 5 minutes, but it should have been a known risk.

Also not certain how they could check the apps on the new server with the read-only database, while it was a replica?

Still, nice to hear it succeeded, the reasons sound very familiar.

I also have used DO for years, and was very happy with the quality of their service. Until I found the alternative prices. Not as easy to use, but much better performance for much lower prices.

is a pity that Hetzner does not have monitoring agent like DO. in DO you can set alerts and view all metrics. its this one thing that keeps me from migrating because i dont want to install custom monitoring solutions.

Is Hetzner as reliable as DO though?

Over the years I've heard plenty of horror stories from Hetzner customers.

Most VPS hosting companies have cheap entrance VPS but then steep pricing. 8 vCPUs on DigitalOcean cost 96$ and ~11$ on Hetzner.

  > 30 MySQL databases (248 GB of data)
  > 34 Nginx virtual hosts across multiple domains
  > GitLab EE (42 GB backup)
  > Neo4J Graph DB (30 GB graph database)
  > Supervisor managing dozens of background workers
  > Gearman job queue
  > Several live mobile apps serving hundreds of thousands of users

He's doing all of that on a single server?!

I'm not against vertical scaling and stuff, but 30 db instances in one server is just crazy.

Super happy customer for about 5 years now..

And i say it every time they came up: Their cloud UX is brilliant and simple! Compared to the big ones out there.

I moved my VPS from Rackspace to Hertzner. From $120/mo to $35.

Moving away from the US also felt great.

Can someone tell me the AWS server cost with the same spec? Probably $5000 per month?

I use OVH btw.

I got blocked for non reason on DigitalOcean.

Hey, congrats! What city do you live in?

Just watch out Hetzner don’t fail to take a payment from you from their end then proceed to flag your account for non-payment all while communicating absolutely nothing about this to you arriving at the conclusion they will delete all your servers and ban your account and identity from ever using them again.

Happened to me.

I now advise people to avoid clown-led services like Hetzner and stick to more reputable, if not as cheap, options.

I chose to ignore the cost savings and just enjoy the tale of migration. It’s a good one.

I had to ban the whole DigitalOcean AS.

Full of scanners, script kiddies and maybe worse.

Why did the title get editorialized from the original to omit key facts? That’s some sleazy modding HN.

It's tough to work with these publicly traded companies. They need to boost prices to show revenue growth. At some point, they become a bad deal. I've already migrated from DO. Not because of service or quality, but solely because of price.

Ah yes, create db replica, promote replica to primary. Seems so simple!

When I’ve seen this work well, it’s either built into the product as an established feature, or it’s a devops procedure that has a runbook and is done weekly.

Doing it with low level commands and without a lot of experience is pretty likely to have issues. And that’s what happened here.

Great article

And DigitalOcean customer support is non-existent. I had a mail server down and they cut service instead of trying to contact me in any other way. But worse, when they do that, they immediately destroy your data without any possibility to restore. Or at least that's what they told me with their bog standard, garbage support replies. I was a customer for nearly a decade. After it happened, I realized that never would have happened on GCP, AWS, etc. Because they take billing seriously with multiple contact info, a recovery period, etc. All the things a company would be expected to do to maintain good relationships with customers during a billing issue that lasts a few weeks. That was a couple of years ago, so maybe they fixed some stuff. But the complete lack of support and unprofessional B2B practices was an eye opener.

DigitalOcean just absolutely is just not an enterprise solution. Don't trust it with your data.

Oh, and did I mention I had been paying the upcharge for backups the entire time?

100

Didn't Hetzner prices increase 30-40% recently? See https://news.ycombinator.com/item?id=47120145

As such, I doubt the noted price reduction is reproducible. Combine this with Hetzner's sudden deletions of user accounts and services without warning, and it's a bad proposition. Search r/hetzner and r/vps for hetzner for these words: banned, deleted, terminated; there are many reports. What should stun you even more about it is that Hetzner could ostensibly be closely spying on user data and workloads, even offline workloads, without which they won't even know who to ban.

The only thing that Hetzner might potentially be good for is to add to an expendable distributed compute pool, one that you can afford to lose, but then you might as well also use other bottom-of-the-barrel untrustworthy providers for it too, e.g. OVH.

Now consider that DO is reasonably priced compared to the big three cloud providers.

Cloud is ludicrously marked up.

I think Digital Ocean is not something where I would worry about costs. I would prefer server like Hetzner but I don't think DO is service where the costs are such that we need to do movement.

Plus, this is not what DHH was doing, he was not saving few bucks, but unlocking potential for his company to thrive.

[dead]

I always appreciate savings posts, but is $14k USD annual really make or break for a Turkish business? I would not know.

> Old server: CentOS 7 — long past its end-of-life, but still running in production. New server: AlmaLinux 9.7 — a RHEL 9 compatible distribution and the natural successor to CentOS.

So they did same mistake all over again. Debian or Ubuntu would just be upgrade-in-place and migrate