Our Tech Stack

The Infrastructure Behind the Uptime

Every tool we use is chosen because it earns its place. No over-engineering. No unnecessary complexity. Here’s exactly how we run production systems.

Get Hosted See Pricing

Infrastructure as Code

Every Server Defined in Code. Not Clicked Into Existence.

We use Terraform and Ansible to manage all infrastructure declaratively. That means every server, firewall rule, and DNS record is in version control. Reproducible. Auditable. Recoverable in minutes, not days.

When your infrastructure is code, rebuilding it from scratch after a catastrophic failure takes the same amount of time as a fresh deploy. We’ve tested this.

Terraform handles the “what” — what servers, what sizes, what networking rules. Ansible handles the “how” — how those servers are configured, what software is installed, how services are started.

The result: your infrastructure is documented, consistent across environments, and never depends on one engineer’s memory.

main.tf

# DigitalOcean Droplet — app server resource "digitalocean_droplet" "app" {  name   = "sociofi-prod-01"  size   = "s-2vcpu-4gb"  image  = "ubuntu-22-04-x64"  region = "nyc1"  vpc_uuid = digitalocean_vpc.main.id  ssh_keys = [var.ssh_key_id]  tags   = ["production", "app"]} resource "digitalocean_firewall" "app" {  name        = "sociofi-prod-fw"  droplet_ids = [digitalocean_droplet.app.id]   inbound_rule {    protocol         = "tcp"    port_range       = "443"    source_addresses = ["0.0.0.0/0"]  }}

Containerization

Docker Everywhere. Kubernetes When You Need It.

Every application runs in containers. For most products, Docker Compose on a well-provisioned server is the right answer — simpler to debug, easier to understand. When traffic demands it, we graduate to Kubernetes.

Kubernetes Cluster

Node — app-node-01 (4 vCPU / 8GB)

Pod — web

app:latest

nginx-proxy

log-shipper

Pod — workers

queue-worker

cron-jobs

Node — app-node-02 (standby / auto-scale)

Waiting for scale trigger...

For most clients, a single well-configured node with Docker Compose is simpler and equally reliable. We scale to Kubernetes when your traffic patterns justify it — not before.

Networking Architecture

Four Layers. Traffic Flows Down. Problems Stay Out.

Every request to your application passes through four layers of infrastructure before reaching your code. Each layer serves a specific purpose.

Layer 1

DNS + CDN

Global edge — closest server to your visitor

CloudflareBunnyCDNDDoS protectionEdge cache

Layer 2

Load Balancer

Distributes traffic across healthy instances

Health checksSSL terminationFailover

Layer 3

Application Servers

Your code, running in containers

Docker containersPrivate VPCAuto-scale ready

Layer 4

Database + Cache

Isolated on private networking — never public

PostgreSQLRedisS3-compatible storage

Backup Architecture

Data Loss Is Not Acceptable. So We Treat It That Way.

Three layers of backup protection, running automatically. Every day. Every week. Across regions on Professional plans and above.

Daily snapshots

Automated volume snapshots to object storage. 30-day retention.

Weekly full backups

Complete database dumps every Sunday at 3am. Separate retention policy.

Cross-region replication

Professional+ plans: backups replicate to a second region automatically.

Point-in-time recovery

Enterprise: restore your database to any 1-hour window in the past 7 days.

Last backup: 47m 23s ago

Sun

Mon

Tue

Wed

Thu

Fri

Sat

Daily snapshot

Weekly full backup

Today

Security Hardening

Eight Layers of Security. Applied to Every Server.

These aren’t optional add-ons. Every server we manage gets all eight of these configurations applied on day one.

Firewall rules

Only ports your application actually needs are open. Everything else is dropped by default at the network level.

SSH key authentication

Password logins are disabled on all servers. Access is exclusively via SSH keys — no brute-forceable credentials.

Fail2ban

Repeated failed login attempts trigger automatic IP bans. Brute force attacks are stopped before they get anywhere.

Unattended security upgrades

OS-level security patches apply automatically within 24 hours of release. No human intervention needed, no windows left open.

Encrypted volumes

All data at rest is encrypted using AES-256. Even if someone physically accessed the hardware, your data is unreadable.

VPC isolation

Database servers and internal services live on private networking. Only your application can reach them — not the public internet.

Secret management

Environment variables are injected at runtime, never stored in plain text, never logged, never committed to version control.

Rate limiting

Edge-level rate limiting via Cloudflare absorbs DDoS traffic before it reaches your servers. Your infrastructure stays calm.

Honest Comparison

Managed vs. Self-Managed. What It Actually Costs.

Managing infrastructure yourself isn’t free — it costs engineering hours. Here’s what these tasks realistically take per month.

Task	You manage it	SocioFi Cloud
IaC Setup	~12 hrs/month	Included
Container Orchestration	~8 hrs/month	Included
SSL Renewal	~2 hrs/month	Included
Security Patching	~6 hrs/month	Included
Backup Management	~4 hrs/month	Included
Monitoring Setup	~10 hrs/month	Included
Scaling Config	~5 hrs/month	Included
Incident Response	On-call rotation required	On-call included

At a conservative $75/hr engineering rate, the self-managed column above adds up to roughly $3,500/month in hidden labor cost. Our management fee starts at $149/month.

Get Started

Ready to Stop Managing Infrastructure?

Tell us what you’re running and we’ll set up everything above — on the right provider, at the right scale, for your budget.

Get Hosted See Pricing