DEV Community

Matthias Andrasch
Matthias Andrasch

Posted on • Edited on

How to host SvelteKit SSR apps (GDPR-compliant)?

In a recent article I tried to summarize Rich Harris arguments why SvelteKit pushes for Server Side Rendering and against Single Page Applications (SPA) / Client Side Rendering (CSR). In short: It's better for SEO, performance and resilience. One advice by Rich was: Don't use Single Page Applications unless you have a very good reason.

As always: it depends on your project case though. If your site content doesn't change often, a static SvelteKit site via adapter-static is an option as well. But if you pull in recent blog posts for example, SvelteKit adapter-node (SSR) should be considered. The awesome thing about this: You don't have to worry how to start the build process when content changes. This is needed for static generated sites, otherwise they don't have the latest content (obviously). With SSR you always fetch the latest data.

VPS hosting

Following up on that, I recently found some great articles about SvelteKit hosting on Virtual Private Servers (VPS):

These articles give a good insight about what is needed behind the scenes. I'm personally not a skilled server admin and have so much respect for all the IT girls and guys taking care of servers and networks every day. I have no deep knowledge about this, but I think it is good to understand the basics.

So let's briefly explore pm2 and then move on to other hosting options.

What is pm2?

"PM2 is a production process manager for Node.js applications with a built-in load balancer. It allows you to keep applications alive forever, to reload them without downtime and to facilitate common system admin tasks." (pm2)

Other similiar tools are nodemon and supervisor.

You could run these at well on a Raspberry Pi for example.

"But I don't want to fiddle around on the terminal!?"

A great service type I recently discovered are server management tools. They offer simple dashboards for configuring the virtual private servers mentioned above. And most of them support NodeJS as well:

The great thing about them is that you can connect various VPS providers, so you're not locked in to one price model or one hosting provider alone, here is a screenshot of Ploi:

Screenshot of plois server creation dialog

Full service hosting providers

There are also providers who take care of hosting, no VPS needed. Here are some examples, render.com even offers a free tier (limited by time of usage):

Even more easy: Integrated platform support

As SvelteKit docs state, there is also out-of-the-box support for these hosting providers:

But ...

SvelteKit, European Union and GDPR hurdles

.. as much as I'm impressed by Vercels dashboard and ease of use of all these full hosting services, my personal opinion is the following:

If SvelteKit (and other similiar frameworks like Astro) want to succeed in the European Union, NodeJS hosting must become much more simple: Simple as todays PHP hosting.

I can go to a various EU webspace providers like Hosteurope, Strato, Ionos, All-Inkl, Manitu, etc. and get decent PHP hosting for multiple sub-sites + databases starting at 2,50 € a month, including unlimited bandwith.

The most important thing: The servers are fully located in the European Union, I have no struggles with GDPR-concerns and the invalidated privacy shield for EU-US-data-transfer (Schrems II ruling).

The good news:

One german hosting company pioneering this is Mittwald. They introduced NodeJS hosting for additional 9€/month on their product agency server.

Personally I hope that others will follow, which would it make it much much more easier to introduce SvelteKit into existing tech stacks in my opinion. If it's just another click on a button "Add NodeJS app" on the current hosting provider, there is no lengthy discussion needed for introducing something new (which might even be hard to integrate because of GDPR-compliance).

Especially because of the recent automated mass law suit wave due to embedded google fonts (https://www.patrickriedl.at/wave-of-lawsuits-in-austria-due-to-use-of-google-fonts/), stakeholders might be more sensitive about these concerns.

What have I missed? What do you prefer?

Happy to hear your comments about your preferred hosting method for SvelteKit SSR (or NodeJS SSR in general)! Also please let me know if I missed a service! Thanks! 🤗

Top comments (4)

Collapse
 
kolja profile image
Kolja

Great article, unfortunately I found it a few days to late.
But maybe I can ad a second german NodeJS webspace provider;

netcup.de/bestellen/produkt.php?pr...

Collapse
 
kvetoslavnovak profile image
kvetoslavnovak

Is not there a region selection when using Vercel? Or do I miss something?
Thank you for your explanation.

Collapse
 
mandrasch profile image
Matthias Andrasch • Edited

Hey, thanks for your comment!

Yes, there is a region selection. But GDPR is about if (and on what legal grounds) personal data is stored. Region selection is a first good indicator if a service might be used in a GDPR-compliant-way. 👍

For example, storing an ip address in full length is personal data.

Vercel states here vercel.com/security:
"Is Vercel GDPR compliant?
Yes. For more information, see our Privacy Policy. No data is stored permanently inside EU regions. Static assets and Serverless Functions responses can be cached in EU regions, but it is ephemeral."

I'm not a lawyer and I haven't digged trough vercel.com/legal/privacy-policy yet.

But from my experience you need to state something about vercel hosting in your sites privacy statement for example. So there is more work needed to be done by the site owner. In Germany there are generators for this like datenschutz-generator.de/.

If there is a good article about GPDR-compliance & Vercel, @ all: please let me know! Guess it would be helpful. :)

Collapse
 
mandrasch profile image
Matthias Andrasch

Update, here is an example in german, it relies on the standard contract clauses (SCC): twitter.com/m_andrasch/status/1627...