DEV Community

Shubham
Shubham

Posted on • Originally published at shubhkumar.in

What's All Am I Hosting? Full Infrastructure Breakdown

Every few months, someone asks me how I run my entire online presence for basically nothing. The short answer is: I don't pay for what I can get for free.

The long answer is this post.

My entire infrastructure this site, APIs, email, monitoring, URL shortener, dev tools runs on free-tier cloud services. Total cost: $0/month. That's less than a single AWS load balancer costs for an hour.

Here's exactly how it works, why I chose each piece, and what I'd do differently.

The Philosophy: Free Tier First

I have a simple rule: if a service has a generous free tier that covers my use case, I use it. If I outgrow it, I'll pay but most of us never outgrow free tiers for personal projects.

The second rule: own the critical paths. DNS is the backbone, so it's on Cloudflare (free, but best-in-class). The main site is on Vercel (free, seamless Next.js deployment). Everything else databases, email, APIs, monitoring is a managed service that solves exactly one problem well.

DNS: Cloudflare (The Glue That Holds It All Together)

Everything starts with DNS. Cloudflare runs chan.ns.cloudflare.com and dave.ns.cloudflare.com as my authoritative nameservers. Every subdomain in this post is a DNS record that Cloudflare serves for free.

I use Cloudflare as a pure DNS provider no CDN proxying on most records except a few redirects (cal, link, mail). The proxied records hide my origin IP and give me free SSL termination, but I keep most records direct because I want full control over the traffic path.

Why Cloudflare over Route53 or self-hosted? Cloudflare's free plan includes unlimited DNS queries, DNSSEC, easy API access, and their dashboard is fast. Route53 charges per query. Self-hosting DNS is unnecessary complexity. Free + best-in-class = no contest.

The Main Site: Vercel

shubhkumar.in is hosted on Vercel's free tier. The apex domain uses an A record to 216.198.79.1 (Vercel's anycast IP for apex domains you can't use a CNAME at the root).

Vercel's free tier includes 100GB bandwidth, 6000 build minutes, automatic SSL, and edge network distribution. For a Next.js site with ISR, this is more than enough. The site loads fast everywhere because Vercel serves it from their edge network.

The www subdomain CNAMEs to the root standard practice.

Other Vercel-Hosted Sites

  • cv.shubhkumar.in Resume site. Next.js, deploys from GitHub.

  • news.shubhkumar.in Another Next.js site.

Hosted Applications: The Free Tier Dream Team

Render API Server

api.shubhkumar.in runs on Render's free tier. It handles contact forms, webhooks, and server-side endpoints the static site can't handle. Render gives 750 hours/month plenty for a low-traffic personal API.

Why Render over Railway or Fly.io? Render has the most generous free tier for this use case. The deploy experience is smooth (Git push → deploy), and SSL is automatic.

GitHub Pages Lightweight Pages

connect.shubhkumar.in is a simple social link aggregator Linktree-style but self-hosted. Single HTML page, zero cost, instant deploy from a GitHub repo.

Infrastructure: The Stuff That Runs in the Background

Tailscale Private Network Bridge

tail.shubhkumar.in points to my Tailscale node at 100.115.133.19. Tailscale creates a WireGuard mesh across all my devices laptop, home server, cloud VMs. The DNS record lets me reach my home lab from anywhere using a proper subdomain.

The real magic: Tailscale handles NAT traversal automatically. My home server is behind CGNAT (common with Indian ISPs), and Tailscale punches through without any port forwarding. Free tier: up to 100 devices.

Databases Managed, Never Self-Hosted

I use managed databases exclusively. Supabase (Postgres) for anything that needs relational queries and real-time subscriptions. MongoDB Atlas for document storage when the schema is fluid. Both on free tiers or their cheapest paid plans whichever covers the workload.

Self-hosting a database is the fastest way to turn a weekend into an ops nightmare. Backups, replication, patches, disk space all someone else's problem. The managed premium is worth every rupee.

Fly.io Lightweight Apps

track.shubhkumar.in hosts WakaAPI (self-hosted WakaTime stats) on Fly.io. Free allowance covers the tiny resource usage 3 shared-CPU VMs with 256MB RAM, 3GB storage, 160GB outbound.

Cal.com Scheduling

cal.shubhkumar.in Cloudflare-proxied redirect to Cal.com. Self-hosting a calendar scheduler isn't worth my weekend.

Better Uptime Monitoring

status.shubhkumar.in Free tier. Monitors all endpoints, notifies on Slack. 10 monitors with 3-minute checks and a public status page.

Tools and Redirects

Dub.co URL Shortener

go.shubhkumar.in runs on Dub.co's free tier. Short, memorable links go.shubhkumar.in/github, etc. Open-source, great API, free tier includes custom domains and basic analytics.

Used to run YOURLS on a VPS. Moving to Dub.co saved maintenance and gave better analytics.

Simple Redirects

link.shubhkumar.in and mail.shubhkumar.in are Cloudflare-proxied redirects using 192.0.2.1 (Cloudflare's placeholder IP). No server needed Cloudflare page rules handle the redirects.

Email Infrastructure: The Hardest Part

Email is the hardest thing on a personal domain. I run three services for different purposes because each solves a specific problem.

Zoho Mail Primary

Primary email on Zoho's free plan 5 mailboxes with 5GB each, custom domain, IMAP/SMTP, calendar. The last remaining free tier for professional email on a custom domain after Outlook killed their free custom domain offering and Google Workspace charges $6/user/month.

MX: mx.zoho.com (priority 10), mx2/3 as fallbacks. DMARC set to reject with Cloudflare reporting.

Trade-off: Zoho's spam filtering is decent but not Gmail-level. For free, acceptable.

SimpleLogin Email Aliases

simple.shubhkumar.in Creates aliases that forward to my primary inbox. If a service sells my email, I delete the alias. Free tier: 15 aliases, PGP encryption, open-source.

Resend Transactional + Broadcast Emails

I use Resend for all outgoing emails transactional notifications, broadcast newsletters, and contact form submissions. It handles everything through a single clean API with good deliverability out of the box.

Resend's free tier includes 100 emails/day, which covers my low-volume needs. DKIM and SPF configured through forms.shubhkumar.in for proper authentication.

Security and Verification Records

  • DMARC (reject) Strictest policy. Reports to Cloudflare's DMARC reporting. Caught email spoofing attempts at least twice.

  • BIMI Shows my logo next to authenticated emails. Mostly vanity but looks professional.

  • Keybase Domain ownership proof.

  • Google Search Console Site ownership for search analytics.

What I Don't Use (And Why)

  • No Kubernetes. Everything fits in docker-compose or managed platforms. K8s is operational overkill for one person.

  • No AWS. Pricing model punishes hobbyists. One misconfigured resource = surprise bill. I use SES for email only when necessary.

  • No self-hosted CI. GitHub Actions is free for public repos.

  • Databases: Managed Supabase (Postgres), MongoDB Atlas, etc. Free tiers + cheapest plans cover everything. Self-hosting a database is unnecessary ops overhead.

Cost Breakdown

Service

Cost

What It Runs

Vercel

$0

Main site (Next.js) + CV + News

Cloudflare DNS

$0

All DNS records, proxied redirects

Render

$0

API server

GitHub Pages

$0

Link aggregator

Fly.io

$0

WakaAPI instance

Better Uptime

$0

10 monitors, status page

Dub.co

$0

URL shortener

Zoho Mail

$0

Primary email, custom domain

SimpleLogin

$0

15 email aliases

Resend

$0

Transactional + broadcast emails

Tailscale

$0

Mesh VPN, 100 devices

Supabase

$0

Managed Postgres (free tier)

MongoDB Atlas

$0

Managed MongoDB (free tier)

Total

$0/mo

~15 services, one domain, full infra

Lessons Learned

  • You don't need to self-host everything. Used to run my own email server, Git server, CI huge time sink for zero benefit. Managed services let you focus on what matters.

  • DNS TTL matters. Low TTL (1–300s) on frequently changed records. High TTL (86400) on stable records for faster lookups.

  • Email deliverability is a second job. DKIM + SPF + DMARC + BIMI + reverse DNS + feedback loops takes a full day to set up. Get it right once, don't touch it.

  • Free tiers are designed to hook you. That's fine as long as you understand the migration cost before you're locked in.

  • Monitoring is not optional. Better Uptime caught three outages I wouldn't have noticed until someone emailed me.

The Reality

Running your own infrastructure is a trade-off setup time and occasional debugging for complete control and zero ongoing cost. For me, it's worth it.

But I also know when to stop. I don't self-host email. I don't run a Docker registry. I don't build custom dashboards. The services I chose handle those well enough that my time is better spent building on top of them.

Top comments (0)