Migrating from DigitalOcean to Hetzner

Posted by yusufusta 14 hours ago

Migrating from DigitalOcean to Hetzner(isayeter.com)

678 points | 350 commentspage 2

collinmanderson 3 hours ago|

I just want to point out this guide uses many of the same tasks I use when migrating websites between servers while minimizing downtown.

- reduce dns ttl (if not doing an ip swap)

- rsync website files

- rsync /etc/letsencrypt/ ssl certificates

- copy over database (if writes don't happen often and database is small enough, this can be done without replica, just go read_only during migration)

- test new server by putting new ip in local /etc/hosts

- turn off cron on old server

- convert old server nginx to reverse proxy to new server

- change dns (or ip swap between old and new server)

- turn on cron on new server

onetimeusename 12 hours ago||

AWS only requires a card from me. I tried registering at Hetzner and they wanted a picture of my passport.

therealmarv 12 hours ago||

That's a trend which is more and more common nowadays.

I wish the industry would adopt more zero knowledge methods in this regards. They are existing and mathematically proven but it seems there is no real adoption.

- OpenAI wants my passport when topping up 100 USD

- Bolt wanted recently my passport number to use their service

- Anthropic seems wants to have passports for new users too

- Soon age restriction in OS or on websites

I wished there would be a law (in Europe and/or US) to minify or forbid this kind of identity verification.

I want to support the companies to not allow misuse of their platforms, at the same time my full passport photo is not their concern, especially in B2B business in my opinion.

pmdr 12 hours ago|||

It used to be "innocent until proven/suspected guilty." Now it's more like "let's see that ID, you know, just in case..."

OneMorePerson 11 hours ago||

I'm not a legal expert/lawyer but I do think a lot of this is not the company just randomly wanting to do it, but lawyer driven development. No company wants to introduce more friction for no reason, unless somehow there's precedent or risk involved in not doing it. Curious to know what legal precedents or laws have changed recently.

The only possible non legally driven reason I can think of would be if they think the tradeoff of extra friction (and lost customers) is more than offset by fraud protection efforts. This seems unlikely cause I don't see how that math could have changed in the last few years.

zackmorris 9 hours ago||||

It's partially because the internet only grants us free storage (noun), not free compute (verb).

Which is fundamental to so many XY problems, including why cloud services are so byzantine instead of just providing isolated secure shells with full root access within them. And why distrust is a growing force in the world instead of, say, unconditional love.

I always dreamed of winning the internet lottery so that I could help dismantle the systems of control which currently dominate our lives. Which starts with challenging paradigms from first principles. That looks like asking why we only have multicore computing in the cloud and not on our desktops (which could be used to build our own cloud servers).

When we're missing an abstraction layer, that creates injustice and a power drain from the many to the few. Some examples:

- CPU -> multicore MIMD (missing) -> GPU (based on the subset SIMD instead of MIMD upon which graphics libraries could be built)

- UDP -> connectionless reliable stream (missing) -> TCP (should have been a layer above UDB not beside it)

- UDP/TCP -> P2P (NAT and other limitations block this and were inherited by IPv6 as generational trauma) -> WebRTC (redundant if we had P2P that "just works")

- internet connection -> symmetric upload/download speed (blocked for legal reasons under the guise of overselling to reduce cost) -> self-hosted web servers (rare due to antitrust issues stemming from said legal reasons)

- internet connection -> multicast (missing due to suppression of content-addressable-memory/hash-tree/DHT/) -> self-hosted streaming (negates the need for regions and edge caching)

I had high hopes for Google and even Tesla (for disrupting the physical world). But instead of open standards, they gave us proprietary vendor lock-in: Google Workspace (formerly G Suite) and NACS instead of J1772 (better yet both). Because of their refusal to interoperate at the lowest levels, there is little hope that they will do the real work of solving the hard problems at the highest levels.

For example, I just heard that China has built thousands of battery swap stations to provide effectively instant charging for electric vehicles, whereas that's something that Tesla can't accomplish because they chose to build Supercharger stations instead.

Once we begin to see the world this way, it's impossible to unsee it. It calls into question the fundamentals (like scarcity) which capitalism is based upon, and even the concept of profit itself.

From a spiritual perspective, I believe that this understanding is what blocks me from using my talents to use the system for personal gain to win the internet lottery. The people who own the systems of control don't have this understanding, and even view its basis in empathy as a liability. So we sacrifice the good of the many for the good of the few and call that progress.

cyanydeez 11 hours ago|||

I dont. I'm happy the grift economy has some controls on it. As much as I love open source and all the efforts in collective without government interference; some security is required, otherwise we'll just invite more grift based economics.

It's bad enough living in America without the rest of the world adopting the grift economy.

xtracto 12 hours ago|||

Im in DO and tried to open an account in Heztner. It wont accept my Visa card (which is use to pay DO). So no business from me.

uxcolumbo 12 hours ago|||

That's nuts. Why do they want a pic of your passport.

Absolutely no to this - reason enough to go with AWS or alternatives. And why are ppl willingly giving it to hosting providers?

Unnecessarily exposing yourself to identity theft if they get compromised.

acdha 12 hours ago|||

They have to operate within the laws of the countries they’re physically located in. Those countries want to know that they’re not hosting illegal content, providing services to crime rings, Russia or North Korea, etc.

If Hetzner allows you to host something and you use it for illegal acts, they aren’t going to jail to shield you for €10/month.

uxcolumbo 10 hours ago||

Hosting companies managed to shutdown illegal sites without requiring you to submit your pics and passport first.

And if someone wants to do illegal things, what's stopping them from submitting a fake ID?

edwinjm 6 hours ago||

You buy your fake ids at the grocery store?

uxcolumbo 6 hours ago||

No, but my local AKO newsagent does have them. Don't have a need for them though.

fg137 9 hours ago||||

In my case, I submitted my drivers license, the real one, that matched other information I submitted.

They still decided my information was fake and terminated my account.

I'm never going to do business with them again.

zaptheimpaler 12 hours ago||||

Hetzner is like 1/10th the cost of ripoffs like AWS now, the passport data is deleted after verification and I can actually trust this claim coming from an EU company under GDPR that doesn't have any use for my personal data. You can also just bypass the passport requirement entirely by making a €20 Paypal deposit to the account.

uxcolumbo 10 hours ago|||

You just hear too many horror stories of data being leaked. Even if Hetzner uses a 3rd party system to do the verification - that 3rd party probably has to store your pics for some time.

But at least if there is an alternative then great.

victorbjorklund 8 hours ago|||

Never had to do this. Sounds like they were flagged as a high risk customer and that’s why.

goobatrooba 12 hours ago|||

I signed up for Hetzner a few weeks ago and didn't have to provide any ID. I pay by credit card.

Not sure what differs in our cases, I'm based in EU.

ciex 11 hours ago|||

Do they always do this? I never had to present my passport as far as i can remember.

Strom 11 hours ago|||

They do not. I've never had to present any documentation whatsoever to Hetzner and have been a happy customer for many years.

As I understand it, they ask only from accounts that check several boxes for common cases of abuse. So basically, personal accounts (as opposed to business accounts) from poor countries (by per capita, so e.g. India qualifies as poor).

roel_v 9 hours ago|||

I signed up yesterday and didn't have to provide anything.

faangguyindia 12 hours ago||

i don't do anything bad and my passport isn't exactly any secret, i gladly submit it too Hetzner.

pennomi 13 hours ago||

I saved about $1200 a year by moving from AWS to Hetzner. Can’t recommend it enough. AWS has kind of become a scam.

subscribed 12 hours ago||

Scam? You mostly get what you pay for.

Sure, it cost me £6/mo to serve ONE lambda on AWS (and perhaps 500 requests per month). Sure it was awesome and "proper". But crazy expensive.

I host it now (and 5 similar things) for free on Cloudflare.

But if you need what AWS provides, you'll get that. And that means sometimes it's not the most cost-effective place.

wiether 11 hours ago||

  > Sure, it cost me £6/mo to serve ONE lambda on AWS (and perhaps 500 requests per month)

I went on pricing calculator, and to arrive at $6/mo with only 500 requests, you'd need to run the lambda for 15 minutes with 2Gb of RAM.

On the other hand, we have dozens production workloads on Lambda handling thousands of requests daily and we spend like $50/mo on Lambda.

I'm really intrigued by what you did to get to those figures!

acdha 12 hours ago|||

That’s like saying Mercedes is a scam because you’re fine with a Honda Civic. It’s a totally legitimate preference but not being in the target market doesn’t make something a scam.

alternatex 11 hours ago||

AWS ain't no Mercedes. Mercedes feels premium and isn't full of bugs.

AWS and Azure a charging an arm and a leg, but the offered quality is mostly perceived. Most of the bits and bobs they charge for are not providing much value for a vast majority of businesses. I won't even go over the complete lack of ergonomics with their portals.

acdha 2 hours ago|||

I see you have strong emotions about this but really my point was simply that AWS customers are paying for things they value which you do not. It’s fine for you not to share their priorities but any time people are paying billions of dollars for something in a competitive market, it’s a mistake to say they’re all fools or being fooled.

DaedalusII 11 hours ago||||

mercedes and honda interior almost indistinguishable now

and mercedes is just like aws in dumb charges. new tires, EUR1000+ for set. replace car keys? EUR1000+

rs_rs_rs_rs_rs 8 hours ago||||

>Mercedes feels premium and isn't full of bugs

Maaan, I have some bad news for you...

rpcope1 11 hours ago|||

> Mercedes feels premium and isn't full of bugs.

I see you've never actually owned or worked on a German car, especially in relation to even modest Japanese models. Maybe they were a little nicer inside in the 80s and maybe 90s, but "German car" and frankly "European make" is basically synonymous with "big expensive pile of shit that's an expensive pain in the ass when things start falling apart (which they seem to with increasing rapidity)." It's like the disease that plagued British cars for the longest time got contaminated with the German propensity to build overly complex monstrosities.

PunchyHamster 11 hours ago|||

The pricing was always like that. You pay premium for availability of the big spread of cloud services

steve1977 13 hours ago|||

Hetzner Cloud or their VPS offerings?

nixpulvis 13 hours ago|||

Anything worse about the service?

delfinom 13 hours ago|||

Each has their trade offs. AWS absolutely has a high premium but Hetzner has some quirks.

Recently we had several of our VMs offline because they apparently have these large volume storage pools they were upgrading and suddenly disks died in two large pools. It took them 3 days to resolve.

Hetzner has no integrated option to backup volumes and its roll your own :/ You also can't control volume distribution on their storage nodes for redundancy.

faangguyindia 12 hours ago|||

it's not scam, it's like Casino House. Everything is designed to pull your money and make you believe that you are benefiting from it.

richwater 12 hours ago||

Your thesis is that everyone who uses AWS is being duped...?

faangguyindia 12 hours ago|||

No, they just don't know what value AWS provides. And honestly you'll never know until you roll out your own Dedicated servers and later you'll wonder why you never did it sooner.

rolymath 11 hours ago|||

Probably most are overpaying.

Cloud used to be marketed for scalability. "Netflix can scale up when people are watching, and scale down at night".

Then the blogosphere and astroturfing got everyone else on board. How can $5 on amazon get you less than what you got from almost any VPS (VDS) provider 10 years ago?

Silhouette 12 hours ago|||

I don't think it's fair to call AWS a scam. It's complicated and powerful and it charges a lot for many services compared to a DIY approach. But you can see the prices transparently on its site, it provides a free tier to try most services out, it is fairly good about long term support for services and how it handles forced upgrades when they become necessary, and generally it has an OK reputation for customer support even if something unexpected and very bad happens. You're certainly paying a price for the convenience and the brand but I don't think that's a scam if you're making an informed choice. If you want to save money then you can replace RDS with Postgres running on VMs but the trade off is then you have to manage your database infrastructure yourself.

echelon 13 hours ago||

AWS has always been a scam.

It's worse than Oracle and they don't even use lawyery contracts.

The technology itself is the tendrils.

infomiho 4 hours ago||

Hey I made the meme in the header https://wasp.sh/blog/2025/04/02/an-introduction-to-database-...

Nice to see it used _twice_ :D

thelastgallon 10 hours ago||

In the big corporate world, this would be a $600m budget, creating multiple VPs, thousands of positions, multi-cloud and multi-dc kubernetes, tons of highly paid consultants, the migration would take 9 - 12 years, create so many success stories, lessons learnt, promotions, etc etc.

jpablo 10 hours ago||

  If you’re migrating a large MySQL database and you’re not 
  using mydumper/myloader, you’re doing it the hard way.

If you aren't using xtrabackup you are doing it wrong. I recently migrated a database with 2TB of data from 5.7 to 8.4 with about 15 seconds of down time. It wouldn't have been possible without xtrabackup. Mysqldumper requires a global write block, I wouldn't call blocking writes for hours a "zero downtime migration".

grasbergerm 5 hours ago||

I have experience in migrating large DBs with replication and the article not discussing write blocks made my ears perk up as well.

Aside from the blocking you mentioned during the initial snapshot, you'd need to block writes to the old DB before the cutover as well. There's no way to guarantee in-flight writes to the old DB aren't lost when promoting the replica to a primary otherwise. I'm surprised the author didn't go into more detail here. Maybe it was fine given their workload, but the key issue I see is that they promoted the new DB to a primary before stopping the old application. During that gap, any data written to the old DB would be lost.

embedding-shape 10 hours ago||

Correct me if I'm wrong, but done with a proxy in-between that can "pause" requests, you could have done the move with 0 seconds and no rejected requests, and I don't think mydumper/myloader/xtrabackup matters for that. The "migration" would be spinning up a new database, making it catch up, then switching over. If you can pause/hang in-flight requests while switching, not a single one needs to fail :)

jpablo 9 hours ago||

The "making it catch up" is the tricky part. You need an initial backup for that. xtrabackup can take that backup "hot" without blocking read/writes. mysqldumper will block writes for whatever time that initial backup takes, for 2TB of data that's going to be hours.

Once you have that initial back up you can set your replica and make it catch up , then you switch. I choose to take the few seconds of downtime doing the switch because for my use case that was acceptable.

embedding-shape 9 hours ago||

Isn't that just a flag? "--lock-tables=false", alternatively --single-transaction for InnoDB.

jpablo 8 hours ago||

If you want a consistent backup that you can use to setup a replica you need to block writes while the backup is taken, take the backup while the database is shutdown OR use xtrabackup.

BrunoBernardino 5 hours ago||

Really interesting sharing, thanks! Why lower the TTL to 300 instead of something like 60 or 30, to make the switch even faster? The nameservers were DO's, so they should've been more than able to handle the increased load.

BTW, I've been a client of Hetzner (Cloud, Object Storage, and Storage Box) for a few years now, very happy with them!

rob 7 hours ago||

I know they've been bought out by Akamai or whatever but I've been using Linode for over 10 years and I still go to them if I need a VPS. I don't have extreme needs, but they seem to be always improving or adding features comparable to other providers and the UI is consistent so I don't see a reason to change. Any time there has been an issue they've migrated me to a new host automatically without even needing to do anything. I combine it with Dokploy now and just deploy most of my projects via Docker Compose and private GitHub repos.

xuki 13 hours ago||

I've had excellent experiences with Percona xtrabackup for MySQL migration and backups in general. It runs live with almost no performance penalty on the source. It works so well that I always wait for them to release a new matching version before upgrade to a new MySQL version.

addybojangles 4 hours ago|

Might give this a whirl, not move business infrastructure here, but see how it works for my personal VPN server.

More comments...