Considering Migrating from Vercel
Hi i'm currently considering to migrate from Vercel for my apps, but i need some feedbacks and clarifications for some things since i could not (or have not) found the answer.
To start, my apps is a new public SaaS that use NextJS which has over 3-5k daily users, while using Vercel is okay, but i find that Vercel charged for their Edge Request. My app has at least 1 mil request per day, and the included limit is only 10 mil, which i need to pay for extra 30-40 mil request (every 1m additional request charged for $2)
I found out that Railway has different pricing scheme than vercel, and from what i see, i can save a lot from migrating to Railway, and the plus point is Railway is serverful!
But there's a catch for me to consider this migration, my service has been attacked by various attack pattern ranged from DDOS attack, SYN Flood, SQL Injection, Code Exploit, etc for this past 4 months. I have also migrate from various platform before Vercel until i found that Vercel have protection for that, i now mark Vercel as our safe place (until i found out the pricing).
So now i requires platform that at least have protection for DDOS attack, does Railway provide this? And please do not underestimating the DDOS attack, since my infra can be down for at least 30 minutes before i can even recover (yes i also use cloudflare pro and additional ddos protection from the cloud provider at that point, but still...)
So can anyone with the same experience or know the answer to this help me to this question?
1. Do Railway has DDOS Protection? - we are afraid that incoming attack will be charged to our RAM & CPU usage
2. The railway pricing is basically subscription + usage right? i need to pay for the subscription first, then the usage?
3. Is my project on Railway is put into shared instance? since i found out that pro subscription server has 32 GB RAM / 32 vCPU per service, and if so, is the shared instance has protection for DDOS protection, or does any attack to any service on the shared instance will be affecting my service?
4. Do i need to setup my own CDN like cloudflare? Since on vercel, they basically have everything set up, we just need to put our apps and run
5. For anyone who hosts nextjs on Railway, how's your experience using it? What's the pros and cons?
Thank you!
Solution:Jump to solution
1. They do not provide ddos protection, that's something you would use cloudflare for, since you are already using it, if you have your rules setup correctly then you are already good!
2. For an app that 3-5k daily users you would need to be on at minimum the Pro plan, that's 20$ per seat (user) per month, plus any additional resources.
3. Your workload does get put onto a larger host with other workloads but railway has protections against noisy neighbors, you will always be able to use up to that 32/32 CPU/MEM.
4. Yes you would, thats not something Railway offers at this time, if you are already using cloudflare then it would be easy to enable.
5. I don't host a nextjs site on Railway so I can't give you first hand experience, but from what I've heard, it can tend to use a good amount of memory if you use packages like sharp for image processing, and Railway only ever runs your code as-is unlike vercel where they will monkey patch some common mistakes....
20 Replies
Project ID:
6d71ffb2-d48a-4d5a-b13c-f046f578b772
Solution
1. They do not provide ddos protection, that's something you would use cloudflare for, since you are already using it, if you have your rules setup correctly then you are already good!
2. For an app that 3-5k daily users you would need to be on at minimum the Pro plan, that's 20$ per seat (user) per month, plus any additional resources.
3. Your workload does get put onto a larger host with other workloads but railway has protections against noisy neighbors, you will always be able to use up to that 32/32 CPU/MEM.
4. Yes you would, thats not something Railway offers at this time, if you are already using cloudflare then it would be easy to enable.
5. I don't host a nextjs site on Railway so I can't give you first hand experience, but from what I've heard, it can tend to use a good amount of memory if you use packages like sharp for image processing, and Railway only ever runs your code as-is unlike vercel where they will monkey patch some common mistakes.
p.s. welcome to Railway!!
Thanks for the answer!
Looking at your answer might reconsider me to migrate to Railway actually π’ because the really big issue that i have to face is the DDOS issue, and even if i have already configured the cloudflare, still some of the DDOS will come into our server before the protection is working (i don't know, but this is an issue from cloudflare)
Even though i believe Railway server will be strong enough to handle this attacks, but i'm afraid that this attacks (that are not blocked by cloudflare) would be billed to my account, possibly creating a very high bills and even surpasses vercel bills. Seems that i'll wait until Railway DDOS Protection is available, but i'll still reconsidering to move into Railway.
Anyway, thanks for the answer and clarification!
I don't think railway will ever offer ddos protection, since that's what a property configured cloudflare account will do, railway doesn't see a point in reinventing the wheel, but you can set usage limits on your account to eliminate infinite costs
Oh i see, looks like i might need to find better ddos protection alternative from Cloudflare first then π
or play around with the configuration?
Your situation is confusing. But A) it is impossible to completely block 100% of attacks. No matter what. The only exception is to deny all traffic.
If you wanted to have better control over what traffic is legal, you can always create an entry point service that has its own rules for if it rejects or accepts a request. Doing it this way would actually give you more control over vercel. However, you really should centralize your protection. IE, most of it should be done in cloudflare.
Instead, you should just have a system that is more resilient to attack vectors. Easier said than done.
At least with railway, there are a lot of scale options. Like replicas.
But back to your original issue; what could you possibly be doing that is making you so exposed to attacks? Like yea, DDoS is a real concern for people; but the way you are talking about it makes it sound like more is going on
joshie brings up a good point, why are you subject to such attacks? are you running something controversial?
i've try working out all possible configuration, or i might miss some, i even have friends helping me to create auto ddos detection and put the IP's into my blocklist, but it came from Botnet, and it wasn't working very well since there will always be new IP's coming, so might better find a better alternative too
And somehow i feel cloudflare services are degraded somehow (or it's just me)
Cloudflare is definitely not keeping up. They are becoming complacient. They are ripe for competition to take them over (I welcome this a lot).
You can't really always just block IPs. Blocking attacks is complicated. But what if someone uses a VPN to "attack" you? And you block that VPN node. But now everyone coming from that server is blocked. All real users.
Without knowing more details though, it makes it hard to actually comment / advise
No, my platform is www.tako.id, it's similar to ko-fi, but it's locally in my country (Indonesia), i don't know why, maybe competitors, or maybe some guy that doesn't like my platform, but they always try to make my services down (even if it's just for a minute)
FYI, since my app has it's overlay system, i require any system/cloud provider that can provide and guaratee 24/7 uptime to my service since there will always active user using my app 24/7
railway lists 99.9 for pro users
A competitor trying to take you down does make sense. At least somewhat from some stories I have heard before.
Really hard to protect against. Complicated stuff for sure.
I see, thank you for the notes! Yeah i see that using platform like Cloudflare will give me more flexible controls, but it's me or somehow when i moved to vercel, the attacks still coming in (because i proxy vercel with cloudflare), but somehow vercel can block it off even when cloudflare not, and it's blocked from the first DDOS attacks, so not waiting until my system shuts down first then it somehow starts working. (maybe cloudflare doesn't like me π€£)
Well at least your webiste looks really good. I don't understand any of the words π but it looks very nice
I love these guys π
Yeah, IP blocks is not a great solution, but that's what i can do atleast for now, because i must have my app always up and if it's down, the tolerated duration is just for 2 minutes
Haha Thanks for the compliment! His name is Tako by the way π
I hope it's still 99.9 when i'm using it later π
Anyways, thank you guys for the discussion, i may still consider moving it, i'll try making the decision first week of July, but i learn a lot here too, Thank you Joshie & Brody!
Some good reads
https://funkbytetech.substack.com/p/i-fought-a-ddos-and-lived-to-tell
https://news.ycombinator.com/item?id=38069669
There are lots of other good resources out there from other people. And also keep in mind that companies many times larger than you struggle with this problem. It is very hard. But not impossible.
Hey thanks for the reading resource, i'll look onto it, seems like a good references to my problem :thumbs_up: