3. Choose a hosting provider

by Double Bastion - Updated December 4, 2023

The hosting provider is very important. It’s recommended to choose a hosting provider that does nothing else apart from hosting. If you understood the whole point of this guide and the principles that drive the development of honest free and open source software, you will avoid the hosting services offered by the well-known tech giants.

To host all the applications described in this guide you will need one of the following hosting types:

  • VPS (Virtual Private Server, sometimes also called VDS (Virtual Dedicated Server)). This is a virtual server in the sense that on a physical server, a virtualization program creates virtual hardware resources (CPUs, RAM, storage devices, etc.) which are allocated to multiple VPSs, so that each VPS has its own virtual CPU(s), RAM, storage device, network interface, etc. It offers a high degree of isolation from other users on the same physical server and it can be configured like any physical server by installing an operating system, configuring the netowork interface, etc. Some hosting companies call them simply ‘virtual machines’ or ‘compute instances’.
  • cloud server (or cloud instance, sometimes called ‘cloud VPS’). This is a virtual private server in which the virtual hardware resources are hosted not on a single physical server, but on multiple physical servers which form a cluster, providing high scalability and redundancy. When the servers that are part of the cluster become overloaded due to sudden increases in web traffic, new servers are automatically added to the cluster, to bear the load. The storage of the server cluster, which is usually separate from the cluster, can be also automatically extended on demand. This type of hosting offers increased scalability and redundancy but it’s usually more expensive than equivalent traditional VPSs.
  • dedicated server (or bare metal server). This is a physical server that is fully dedicated to a single client. It’s more expensive than other types of hosting but the applications installed on it are not competing for hardware resources with other applications of other clients. Dedicated servers are usually used for websites and applications with very high traffic.

You should choose a hosting provider with a good reputation, that offers good quality VPSs/cloud servers/dedicated servers, at low prices. If it’s a VPS, be aware to choose a VPS with kernel-based virtualization (KVM), where each VPS has its own kernel, and not container-based virtualization (OpenVZ), where multiple VPSs share the same kernel and you won’t be able to upgrade the kernel or customize it.

We can’t stress enough how important it is to choose a good hosting provider. Let us list just a few of the situations that you can face if you choose the wrong hosting company:

  • your VPS works as expected for a few months and suddenly it begins to freeze randomly for about 3 minutes at a time, although it’s perfectly configured and it’s not your fault. You open a support ticket and suggest that the underlying physical hardware might be overloaded, but the support team replies that they can’t determine the cause, therefore, you decide to change your hosting provider.
  • your server works as expected for several months, then suddenly it becomes inaccessible and remains inaccessible for about an entire day because of some hardware issues at the data center, which is not your fault. You contact technical support but they can’t offer a valid justification for what happened, therefore, to avoid such unacceptable interruptions you search for a different hosting provider.
  • your hosting provider suddenly doubles the price for your server, without any explanation or prior notice.
  • your server works as expected for a while, then you notice that spamhaus.org blacklisted your IPv6 not because you sent spam, but because other neighboring IPs in the same /64 range of IPs sent spam. You contact spamhaus.org and ask them to delist your IP but they refuse because your hosting provider didn’t allocate a /64 subnet of IPv6 addresses to your server, but a /128 subnet, which means a single IP address. When you ask your hosting provider to allocate a /64 subnet to your server, they simply refuse. You also find that your IPv4 address is included on the UCEPROTECTL3 blacklist, for the same reason: you didn’t send any spam but other neighboring IPs sent spam and the maintainer of UCEPROTECTL3 wants to put pressure on the hosting provider to take action against the real spammers, by blacklisting innocent IPs in the same IP range as the spammers. Therefore, you cannot send emails using your IPv6 address, and if you configure your SMTP server to use only your IPv4 address, you can’t send emails to all the addresses managed by Microsoft: outlook.com, live.com, office.com, hotmail.com, since Microsoft rejects incoming emails based on the abusive UCEPROTECTL3 blacklist. You complain in vain to your hosting provider, therefore, you decide to change your hosting provider.

Please note that these situations are not hypothetical: they really happened to real persons.

Based on the quality of their services and their prices, we can recommend vultr.com and linode.com, but there are other good hosting providers. We have no affiliation with the mentioned providers.

You should also be aware that search engines can rank websites higher if the geographic location of their servers is the same as the location of the visitors. In other words, instead of choosing an international hosting provider with lower prices but with servers in other countries than you and the majority of your website’s visitors, it may be better to choose a more expensive hosting provider with servers located in your country. Since the page ranking algorithm of search engines is kept secret, nobody knows with certainty to what degree the physical location of the server influences the page ranking for the websites hosted on it. Yet, it’s very likely that the physical location of the server has some influence on page ranking. There are also other benefits of renting a server in your own country: if you leave the country, you can use the VPN installed on that server to access any services in your country, with a local IP.

As mentioned before, to host all the applications described in this guide in proper conditions, you will need a VPS, cloud server or dedicated server with at least 2 GB of RAM, 1 CPU core and 40 GB of SSD storage. If you intend to host many websites with high traffic, like tens of thousands of unique visitors per day, you should choose a VPS/cloud server/dedicated server with higher specifications.

It’s a good thing if the provider offers both IPv4 and IPv6 addresses, although IPv6 is not mandatory. The server can function perfectly without IPv6 connectivity. However, if the hosting company that you intend to choose offers IPv6, and you want to enable both IPv4 and IPv6 for your mail server, before signing up for a hosting account you should find if they allocate /64 subnets to their servers, or only smaller subnets, like /128 subnets, which means only one IPv6 address. Some hosting providers mention what type of IPv6 subnets they allocate, on their website. If they don’t mention it on their website you can ask them via email. If they only offer subnets smaller than /64 and you want to enable IPv6 connectivity for your mail server, it’s very likely that you will face the following situation: spamhaus.org can notice that some IPs in the same /64 subnet of your server, which belong to other clients of your hosting company, send spam. spamhaus.org will include the whole /64 range of addresses, including your IPv6 address, on their CSS blacklist, even if it’s not you that sent spam. Because of this, all your emails will be rejected by all the mail servers that use the zen.spamhaus.org blacklist to reject emails. If you ask spamhaus.org to delist your IP, they will reply that your hosting provider should have allocated /64 subnets to all their servers, and that they won’t delist your IP until your server will be allocated a /64 subnet. When you ask your hosting provider to allocate your server a /64 subnet, they will refuse, to avoid additional costs or for other reasons. To prevent this situation, you should know in advance if the hosting provider that you intend to choose, offers /64 IPv6 subnets, or only smaller subnets.

Also, when you rent the server, the provider should allow you to choose Debian 12, 64-bit as operating system for the new server and the operating system should be installed automatically when signing up, so that after a few minutes you will receive the log in credentials and start installing applications. Almost all hosting providers offer the latest stable version of Debian as an operating system for newly rented servers. If they offer other Linux distributions but not Debian, this is a sign of poor quality services and you should avoid them.

You should also read the ‘Terms of service’ of the hosting company that you intend to choose and check if they block ports 25, 465, and 587. Some hosting companies block outgoing traffic on these ports, in an effort to prevent spam. In general, even if they block these ports, they are willing to unblock them after you open a support ticket and explain that you intend to host a mail server that needs those ports open and that you intend to send only legitimate emails that comply with all the anti-spam regulations.

Hosting providers can also impose other restrictions, like limiting the number of emails that can be sent daily. Therefore, you should check their ‘Terms of service’ or ‘Terms and Conditions’, to find if there are any restrictions that apply in your case and if they can be lifted.

You can send your questions and comments to: