From AWS to a 7 EUR Hetzner VPS: Rebuilding My SaaS Stack with Coolify

A good friend works in automotive as a process engineer. His whole world is efficiency, takt time, and Yamazumi charts. Those are stacked bar charts that show how tasks are distributed across operators on a production line. Sounds boring until you realize entire factories depend on getting them right.

One evening, over coffee, he showed me their "tool". Brother, it was not a tool. It was Excel. Dozens of tabs. VBA macros held together with prayers. Cells with formulas that no living person could explain anymore. And my personal favorite: yamazumi_final_v12_REALLY_FINAL.xlsx.

Factories are supposed to run on lean. Their line balancing setup was the opposite of lean. It was chaos wearing a spreadsheet costume.

That is when I thought: I can build something better than this. How hard can it be?

(Spoiler: harder than I thought. But we got there.)

Firebase and Supabase: Cool, But Not for This

My first instinct was Firebase or Supabase. Spin up an MVP in a weekend, free tier, auth included, ship it and figure out the rest later.

But this is not a weekend project. This is a tool for factories. Multi-tenant auth, audit logging, compliance. The kind of stuff where "just use Firebase" stops being a viable answer real quick. Free tiers disappear the moment you actually need something, and you wake up one morning locked into a vendor you never planned to depend on.

I needed to own the stack from day one. No surprises.

The AWS Phase (and Why I Bailed)

The first version of this stack was full AWS. App Runner, Cognito, RDS, S3, Terraform, GitHub Actions. The whole thing. It worked fine. The free tier and startup credits made it affordable, and I felt very professional with my Terraform modules and my CI/CD pipelines.

Then reality hit. I was spending more time babysitting infrastructure than building the actual product. Want to change a small thing? Touch three Terraform files, update an IAM policy, wait for the pipeline, pray nothing breaks. It was like having a second job, except the second job was fighting YAML.

And once the credits ran out? The bill for a SaaS with basically no traffic was embarrassing. I was paying AWS to keep the lights on in an empty room.

Screw that. I wanted something simple.

The Stack, Explained Like We Are at a Bar

Hetzner

If you are building anything in Europe and you are still on AWS, we need to talk. Hetzner gives you 4 vCPUs, 8GB RAM, 160GB NVMe for around 7 euros a month. Seven. AWS charges more than that for a NAT gateway you did not even know you were paying for.

No hidden fees, no "oh you also need to pay for egress", no pricing calculator that requires a PhD. Pick a server, pay a flat rate. They have a clean CLI too. German company, German data centers, GDPR is not even a conversation. It just is.

Coolify

Coolify is the thing that changed everything. Open source, self-hosted PaaS. Install it on your Hetzner box and suddenly you have your own private Heroku. Except you own the machine and nobody can change the pricing on you.

This one tool replaced: GitHub Actions (Coolify deploys on git push), AWS App Runner (it runs Docker containers), AWS RDS (it manages Postgres with backups and a UI), and Terraform (there is nothing to terraform when your infra is one VPS).

One dashboard. Push to main, it deploys. I genuinely do not understand why more people are not using this.

Traefik

Reverse proxy that sits in front of everything. Handles SSL through Let's Encrypt automatically. I set it up once and I have not thought about it since. No Nginx config files, no cron jobs renewing certificates. Coolify sets up Traefik by default and it just runs. The best infrastructure is the kind you forget exists.

Spring Boot + Kotlin

I know, I know. "Spring Boot? For a small project?" Yes. Because when you need proper security, database migrations, transactional email, background jobs, and a clean API layer, Spring has all of it. And it has been battle-tested for 20 years. Kotlin makes it actually enjoyable to write. Gradle builds it. No hype, no framework-of-the-month. Just solid, boring, reliable software.

Spring Security + JWT

Rolled my own auth. No Cognito, no Auth0, no Keycloak. People act like this is some insane thing to do, but for a JWT flow with signup, email verification, password reset, and token refresh? It is maybe two days of work. And then your auth never goes down because some third-party service is having a bad day. I sleep better at night knowing my login page does not depend on someone else's uptime.

React + TypeScript + Vite + Tailwind

The frontend. React because the ecosystem is enormous and if I ever need to hire someone, everyone knows React. TypeScript because writing JavaScript without types in 2026 is just asking for pain. Vite because waiting for webpack to compile is not how I want to spend my life. Tailwind because CSS files are where motivation goes to die. Zustand for state management because it does the job without the 40-page Redux tutorial. Whole thing runs in Nginx inside a Docker container, deployed through Coolify.

PostgreSQL

Postgres. The database that does not need an introduction. Runs as a Coolify service with automatic backups. No managed database markup, no connection limits from some free tier, no "you exceeded your row count, please upgrade" emails. Just Postgres being Postgres.

Tailscale

Tailscale is one of those tools that makes you feel stupid for how you were doing things before. It creates a private VPN mesh between your devices using WireGuard under the hood. I use it to connect to my production Postgres from my laptop. No exposed database ports, no SSH tunnels with port forwarding that you have to remember, no firewall rules that make you question your life choices. Install Tailscale on the server, install it on my laptop, they see each other. Open DBeaver, connect to the Tailscale IP, done. Feels like the database is running on localhost.

If you are still doing ssh -L 5432:localhost:5432 user@server in 2026, please stop. You deserve better.

Mailgun

Transactional emails. Verification, password reset, notifications. Mailgun handles it. Free tier covers everything at my current scale. The API is straightforward, Spring Boot integrates with it easily, and I never think about email deliverability. It is one of those set-and-forget things.

Zoho Mail

Custom domain email. The hello@ercan.tech kind of thing. Zoho gives you this for free. Actually free, not the startup "free for 14 days then surprise" kind of free. Real free. Works fine. I do not need a Gmail workspace for this.

Ghost

The blog you are reading right now. I started with WordPress. It worked fine until I wanted basic SEO. WordPress said that will be $25/month please. For an SEO plugin. Then they wanted more money for custom CSS. Then more for analytics. I am sorry but what the hell? Basic features behind a paywall on a platform that markets itself as free and open source?

Switched to Ghost. Self-hosted on the same Hetzner box through Coolify. I wrote about replacing WordPress and going full self-hosted in another post. Does everything WordPress did, minus the constant upselling. Clean admin panel, fast pages, proper API I can script against. Should have done this from the start.

Grafana + Prometheus

Monitoring. Coolify has Grafana and Prometheus built in, so setting it up was basically clicking a button. Container metrics, resource usage, basic alerts. Not enterprise-grade observability, but enough to know when something is on fire before my users tell me. Between this, the blog, and my self-hosted Obsidian sync, this little VPS is earning its keep.

The Full Stack

# frontend
React + TypeScript + Vite + Tailwind
Zustand for state management
Served with Nginx, Dockerized

# backend
Spring Boot 3 + Kotlin + JDK 21
Spring Security with JWT token auth
Gradle build

# database
PostgreSQL (managed by Coolify)
Tailscale VPN for secure remote access

# email
Mailgun for transactional emails
Zoho Mail for custom domain inbox (free)

# infrastructure
Hetzner VPS (Europe, ~7 EUR/month)
Coolify as self-hosted PaaS
Traefik reverse proxy (auto SSL via Let's Encrypt)
Tailscale for secure VPN access
Grafana + Prometheus for monitoring

# blog
Ghost CMS (self-hosted on Coolify)

What Changed From the AWS Days

The Monthly Bill

Everything runs on one Hetzner VPS. The Yamazumi app, the blog, Postgres, monitoring, all of it.

• Hetzner VPS: ~7 EUR/month
• Domain: already had it
• Mailgun: free tier
• Zoho Mail: free
• Tailscale: free for personal use
• SSL: free via Let's Encrypt
• Monitoring: free (same box)

Under 10 EUR/month for a production SaaS with auth, email, monitoring, secure database access, and a blog. Meanwhile AWS was burning through credits at 50-100 USD/month for the exact same thing. Math was not mathing.

What I Learned

• AWS is great if you are a company with a platform team. For a solo dev building a SaaS, the complexity tax will eat you alive.
• Hetzner + Coolify gives you 90% of what managed cloud offers at a fraction of the cost. The other 10% you probably do not need yet.
• Self-hosting in 2026 is not what it was in 2016. Tools like Coolify make it feel like using Vercel, except you own everything.
• If a tool starts charging you for basic features, walk away. There is always an open source version of the thing you need.
• Rolling your own JWT auth is not scary. It is two days of work and then you never depend on someone else's login service again.
• Tailscale is a cheat code. Seriously. Stop SSH tunneling.
• Keep the stack boring. React, Spring Boot, Postgres. These tools are boring because they work. Ship the product, not the infrastructure.