If you use Cloudflare, they should still handle attacks and caching. For the origin server, I can't imagine any scenario where you'd get a lot of growth from the immediate attention. How are more than a few thousand requests per second realistic? It's not as if the whole world would suddenly constantly check passwords. And if you use his API for 3rd party services it'd make more sense to open source it so that others can use a local copy.
> To that end, "just use a VPS or a cheap dedicated server" sounds a whole lot like the middlebrow thing we're supposed to not be fans of around here.
I know that we're supposed to all be fans of AWS and everything as a service. But in reality I found simple VPS (can be Hetzner, OVH, AWS, Google, whatever) to be faster, cheaper and less prone to downtime (as most downtime comes from software rather than hardware anyway).
> To that end, "just use a VPS or a cheap dedicated server" sounds a whole lot like the middlebrow thing we're supposed to not be fans of around here.
I know that we're supposed to all be fans of AWS and everything as a service. But in reality I found simple VPS (can be Hetzner, OVH, AWS, Google, whatever) to be faster, cheaper and less prone to downtime (as most downtime comes from software rather than hardware anyway).