Hi Anthony,
You forgot to mention your preferred method of deployment? Are you a FTP or Git guy?
I will stab at a guess that you’re the former. In which case here’s what I recommend you do:
Start small, keep it simple. It’s easy to get carried away thinking you’ll need to load balance multiple servers or deploy your own cluster but it won’t be needed at the beginning.
Start with a single VPS instance. This can house your application files and database. You shouldn’t need encryption at rest if your db is within the same environment as your app. You can use this formula for estimating the max number of requests per second:
No. of CPU cores / Avg page request execution time (secs) = Max number of Page Requests per second
So if your PHP app is hosted on a $15/mo Digital Ocean box that has 2vCPUs and on average your app takes around 0.3 seconds to execute a page request, you could probably handle 6-7 requests per second. That’s six people performing an action on your site every single second.
After a few days/weeks you’ll have some metric data to look at to decide if you need to scale up. Scaling up with a VPS provider is usually as simple as selecting a new plan and a reboot of the server. At this stage if the number of simultaneous users warrant it, you can move your SQL database to DigitalOcean’s managed database solution.
Only then once you’ve reached this far should you consider installing load balancers and running multiple instances of your db. It gets complicated pretty quickly at this stage if you don’t have much experience.
So to sum up, if you want to get your hands a little dirty, spin up a VPS. There are plenty of articles online on how to install a LAMP stack and secure your server. Start from here, don’t complicate it. Traffic is 10x cheaper on VPS providers than it is with the big boys and usually includes a TB or two in each plan.
Moving on to support, don’t get your hopes up. Dedicated support directly from the infrastructure provider (i.e AWS or DO) is usually abysmal.
If you don’t want to get your hands dirty and would like the benefit of having someone to shout at if your box goes offline, save your $100/mo and look for a middle-man, usually called Managed VPS hosting. Although they can’t fix hardware or networking issues they can usually pretty quickly find out why your configuration isn’t working or roll-back your recent FTP upload. They’ll also handle any security patches (PHP/Apache) and help you scale up your box if needed. If they’re good then they can also offer suggestions and improvements on your app configuration.
Some managed VPS providers will install cPanel or an equivalent for easy management. Don’t underestimate how much time this might save you. For others it will be overkill.
There’s no point me listing each and every VPS hosting provider as the list will be in the thousands and I don’t want to make this post biased in any way. What I suggest you do is research your provider and try them out. Usually there’s no contract, all you will have lost is perhaps one months charge if things don’t work out.
** I’ve mentioned Digital Ocean as an example. Although I’ve used them and still use them today, they’re are plenty of other providers you can look at. I’ve also not touched on file storage. I’ll assume you’ll use object storage such as S3 for this.
Last and most important point, take regular backups. Even if you use git, take more backups. I can’t stress how important this point is. My hosting provider takes both an automatic offsite file backup and SQL dump twice a day. I do the same once a day to my own external drives which get encrypted and then stored in a secret lair. Some say I’m smart, other’s say I’m paranoid.
