Rails 8, Kamal, and the Freedom Tax
Deploying with Rails 8 is now ridiculously easy. Run kamal deploy and watch your code go live on your own VPS or bare metal server. No Heroku. No AWS. Just you, your server, and Docker containers doing their thing.
This is a big deal. Rails creator DHH has been vocal about how cloud providers convinced an entire generation of developers to be scared of servers. 37signals famously moved away from AWS and now runs their own hardware, reporting significant cost savings in the process. Kamal is the gift they gave back to the community—a deployment tool that makes self-hosting as simple as pushing to Heroku used to be.
And I love it. But here's the thing nobody talks about: freedom comes with responsibility.
The Hidden Weight of Self-Hosting
Behind Kamal's elegant simplicity, you're running Docker containers on a server you control. That's powerful. It's also a liability.
- If an attacker escapes one container, they're on your box
- Your MySQL data sits on the same machine as your app—same failure domain, same attack surface
- You're patching the OS, managing SSH keys, rotating secrets, configuring firewalls
- You're the one waking up at 3am when the disk fills up or a certificate expires
- Kernel vulnerabilities, port management, intrusion detection—all your responsibility
For 37signals with a dedicated ops team, this is manageable. For a solo developer or small startup shipping features? It's a significant operational burden that compounds over time.
My perspective is shaped by working on smaller applications. For larger companies with DevOps resources, running your own infrastructure with full control often makes strategic sense—and Kamal genuinely excels in that context.
Deplo.io: Swiss PaaS Without the Baggage
Nine Internet Solutions AG—a Swiss hosting company founded in 2000—launched Deplo.io as the first Swiss-owned, Swiss-managed Platform as a Service. It addresses the exact tension between deployment simplicity and operational overhead.
Deploying is straightforward. Install their CLI and point it at your repository:
# Install nctl CLI curl -fsSL https://get.deplo.io | sh # Create your app nctl create app myapp --git-url=https://github.com/you/myapp.git # Deploy nctl deploy myapp
That's it. No Docker registry to manage. No Kamal configuration files. No docker-compose.yml to maintain. Deplo.io pulls from your GitHub repository, detects Rails via buildpacks, and deploys automatically.
But here's the killer feature: architectural separation.
Your Database Lives Somewhere Else Entirely
With Kamal, your MySQL container typically runs alongside your app container. Same server. Same failure domain. Same attack surface. A compromised application container has direct network access to your database.
On Deplo.io, your database is a completely separate managed instance operated by Nine. You don't touch it. You don't patch it. You don't configure replication or worry about storage allocation.
AspectKamal on VPSDeplo.io
App + DB location | Same server | Separate managed instances
Container escape risk | Attacker gains DB access | Attacker remains isolated
Database patching | Your responsibility | Nine's responsibility
Backups | You configure and verify | Automatic, daily, managed
Docker registry | Required | Not needed
SSH access | Required for management | Not available or needed
App + DB location | Same server | Separate managed instances
Container escape risk | Attacker gains DB access | Attacker remains isolated
Database patching | Your responsibility | Nine's responsibility
Backups | You configure and verify | Automatic, daily, managed
Docker registry | Required | Not needed
SSH access | Required for management | Not available or needed
If someone compromises your application container on Deplo.io, they still can't reach the database server directly. It exists on a different network segment entirely. This is defense in depth, built into the architecture rather than bolted on afterward.
Swiss Data Sovereignty: More Than a Marketing Checkbox
For developers building products for European clients, data residency matters. Deplo.io keeps your data in Switzerland, hosted in Nine's ISO 27001 and ISO 9001 certified data centres in Zurich.
Swiss data protection laws are among the strongest globally. The Swiss Federal Act on Data Protection (FADP), revised in 2023, provides robust privacy guarantees. Unlike data stored in US data centres, information hosted in Switzerland isn't subject to the US CLOUD Act, which allows American authorities to compel disclosure of data stored abroad by US-based companies.
Nine's infrastructure is aligned with FINMA Circular 2008/7 requirements for bank outsourcing—the same compliance framework Swiss financial institutions must follow. This regulatory alignment opens doors if you're serving clients in regulated industries.
Pricing: The Real Comparison
Kamal
Kamal is free and open-source under the MIT license. Your costs are limited to the VPS or server you provision plus any managed database services you choose. A typical setup runs €5-20/month for a basic VPS—but you assume full responsibility for server management, security updates, backup verification, SSL certificates, monitoring, and deployment pipeline maintenance.
Deplo.io
Deplo.io uses transparent resource-based pricing:
- Application instances: CHF 32-58/month for production-ready Rails apps (1-2GB RAM, 0.5-0.75 vCPU). Smaller tiers at CHF 8-16/month exist but suit staging environments better.
- Single Database: CHF 5-20/month for 1-10GB storage with a 20-connection limit—appropriate for smaller applications or development.
- Managed MySQL instances: CHF 65-253/month with dedicated resources (4-32GB RAM, 2-10 vCPU, block storage, automated backups)—suitable for production workloads requiring reliability.
A typical production Rails setup costs roughly CHF 40-80/month with a single database, or CHF 100-150/month with a fully managed database instance.
What the Premium Buys You
Deplo.io's pricing appears steep against a bare VPS, but the comparison isn't apples to apples:
- True dedicated resources: Unlike shared PaaS platforms that oversubscribe, Deplo.io guarantees 100% of the resources you pay for. No cold starts. No noisy neighbour problems throttling your application.
- Managed Kubernetes without the complexity: Deplo.io runs on Nine Kubernetes Engine (NKE), providing proper container isolation, automated health checks, zero-downtime deployments, and automatic container restarts on failure. You don't manage Kubernetes—you push code.
- Operational essentials included: SSL certificates via Let's Encrypt, automated backups, centralized logging, and monitoring dashboards come standard.
- Regulatory compliance: The Swiss infrastructure and certifications matter for clients in finance, healthcare, or any sector handling sensitive personal data.
With Kamal, you might save CHF 50-100/month but spend hours on server hardening, backup scripts, SSL renewal debugging, security patching, and troubleshooting failed deployments. Deplo.io trades money for time: you focus on your Rails application while Nine's team handles infrastructure.
For side projects and learning, Kamal's flexibility is valuable. For businesses where uptime matters and compliance is a factor, Deplo.io's managed approach—backed by a provider trusted by Swiss banks like Clientis—becomes a different kind of value proposition entirely.
What Kamal Does Better
Fairness matters. Kamal offers genuine advantages that Deplo.io doesn't match:
- Complete control: Install any package, configure any setting, run any service. Your server, your rules.
- Lower base cost: A €5 Hetzner VPS is cheaper than any managed PaaS, full stop.
- Educational value: You learn what's actually running beneath your application—knowledge that transfers to any infrastructure context.
- No vendor dependency: It's Docker containers on Linux. Move to any provider anytime. Your deployment configuration is portable.
- Community ecosystem: Kamal benefits from Rails community contributions, tutorials, and shared configurations.
If you have the time and expertise to manage infrastructure properly—or want to develop those skills—Kamal is genuinely excellent. DHH isn't wrong that cloud fear has been overblown by providers with financial incentives to keep you dependent.
Why I Choose Deplo.io
I'm not a systems engineer. For years I relied on Vercel because it made launching projects from Git effortless. Deplo.io follows the same philosophy but with broader runtime support: Node.js, Next.js, Rails, Django, Go, PHP, and more—all with the same push-to-deploy workflow.
The cybersecurity landscape has grown too complex for part-time attention. Patching, hardening, monitoring, incident response—it's effectively a full-time specialization. New vulnerabilities emerge constantly, and attackers automate their exploitation faster than ever.
If you want reliable deployment without the operational burden, Deplo.io paired with Nine's managed database is a compelling combination. The architectural separation alone—app and database on different infrastructure—provides security benefits that require significant expertise to replicate on a self-managed VPS.
Yes, pricing runs higher than non-Swiss providers. But Swiss data sovereignty carries real value for European clients, and the hours you don't spend on infrastructure maintenance can go toward building features, finding customers, or simply living your life.
Kamal gives you freedom. Deplo.io gives you freedom from operational responsibility.
Choose based on what you actually want to spend your days doing.