The Extant 2000 products — nine-plus separate apps — all run on a single VPS. Not for lack of budget, but because one well-organized box is easier to reason about than a fleet.

The layout

Each app is a container; Traefik routes them by subdomain; a shared Postgres backs the data; Let's Encrypt handles every cert. The whole suite lives in version-controlled compose files, so the box is reproducible.

Isolation where it counts

"One box" doesn't mean "one blast radius." Untrusted or experimental workloads get their own network segments and egress rules, so a problem in one place can't wander into another. Prod apps, the media stack, and the retro lab share metal but sit in separate lanes.

Operationally calm

One place to deploy, one to back up, one to look when something's off. Vertical beats horizontal until you genuinely outgrow the machine — and a modern VPS holds a lot before you do.

The least glamorous architecture decision I've made, and one of the best.