XF/Hosting Configurations

Will Franco

Active member
How do you manage your XF community? Hosting, security measures, backup protocols, etc..

Current Setup
  • 2,500 active users. Paid community.
  • EC2 Instance, 2 vCPU 4GB RAM
  • AWS Elasticsearch, 1 vCPU, 2GB RAM
  • Cloudflare Security
  • 2FA Administrators
  • .htpassword file to password-protect admin.php
  • Server snapshots every 12 hours
  • XenForo Enhanced Search 2.2.0
  • XenForo Resource Manager 2.2.0
  • Referral System 1.0.3
  • [AddonFlare] Paid Registrations 1.7.1
  • Register email 3.3
  • s9e/MediaSites 2.6.6
I'm non-technically. All feedback is welcome.

For example,
  1. Instead of X, consider Y instead it's better/faster/cheaper
  2. Such and such is pointless unless you do XYZ
  3. Check out this addon/company/article
Many thanks in advance,
A high-frequency dedicated server with quality SSDs and ES hosted locally would help you out a bit, but overall your setup looks pretty decent.

You might even save money with a dedicated server too.
We are using a scaling infrastructure based on DO's Kubernetes; With this we can save money when the site is slow, and keep things smooth when busy.

Our stack consists of:
  • Kubernetes (for PHP, NGINX, ElasticSearch) - Main Site Code Structure hosted on Git. No backups needed.
  • Managed MySQL - By the minute backups (No HA Failover)
  • Managed Redis (No HA Failover)
  • 2x Spaces (Internal/External) - Backups to Backblaze (incremental 4x day)
Using Spaces, we save loads of money on storage and bandwidth by having the entire stack communicate via private networking in the same DC.

We pay for Cloudflare and only allow our servers to talk to them via IP restrictions and CF Signed Cert.

In general we are capable of handling 3000 active downloads in our mod community (burst traffic); Our forum itself handles over 15 million requests in a month with an average of 2400 users online a day (across a 24 hour period).

Cloudflare Workers are also being used to offload proxy.php's functions + private api endpoint for Google Analytics (prevents ad blockers from removing it).

Our setup is very unique in the sense we had a very rare use case - Extensive bandwidth and uptime availability for downloads while keeping the forums itself browsable.

If you do not have mods that need access to admin.php; I would suggest using Cloudflare Access to prevent even further access from the edge.


If you don't have to worry about anything too crazy in terms of bandwidth, In most cases you can handle a lot of traffic with a 20$ DO node and a managed database. (est. $45/mo);

Id also suggest Hetzner Server Auctions for cheap Dedi's - Youll save a lot looking here for servers (esp. if you have multiple sites to host).

Big thing to note for any publisher online; If you expect big bandwidth - look for providers in a bandwidth alliance to save yourself LOADS of cash.
Top Bottom