# Looking for shared hosting with WSGI support



## Novacha (Aug 21, 2013)

I am not sure if this is in the correct section, but there does not seem to be any specific request section for shared hosting.

I am looking for shared hosting which meets the following criteria:


Has some form of WSGI support
Allows for custom SSL certificates to be installed (I am willing to pay extra for a dedicated IP address)
Runs python version 2.7+ and has MySQL 5+
Has some form of SSH access (jailed, of course)
Has 50+ GB of HDD space, which needs to be scalable in the future
The reason I am not just buying a VPS for this is that shared hosting is secured properly by the host, and not by me. I don't think I would be able to properly secure a VPS to the point that it is safe for production. Shared hosting is also semi-managed so that if the server goes down, the host will be able to monitor and fix it with little to no input on my end.


----------



## Aldryic C'boas (Aug 21, 2013)

Novacha said:


> The reason I am not just buying a VPS for this is that shared hosting is secured properly by the host, and not by me.


Be very, very careful of which host you choose before making the assumption that everything is secure.  Most shared hosting platforms will just be a standard cPanel install (and if it's Kloxo/some other free panel - run away). 

There are several decent guides here in the forums about locking down a VPS - I would suggest grabbing a small VPS plan anyways even if you do go with shared hosting, just to get the experience.  The main things you have to worry about locking down in the setup you described are:


SSH (disable root login, disable password login, use RSA authentication, change the default port)
FTP (disable completely, use SFTP/SCP)
mySQL ('secure' by default in that it will refuse all external requests unless told to do otherwise)
httpd (aside from the occassional 0day, you have little to worry about here.  on Shared Hosting, you have to hope the host keeps their httpd/cpanel updated in a timely manner)
Overall, your biggest vulnerability will be the site/code you run, and how secure it is - shoddy prebuilt apps such as some control panels, aged/cracked forum software, or Solus will leave much bigger security holes than any actual service running on the VPS.


----------



## Novacha (Aug 21, 2013)

Aldryic C said:


> Be very, very careful of which host you choose before making the assumption that everything is secure.  Most shared hosting platforms will just be a standard cPanel install (and if it's Kloxo/some other free panel - run away).
> 
> There are several decent guides here in the forums about locking down a VPS - I would suggest grabbing a small VPS plan anyways even if you do go with shared hosting, just to get the experience.  The main things you have to worry about locking down in the setup you described are:
> 
> ...


All the software I run will be software I develop, which I take great care in ensuring that it is secure, even though it's only my set of eyes looking over it. 

The other issue would be downtime and keeping the server stable. I don't have the time to monitor a service, whereas hosting companies are dedicated to keeping those servers alive.


----------



## concerto49 (Aug 21, 2013)

Novacha said:


> All the software I run will be software I develop, which I take great care in ensuring that it is secure, even though it's only my set of eyes looking over it.
> 
> The other issue would be downtime and keeping the server stable. I don't have the time to monitor a service, whereas hosting companies are dedicated to keeping those servers alive.


A managed VPS is probably the best bet then if you need all the features. A lot of shared hosting services don't give out jailed SSH access. The rest of the software shouldn't be a problem.


----------



## Aldryic C'boas (Aug 21, 2013)

Oy, aye, I'm not trying to steer you away from Shared Hosting by any means... just advising caution, and hopefully making securing a VPS look easy enough that you may pick up an interest in doing so in your spare time   If you have spare hardware at your house (old desktops, etc), those make fantastic learning environments.


----------



## WebSearchingPro (Aug 21, 2013)

I'm not aware of any at lower prices, you could try DreamHost or ASmallOrange.


----------



## hzr (Aug 21, 2013)

www.webfaction.com

ssh, compilers, wsgi, python, network access, postgres, mysql

ipv6, ssl + sni


----------



## WebSearchingPro (Aug 21, 2013)

webfaction looks pretty cool, the only thing is they say "Datacenter in the US" - kind of vague ...


----------



## patz (Aug 21, 2013)

Perhaps take a look at https://www.alwaysdata.com, too.


----------



## mikho (Aug 21, 2013)

If you really need ssh access then shared hosting is not for you. If you get a locked down ssh jail, it won't be much you can do from it.


Better option, as suggested above is to get a managed vps or get an unmanaged and pay someone to set everything up for you.


----------



## Novacha (Aug 21, 2013)

hzr said:


> www.webfaction.com
> 
> ssh, compilers, wsgi, python, network access, postgres, mysql
> 
> ipv6, ssl + sni


That looks like exactly what I needed.



mikho said:


> If you really need ssh access then shared hosting is not for you. If you get a locked down ssh jail, it won't be much you can do from it.
> 
> 
> Better option, as suggested above is to get a managed vps or get an unmanaged and pay someone to set everything up for you.


The reason I need SSH is to be able to use python setuptools to create a virtual environment.


----------



## hzr (Aug 21, 2013)

WebSearchingPro said:


> webfaction looks pretty cool, the only thing is they say "Datacenter in the US" - kind of vague ...


you have your choice of 3 softlayer dcs

netherlands, us / dallas, singapore, same price


----------



## thekreek (Aug 26, 2013)

I also recommend webfaction, if my memory it's correct they were in Softlayer, TX. And their new location it's in Amsterdan.


----------



## peterw (Aug 26, 2013)

Novacha said:


> The reason I am not just buying a VPS for this is that shared hosting is secured properly by the host, and not by me. I don't think I would be able to properly secure a VPS to the point that it is safe for production. Shared hosting is also semi-managed so that if the server goes down, the host will be able to monitor and fix it with little to no input on my end.


You would gain a lot of information and skills if you would think about handling operations too. I would like to see more programmers knowing something about ops.

It is called DevOps.


----------



## Novacha (Aug 26, 2013)

peterw said:


> You would gain a lot of information and skills if you would think about handling operations too. I would like to see more programmers knowing something about ops.
> 
> It is called DevOps.


I would call myself proficient at managing and running servers but I am not a systems admin and don't want to be up at 2 am trying to get a server online or fixing problems while upgrading. As I also mentioned, I would always prefer to leave the security side up to a professional, though I go through the security of my code myself.


----------



## ramnet (Sep 3, 2013)

I think it's fairly rare for shared hosting services to support WSGI. I know I've never seen any service that supports this.

My recommendation to the OP if he wants to use shared hosting is to use a WSGI to CGI wrapper. These wrappers are readily available from multiple sources. CGI support is widely available on shared hosting.


----------



## jcaleb (Sep 3, 2013)

I like Aldryic suggestion.  Your own vps can have far fewer apps installed. less items to secure


----------

