[ndriscoll]

My i5-6600k at home can handle ~15k requests per second for a toy social media app with postgresql assembling the xml to send to the client (though I've done some batching optimization and used rust for my application server to hit that). Passmark cpubenchmark suggests a 13900 should be 6-8x more capable than that.

So it should be able to handle somewhere in the ballpark of 2,000,000x the required load, or maybe 100,000x without the application level optimization.

(TLS reduces this by a factor of ~10 if you're doing handshakes each time. Despite what blogs claim, as far as I can tell, if your CPU doesn't have QAT, TLS is very expensive)

[wongarsu]

If you're on Hetzner you can get a load balancer with TLS termination for $5/month. It's hidden in the cloud category but fully supports dedicated servers.

Of course doing SSL on the server itself is more secure, but if that's a performance bottleneck the load balancer can be a cost effective compromise

[kkielhofner]

Yes Cloudflare and all of that but they’ll do it for free.

Then you get to determine gains you may get from caching and other potential optimizations from one of the best eyeball connected providers in the world. Oh plus the ability to fend off the largest DDoS attacks ever seen.

Cloudflare tunnels enable you to do all of this through an encrypted tunnel without exposing the machine/services to the internet at all. Cloudflare will still MITM all traffic but so does Hetzner (obviously). At least with the tunnel the connection is persistent so you don’t incur TLS handshaking, etc CPU overhead with each client connection.

Bonus points - you can move hosting providers without any hassle, configure hosting provider redundancy (Hetzner + whoever), all of that stuff.