Infrastructure
| Property | Value |
|---|
| Provider | AWS Lightsail |
| Plan | $5/month (1 GB RAM, 1 vCPU, 40 GB SSD) |
| Region | eu-north-1 (Stockholm) |
| Instance | dbhost-1 |
| Static IP | 13.61.204.171 |
| OS | Ubuntu 22.04 LTS |
| SSH key | LightsailDefaultKey-eu-north-1 |
Firewall
| Port | Protocol | Source | Purpose |
|---|
| 22 | TCP | Restricted | SSH access |
| 443 | TCP | Any | HTTPS (Caddy to agent) |
| 6432 | TCP | Any | PgBouncer (database connections) |
In production, restrict port 6432 to known IP ranges (Vercel, your office) using the Lightsail firewall.
Initial setup
Create the Lightsail instance
Create an Ubuntu 22.04 instance in your preferred region. Attach a static IP.
Install PostgreSQL
sudo apt update
sudo apt install -y postgresql postgresql-contrib
sudo systemctl enable postgresql
sudo -u postgres psql -c "ALTER USER postgres PASSWORD 'your-secure-password';"
Install PgBouncer
sudo apt install -y pgbouncer
/etc/pgbouncer/pgbouncer.ini:[databases]
; Agent will add entries here
[pgbouncer]
listen_addr = 0.0.0.0
listen_port = 6432
auth_type = scram-sha-256
auth_file = /etc/pgbouncer/userlist.txt
pool_mode = transaction
max_client_conn = 200
default_pool_size = 20
max_prepared_statements = 100
sudo systemctl enable pgbouncer
sudo systemctl start pgbouncer
Install Caddy
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
/etc/caddy/Caddyfile:agent.dbhost.app {
reverse_proxy localhost:8420
}
sudo systemctl reload caddy
Install Python 3.12+
sudo apt install -y python3.12 python3.12-venv
curl -LsSf https://astral.sh/uv/install.sh | sh
Create agent directory
sudo mkdir -p /opt/dbhost /var/backups/postgresql
sudo chown ubuntu:ubuntu /opt/dbhost /var/backups/postgresql
DNS
Configure these records at your domain registrar:
| Record | Type | Value |
|---|
@ | A | Vercel IP |
www | CNAME | cname.vercel-dns.com |
agent | A | 13.61.204.171 |
