What is the difference between Managed Premium and a Cloud VPS?

A Cloud VPS gives root access and full control. Your team owns OS hardening, stack configuration, monitoring, patching, and incident response. That model works when you have a dedicated sysadmin or DevOps engineer who wants to own every layer.Managed Premium gives a correctly configured, production-grade platform operated by us. You manage the application. We manage everything underneath — server, OS, OpenResty, PHP-FPM, database, Redis, monitoring, backups, and security patching. The server doe

What is the difference between Managed Premium and Enterprise Hosting?

Enterprise Hosting provides reserved vCPU and RAM inside Docker isolated containers in a platform-managed environment with a control panel. Each account has its own filesystem and process namespace enforced at the kernel level. Managed Premium is configured at the server layer — OpenResty with Lua, per-application PHP-FPM pools, database settings matched to the access pattern — operated directly without a panel abstraction. The right choice for development teams that deploy via Git o

What is the difference between Managed Premium and Managed Solutions?

Managed Premium: we operate the platform, you operate the application. Managed Solutions: we operate both.If your team deploys and maintains the application — updates, config changes, plugin management — Managed Premium is the right model. If you want us to handle application-layer operations for a specific product like Odoo, Keycloak, or Nextcloud, that is a Managed Solution. The underlying infrastructure is the same. Moving from one to the other is a scope change, not a migration.

Do I get SSH access to the server?

Yes. SSH access to the application layer is included on all tiers. You can deploy code, run Composer, use Git, manage files, and run CLI tools. Root access to the operating system is not included — that layer is managed by us. If your workflow requires root access, Cloud VPS is the right product.

What PHP frameworks and CMS platforms do you support?

The platform supports any PHP application. Common setups we configure regularly: Laravel, Symfony, WordPress, WooCommerce, PrestaShop, Drupal, MODX. Node.js LTS is also available alongside PHP or standalone. If the application has specific runtime or extension requirements, include them in the initial request and we will confirm support before onboarding starts.

Can I use my own CI/CD pipeline for deployments?

Yes. Deployment is your team's responsibility and your choice of tooling — GitHub Actions, GitLab CI, Deployer, Capistrano, or a simple git push to a bare repository on the server. We configure the application environment and provide SSH key access. The deployment pipeline stays under your control. If the pipeline needs specific server-side hooks or a post-deploy script, that is handled during onboarding.

Can I run multiple applications on one environment?

Yes. Multiple applications run with separate PHP-FPM pools, virtual hosts, databases, and Redis namespaces. The practical consideration is whether separate workloads with different scaling patterns or security requirements should share a server. For applications at different stages of growth or with different risk profiles, separate environments are often cleaner. We assess this during onboarding and recommend based on the actual setup.

What does monitoring actually cover? What gets alerted?

Infrastructure layer: CPU utilisation, RAM, disk usage, disk I/O, and network throughput. Application layer: PHP-FPM worker pool saturation and queue depth, database connection count, slow query rate, Redis memory pressure and eviction rate, application error rate via log analysis, and SSL certificate expiry. All alerts go to the operations team. On Pro and Elite, weekly health checks review trends in these metrics before they cause incidents. We do not monitor application business logic — check

What happens when something breaks at 2am on a Sunday?

The monitoring system pages the operations team. The incident triage process starts: confirm which layer the issue sits on, isolate platform-layer causes, apply mitigation, communicate status. On Pro and Elite this is covered by the SLA response commitment. If the cause is in application code, a plugin update, or a third-party API, we document what the platform shows and hand off findings to the application team with context — not a closed ticket with no information.

Can you provide a DPA and scope statement for our procurement process?

Yes, on Pro and Elite tiers. A DPA template aligned with GDPR Article 28 is available on request. A written scope statement defining what Yhost manages and what the customer manages is available as a document suitable for internal IT review or vendor approval processes. Responses to vendor security questionnaires are prepared on request. If procurement needs to complete before work starts, send us the questionnaire and timeline in the initial conversation — we handle it before the contract, not

Where is the data hosted and does it leave the EU?

All Managed Premium infrastructure runs in Germany on Hetzner and UpCloud data centres. Data does not leave EU jurisdiction at the platform layer. Both providers hold ISO 27001 certification. Backup storage is also within EU. This is the default for all tiers — not a geo-lock premium option. For applications with specific country requirements within the EU, ask about alternative data centre locations during the initial conversation.

We are currently on a self-managed VPS. What does migration look like?

We review the current setup — stack, application, database size, traffic profile, and any specific configuration decisions that need to carry over. We produce a migration plan with a staging step: the application runs in the Managed Premium staging environment first, including database copy, functional testing, and performance baseline. DNS cutover happens only after staging validation is complete. For standard application stacks the migration takes one planned window. Highly customised environm

Can I add managed application operations later without migrating?

Yes. Managed Premium is the platform layer. If the team later decides to hand off operations for the application itself — Odoo upgrades, Keycloak major version migrations, Nextcloud configuration management — that is added as a Managed Solution scope on the same infrastructure. Nothing moves. The scope expands in place.

OpenResty · PHP-FPM · PostgreSQL · Redis · Germany

Managed Premium — OpenResty Platform for Business Applications

A production-grade hosting platform configured for your application and operated by us. OpenResty ingress, PHP-FPM pools tuned per workload, PostgreSQL or MariaDB, Redis, NVMe storage, and 24/7 monitoring — all in Germany. You own the application layer. We own the infrastructure and platform beneath it.

Choose your tier

For Developer Teams

Managed Start

A properly configured, monitored platform for production PHP and Node.js applications.

€34 .99 /mo

Billed €1259.75 every 3 years

Save 30%

4 vCPU Cores (Reserved)
8 GB Dedicated RAM
100 GB NVMe Storage
OpenResty with HTTP/2 and Brotli
PHP-FPM pool tuned per application
MariaDB or PostgreSQL — tuned
Redis for cache and sessions
Daily off-site backups with restore
24/7 monitoring with real alerting
Data in Germany — EU jurisdiction

Request Setup

Managed Pro

Multiple environments, higher concurrency, application-aware WAF, and weekly platform health checks.

€69 .99 /mo

Billed €2519.75 every 3 years

Save 30%

8 vCPU Cores (Reserved)
16 GB Dedicated RAM
250 GB NVMe Storage
OpenResty WAF — application-aware rules
Production and staging environments
Off-site backups with tested restore
Redis — cache, sessions, and queues
Weekly health checks and trend review
SLA 99.9% with VIP support routing
Written scope available on request

Request Setup

For Complex Workloads

Managed Elite

High-concurrency workloads, complex stacks, configurable maintenance windows, and procurement-ready documentation.

€139 .99 /mo

Billed €5039.75 every 3 years

Save 30%

16 vCPU Cores (Reserved)
32 GB Dedicated RAM
500 GB NVMe Storage
PgBouncer — PostgreSQL connection pooling
Configurable maintenance windows
DPA + scope statement on request
Incident runbooks and escalation path
SLA 99.95% — defined response times
Custom onboarding + migration planning
Vendor security questionnaire support

Contact Sales

The Gap Between Shared Hosting and a Self-Managed Server

Shared hosting hits its limits. A VPS adds operational overhead. Managed Premium covers the space between.

Shared hosting pools resources — CPU, RAM, I/O — across hundreds of accounts. When the workload grows, you hit those limits unpredictably. MySQL connections get queued. PHP-FPM workers run out. NGINX defaults let slow clients tie up workers. The application looks broken when the problem is the hosting layer underneath it.

A Cloud VPS solves the resource problem but creates a different one. Someone on your team now owns OS hardening, stack configuration, security patches, monitoring setup, backup tooling, and incident response at 2am. For teams without a dedicated sysadmin, that overhead comes out of engineering time.

Managed Premium is a third option. You get a properly configured, production-grade platform — OpenResty with application-aware rules, PHP-FPM pools sized for your concurrency, PostgreSQL or MariaDB tuned for your access pattern, Redis, NVMe storage, monitoring with real alerting — operated by us. The server and everything underneath the application is our responsibility. The application stays under your team's control.

The responsibility boundary is defined explicitly. That makes it easier to explain to internal IT teams, external auditors, payment providers, and any stakeholder who asks who is responsible for what.

Talk to the team

SHARED ZONE

VPS ZONE

Platform Nexus · Germany / Europe

Managed Premium

Dedicated Power · No Friction

Platform optimization applied · Isolated

Platform Advantages

Five Reasons Development Teams Choose Managed Premium

Not every team needs to own the server. These are the specific situations where a managed platform makes more operational and financial sense than the alternatives.

No DevOps Overhead on the Engineering Budget

A self-managed VPS costs €20–80/month for the server. The hidden cost is the engineering time that goes into OS patching, stack configuration, monitoring setup, backup tooling, and incident handling. For a team of three developers, that time adds up to a significant monthly figure — for work that does not ship features. Managed Premium removes that overhead at a fixed, predictable cost.

OpenResty Runs Logic at the Request Layer

Standard NGINX applies config. OpenResty runs Lua code at every stage of the request lifecycle — rate limiting by business rule, WAF logic that distinguishes authenticated from anonymous traffic, dynamic upstream routing, response transformation. For applications under bot pressure, dealing with credential stuffing, or requiring per-client rate limits, this is handled at the platform layer before application code runs.

Database Configuration That Matches the Access Pattern

Default PostgreSQL and MariaDB configuration is wrong for most production workloads. InnoDB buffer pool undersized for the dataset. PostgreSQL shared_buffers at 128MB on a 16GB server. No connection pooling. Query cache disabled. These are not edge cases — they are the defaults. On Managed Premium, database configuration is set for the workload at onboarding and reviewed during weekly health checks on Pro and Elite.

A Documented Scope for IT Reviews and Payment Providers

When an application processes payments or handles customer data, external parties ask the same set of questions. Where is the data, who patches the server, who monitors it, what happens during an incident, is there a DPA. On a shared VPS, answering those questions requires writing documentation from scratch. On Managed Premium Pro and Elite, the scope statement exists and can be shared with procurement teams, auditors, or payment providers during vendor assessments.

EU Data Residency Without Building Your Own Infrastructure

Application data stays in Germany on Hetzner and UpCloud infrastructure. Nothing routes outside EU jurisdiction at the platform layer. For companies subject to GDPR, working with EU public sector clients, or operating under internal data residency policies, this is the default — not a premium add-on. DPA available on Pro and Elite.

Scope of management

What we own.
What stays yours.

Platform configured at onboarding — not left at defaults
OpenResty WAF rules set per application, not per template
Procurement documentation available on Pro and Elite

If the application is in production and the infrastructure underneath it is not configured for how it actually runs — that is a risk that compounds. Managed Premium resolves it at a fixed monthly cost.

System Ready

INITIATE_DEPLOYMENT

The Stack

What Every Managed Premium Environment Includes

Every component is configured for the application, not left at defaults. The platform is operated and monitored continuously — not just deployed and left running.

OpenResty Ingress Layer

LuaJIT runs inline with every request — rate limiting, WAF rules, routing logic, and response transformation at the edge. HTTP/2 enabled by default. Brotli compression configured. Slow client timeouts set to prevent worker accumulation. The ingress layer is configured for the application's traffic profile during onboarding, not applied from a generic template.

Syncing...

PHP-FPM — Per-Application Pools

Each application runs in its own PHP-FPM pool with worker count, memory limits, and request timeout settings matched to how it behaves under load. PHP 8.1 through 8.3 and above available. Pool settings are reviewed during weekly health checks on Pro and Elite and adjusted when workload patterns change.

Syncing...

PostgreSQL or MariaDB — Tuned for the Workload

Both engines available. Both configured for production. PostgreSQL for applications with complex schemas, transactional requirements, or JSON query patterns. MariaDB for WordPress, WooCommerce, PrestaShop, and most CMS workloads. Buffer pool, connection limits, slow query logging, and vacuum policy set at onboarding based on the application's actual access pattern.

Syncing...

Redis — Cache, Sessions, and Queues

Redis configured for the application's access pattern on all tiers. Object cache for WordPress or custom applications, session storage for PHP applications with high concurrency, queue backend for Laravel jobs or background processing. Memory limits and eviction policy set to match workload — not left at defaults that cause random key eviction under pressure.

Syncing...

Backups With Verified Restores

Daily automated backups of database and file storage on all tiers. Off-site copies on Pro and Elite. Retention policy defined per tier and documented. Restore procedures are tested — not assumed to work. On Elite, a test restore is run during onboarding so the restore process is verified against the actual environment before it is needed in production.

Syncing...

Monitoring With Real Alerting

Infrastructure metrics, application health, and database performance monitored continuously. CPU, RAM, disk I/O, PHP-FPM worker saturation, database connection counts, slow queries, and application error rates. Alerts go to the operations team — not to a dashboard that sits unread. Weekly health check on Pro and Elite reviews trends before they become incidents.

Syncing...

SSL and Security Baseline

Free SSL with automated renewal. TLS 1.2 minimum enforced. SSH key authentication required — password auth disabled. SFTP access jailed per account. Firewall rules configured at the platform level. Bot mitigation and brute force protection on exposed admin paths. IP allowlists for admin panels available on Pro and Elite.

Syncing...

Managed Updates and Patch Cycle

OS security patches applied on a controlled schedule. Web stack updates — OpenResty, PHP-FPM, database engine — tested against the platform before deployment. Maintenance windows scheduled for changes that may affect availability, with advance communication. Emergency patches applied faster with notification. Application updates remain under your team's change control.

Syncing...

About Yhost

A Platform Configured for How the Application Actually Runs

Most managed hosting means someone else picked the server. The stack is installed. The config is default. Monitoring is a cronjob that checks whether the homepage loads. Backups run — whether they restore successfully is a question that gets answered at the worst possible time.

The problem with default configuration is that it fails in predictable ways that look like application problems. A PHP-FPM pool that exhausts workers under load produces 502s. An underpowered InnoDB buffer pool produces slow queries that the developer spends a week optimising in code. An OpenResty config that allows slow client connections causes worker accumulation during traffic peaks. These are infrastructure problems that create application symptoms — and without visibility into the platform layer, the application team takes the blame.

Managed Premium is different in one specific way: the platform is configured for how the application actually runs. That means onboarding includes a review of the application stack, expected concurrency, database access patterns, and traffic profile. Configuration follows from that review. Health checks verify the configuration stays correct as the workload changes.

Find Out More

stack.config

OpenResty Core subsystem initialized

PHP-FPM Core subsystem initialized

MariaDB Core subsystem initialized

Redis Core subsystem initialized

NVMe Core subsystem initialized

Platform Telemetry All systems operational

The Full Stack

Every layer of the Managed Premium environment

Interactive architecture visualization. Hover over any technology node to explore its configuration and purpose within the stack.

System Core

Ingress and edge

OpenResty (NGINX + LuaJIT). HTTP/2 and Brotli enabled. TLS 1.2+ enforced. Rate limiting and WAF rules run at request time in Lua. Configurable per-application — login endpoints, API paths, and admin panels can have separate rule sets. Bot filtering and brute force protection on exposed authentication paths.

Application runtime

PHP-FPM with per-application pools. PHP 8.1, 8.2, 8.3 and above. Node.js LTS available alongside PHP or independently. Composer, Git, SSH key access, and WP-CLI on WordPress environments included. Environment variables managed via .env — no hardcoded credentials in config.

Database

PostgreSQL (current stable) or MariaDB — chosen and tuned for the application. PgBouncer for connection pooling on Elite. Separate database instances per environment. Slow query logging enabled. Index and query review available during onboarding and health checks.

Cache and message queue

Redis on all tiers. Configured for the application's pattern — object cache, session store, or queue backend. Eviction policy set to prevent random key loss under memory pressure. Separate Redis namespaces per environment on Pro and Elite.

Storage and network

100% NVMe on all tiers. Hetzner for standard workloads. UpCloud MaxIOPS where database I/O under concurrent load requires lower latency and higher throughput. Redundant uplinks. Backups stored off-site on Pro and Elite.

Ingress and edge

Application runtime

Database

Cache and message queue

Storage and network

Responsibility Scope

What we manage and what you manage — in writing

The scope is defined before work starts. It does not shift during an incident. This is what the boundary looks like.

Yhost manages

Platform Core

Physical hosts, virtualisation layer, network, and uplinks
Operating system: kernel, security patches, system packages
OpenResty, PHP-FPM, and database engine configuration, health, and updates
Redis configuration and memory management
SSL certificate provisioning and renewal
Firewall rules, IP filtering, and platform-level security controls
Infrastructure monitoring, alerting, and incident escalation
Backup jobs, retention enforcement, restore tooling, and test restores
Scheduled maintenance with advance communication
Platform-layer incident response — triage, root cause at infrastructure level, mitigation, and post-incident summary

You manage

Application Layer

Application code, builds, and deployment pipeline
CMS, plugins, themes, and application configuration files
User accounts, access credentials, API keys, and secrets
Application-level performance decisions — query design, caching strategy, plugin selection
Business data, content, third-party integrations, and external APIs
Application update schedule and release decisions, including staging validation

When an incident happens, we determine immediately which layer it sits on. If the cause is in the platform, we own the resolution. If it is in application code, a plugin, or a third-party dependency, we document what the platform shows and provide the findings to the application team. We do not pass tickets back without information.

On Pro and Elite, this scope is available as a written document — suitable for internal IT review, DPA addendums, payment provider assessments, or procurement processes.

Total Cost of Ownership

The real cost of a self-managed server versus a managed platform

The server price is the visible cost. The operational overhead is not visible until it accumulates.

Activity	Self-managed VPS	Managed Premium
OS patching and security updates	Your team	Included
Stack configuration (NGINX, PHP, database)	Your team, once — then forgotten	Configured at onboarding, reviewed on schedule
Monitoring setup and maintenance	Your team builds it	Included
Backup tooling and verification	Your team — often untested	Automated, tested restores included
2am incident response	Whoever picks up the phone	Operations team, structured triage
SSL renewal	Manual or scripted by your team	Automated
Performance tuning after scale	Your team when problems appear	Weekly health checks on Pro/Elite

For a team of two to four developers, the engineering time spent on infrastructure operations typically runs two to four hours per week in a stable state — more during incidents or after major deployments. At a conservative developer rate of €80–120/hour, that is €640–960/month of engineering time going to infrastructure maintenance rather than product development.

Managed Premium Start at €49.99/month is not a comparison of server costs. It is a comparison of total operational cost — including the time your team does not spend on infrastructure.

Technical Reference and Operational Detail

For teams that review platforms in depth before committing. Configuration specifics, OpenResty capabilities, security posture, and how to decide between Managed Premium and the adjacent products.

Complete Stack Specification

Every component, every tier — what is configured, what is included, and what the defaults look like on a production Managed Premium environment.

Ingress and edge layer

OpenResty 1.x (NGINX + LuaJIT)
HTTP/2 and Brotli enabled by default
TLS 1.2+ — TLS 1.0/1.1 disabled
Custom rate limiting in Lua — per path, per IP, per token
WAF rules configured per application on Pro and Elite
Bot and brute force protection on auth paths
IP allowlists for admin paths (Pro, Elite)
Gzip fallback for clients without Brotli

Application layer

PHP-FPM — per-application pools on all tiers
PHP 8.1 / 8.2 / 8.3 — additional versions on request
Node.js LTS — available alongside PHP or standalone
Composer v2 and Git included
WP-CLI on WordPress environments
SSH key access to application layer
Environment variable management via .env
Cron jobs managed at platform level

Database layer

PostgreSQL current stable or MariaDB — choose at setup
InnoDB buffer pool tuned for dataset size
PostgreSQL shared_buffers and work_mem set per plan
PgBouncer connection pooling (Elite)
Slow query log enabled — reviewed at health checks
phpMyAdmin or psql access included
Separate databases per environment
Schema migration support available (not default scope)

Cache and queues

Redis — all tiers, configured per application
Eviction policy: allkeys-lru or volatile-lru per use case
Separate namespaces per environment (Pro, Elite)
Redis Sentinel for HA setups (Elite, on request)

Operations and monitoring

24/7 infrastructure monitoring with paging
CPU, RAM, disk, I/O, and network metrics
PHP-FPM worker saturation and queue depth
Database connection count and slow query rate
Application error rate via log analysis
Weekly health check and trend review (Pro, Elite)
Platform-layer incident runbooks (Elite)

Backups and recovery

Daily database and file backup — all tiers
Off-site backup copies (Pro, Elite)
Retention: 7 days (Start), 14 days (Pro), 30 days (Elite)
Tested restore procedure — validated at onboarding (Elite)
Point-in-time restore available on request (Elite, PostgreSQL)
Backup report available on request

OpenResty — What It Does That Standard NGINX Does Not

OpenResty is not a different web server. It is NGINX with LuaJIT embedded in the request processing pipeline. The difference is the gap between applying config and running code.

NGINX

Standard NGINX evaluates config directives. Rate limiting is count-based — 10 requests per second per IP, uniformly. There is no concept of request context. There is no way to apply different logic to an authenticated user versus an anonymous one, or to a paying customer versus a free tier, or to a known bot versus an unknown IP.

OpenResty

OpenResty evaluates Lua code at every stage of the request lifecycle — before authentication, after headers are set, before the upstream receives the request, after the response is generated. That means:

Credential stuffing protection — rate limit login endpoints by IP, user agent fingerprint, and request pattern simultaneously. Block suspicious traffic before it reaches PHP.
Per-client rate limiting — API endpoints with different limits for different client tiers, enforced by token, not by IP. No application code required.
Dynamic upstream routing — route requests to different backends based on headers, cookies, or query parameters. Blue/green deployments without DNS changes.
Inline WAF — OWASP-aligned rules evaluated in Lua. Block SQL injection, XSS, and path traversal attempts at the edge. Rules are application-specific on Pro and Elite — not a generic mod_security port.
Response transformation — add security headers, strip sensitive response data, rewrite redirect locations — all at the ingress layer, not inside the application.
Admin path restriction — enforce IP allowlists on /wp-admin, /admin, or any path at the request layer. No dependency on application-level authentication.

On Managed Premium, OpenResty configuration is part of the onboarding process. We do not apply a template. We review the application's endpoints, traffic profile, and threat surface — then configure accordingly.

Security Posture and Compliance Readiness

What the platform provides at the infrastructure layer and what documentation is available when security reviews, audits, or payment provider assessments arise.

Platform security controls

SSH key authentication — password auth disabled across all environments
SFTP access jailed per account — no lateral movement between accounts
Firewall configured at hypervisor level — default deny, explicit allow
TLS 1.0 and 1.1 disabled — TLS 1.2 minimum, TLS 1.3 available
OS security patches applied on controlled schedule — emergency patches applied within defined window
OpenResty WAF rules updated as threat patterns change
Malware scanning on file storage — anomaly alerting on access patterns
DDoS mitigation at network perimeter

EU data residency

All Managed Premium infrastructure runs in Germany on Hetzner and UpCloud facilities. Data does not leave EU jurisdiction at the platform layer. Both providers hold ISO 27001 certification and operate under German data protection law. This is the default infrastructure configuration — not a geo-restriction add-on.

Documentation available on Pro and Elite

Data Processing Agreement (DPA) — GDPR Article 28 compliant template
Written scope statement — defines what Yhost manages and what the customer manages
Vendor security questionnaire responses — standard IT security assessment questions answered in writing
Infrastructure location confirmation — data centre, jurisdiction, and provider
Incident response procedure summary — escalation path, response targets, communication protocol

What we do not provide

We do not perform security audits of the application layer. We do not certify that the application is PCI-DSS or ISO 27001 compliant — those certifications apply to the organisation and require independent assessment. We confirm what the infrastructure layer provides and document our controls. Application-layer compliance is the customer's responsibility.

Choosing Between the Yhost Managed Products

Managed Premium, Managed Solutions, and Enterprise Hosting cover different responsibility models. This is how to read the difference.

Enterprise Hosting — reserved resources, control panel, app self-managed

Reserved vCPU and RAM inside Docker isolated containers, priority I/O, managed platform with a control panel interface. Each account runs in its own container with filesystem and process isolation enforced at the kernel level. You manage applications through standard panel tooling.

Managed Premium — configured platform layer, no control panel, app self-managed

Everything in Enterprise Hosting plus: OpenResty with Lua rules configured per application, PHP-FPM pools tuned per workload, database configuration based on the actual access pattern, Redis set up for the application's use case. No control panel abstraction — the platform is configured directly for the application. The right choice when your team deploys code via Git/CI and wants the correct infrastructure underneath without running it.

Managed Solutions — platform and application both operated by Yhost

Managed Premium plus application-layer operations. Major version upgrades, configuration changes, monitoring of application-specific metrics, incident response that covers the application layer, not just infrastructure. Available for Odoo, Keycloak, Nextcloud, Mautic, Moodle, n8n. The right choice when the team uses the application but does not maintain it — finance running Odoo, HR running Moodle, IT running Keycloak for SSO.

The infrastructure is the same across all three

Moving between products is a scope change, not a server migration. A team that starts on Managed Premium and later decides to hand off application operations for Keycloak or Odoo does not need to change hosting provider or migrate data. The scope expands in place.

A direct question to decide

Does your team deploy the application and handle its updates? If yes, Managed Premium or Enterprise Hosting. Does your team use the application but want someone else to operate it? If yes, Managed Solutions. If you are not sure, describe the situation and we will give a direct assessment.

Ingress and edge layer

OpenResty 1.x (NGINX + LuaJIT)
HTTP/2 and Brotli enabled by default
TLS 1.2+ — TLS 1.0/1.1 disabled
Custom rate limiting in Lua — per path, per IP, per token
WAF rules configured per application on Pro and Elite
Bot and brute force protection on auth paths
IP allowlists for admin paths (Pro, Elite)
Gzip fallback for clients without Brotli

Application layer

PHP-FPM — per-application pools on all tiers
PHP 8.1 / 8.2 / 8.3 — additional versions on request
Node.js LTS — available alongside PHP or standalone
Composer v2 and Git included
WP-CLI on WordPress environments
SSH key access to application layer
Environment variable management via .env
Cron jobs managed at platform level

Database layer

PostgreSQL current stable or MariaDB — choose at setup
InnoDB buffer pool tuned for dataset size
PostgreSQL shared_buffers and work_mem set per plan
PgBouncer connection pooling (Elite)
Slow query log enabled — reviewed at health checks
phpMyAdmin or psql access included
Separate databases per environment
Schema migration support available (not default scope)

Cache and queues

Redis — all tiers, configured per application
Eviction policy: allkeys-lru or volatile-lru per use case
Separate namespaces per environment (Pro, Elite)
Redis Sentinel for HA setups (Elite, on request)

Operations and monitoring

24/7 infrastructure monitoring with paging
CPU, RAM, disk, I/O, and network metrics
PHP-FPM worker saturation and queue depth
Database connection count and slow query rate
Application error rate via log analysis
Weekly health check and trend review (Pro, Elite)
Platform-layer incident runbooks (Elite)

Backups and recovery

Daily database and file backup — all tiers
Off-site backup copies (Pro, Elite)
Retention: 7 days (Start), 14 days (Pro), 30 days (Elite)
Tested restore procedure — validated at onboarding (Elite)
Point-in-time restore available on request (Elite, PostgreSQL)
Backup report available on request

Send Us the Application Details Before You Commit

We will assess the current setup, recommend a tier, and outline the migration — in writing.

Tell us: what the application is, what framework or CMS it runs on, the current hosting setup and what is causing problems, expected concurrent users, and whether there are external parties involved in the decision — procurement, IT security, a payment provider. We will respond with the recommended Managed Premium tier, what the platform configuration will look like, and a migration plan with a staging step.

If the situation requires documentation before a decision — DPA, scope statement, security questionnaire responses — tell us upfront and we will prepare it as part of the initial response, not after a contract is signed.

If you are deciding between Managed Premium and Managed Solutions, include what your team currently handles on the application side. We will give a direct recommendation rather than letting the product pages do the work.

Send the details

Platform Infrastructure

Enterprise-grade NVMe SSD Layer.

TCO Analysis

The True Cost of Infrastructure

Compare our transparent, all-inclusive pricing with the real cost of alternatives — factoring in software licenses, security layers, and hidden operational hours.

Alternative Approach

Unmanaged Cloud + DevOps

4 vCPU / 8 GB RAM Equivalent

Our Solution

Managed Start

Fully Managed Platform

Base Platform / Server€45

cPanel / Plesk License+€25

Commercial WAF (Imunify360)+€20

Off-site Backup Storage+€10

Est. Sysadmin Hours (2h/mo)+€150

Infrastructure Layer Included

Custom OpenResty StackIncluded

Application-aware WAFIncluded

Configured Backup PolicyIncluded

Active Platform OperationsIncluded

Est. Monthly TCO

€250/mo

Fixed Monthly Fee

€35/mo

Annual Structural Optimization

Projected reduction in hidden fees, software licensing, and engineering overhead.

€2,580/ Year

Managed Premium — Common Questions

Technical and commercial questions from teams evaluating the platform. If the question is more specific to your stack, send it directly.

Managed Premium — OpenResty Platform for Business Applications

Managed Start

Managed Pro

Managed Elite

The Gap Between Shared Hosting and a Self-Managed Server

Shared hosting hits its limits. A VPS adds operational overhead. Managed Premium covers the space between.

Managed Premium

Five Reasons Development Teams Choose Managed Premium

No DevOps Overhead on the Engineering Budget

OpenResty Runs Logic at the Request Layer

Database Configuration That Matches the Access Pattern

A Documented Scope for IT Reviews and Payment Providers

EU Data Residency Without Building Your Own Infrastructure

What we own.What stays yours.

What Every Managed Premium Environment Includes

OpenResty Ingress Layer

PHP-FPM — Per-Application Pools

PostgreSQL or MariaDB — Tuned for the Workload

Redis — Cache, Sessions, and Queues

Backups With Verified Restores

Monitoring With Real Alerting

SSL and Security Baseline

Managed Updates and Patch Cycle

A Platform Configured for How the Application Actually Runs

Every layer of the Managed Premium environment

What we manage and what you manage — in writing

Yhost manages

You manage

The real cost of a self-managed server versus a managed platform

Technical Reference and Operational Detail

Complete Stack Specification

Ingress and edge layer

Application layer

Database layer

Cache and queues

Operations and monitoring

Backups and recovery

OpenResty — What It Does That Standard NGINX Does Not

NGINX

OpenResty

Security Posture and Compliance Readiness

Platform security controls

EU data residency

Documentation available on Pro and Elite

What we do not provide

Choosing Between the Yhost Managed Products

Enterprise Hosting — reserved resources, control panel, app self-managed

Managed Premium — configured platform layer, no control panel, app self-managed

Managed Solutions — platform and application both operated by Yhost

The infrastructure is the same across all three

A direct question to decide

Complete Stack Specification

OpenResty — What It Does That Standard NGINX Does Not

Security Posture and Compliance Readiness

Choosing Between the Yhost Managed Products

Ingress and edge layer

Application layer

Database layer

Cache and queues

Operations and monitoring

Backups and recovery

Send Us the Application Details Before You Commit

We will assess the current setup, recommend a tier, and outline the migration — in writing.

The True Cost of Infrastructure

Unmanaged Cloud + DevOps

Managed Start

Managed Premium — Common Questions

What we own.
What stays yours.