A research platform exploring how modern mass hosting should work. Multi-tenant isolation, automated provisioning, domain registration, and a complete API — with a Terraform provider on top.
$ terraform init
Initializing provider plugins...
- Installing massive-hosting/hosting v0.2.0...
- Installed massive-hosting/hosting v0.2.0
Terraform has been successfully initialized!
$ terraform apply
hosting_webapp.myapp: Creating...
hosting_database.mydb: Creating...
hosting_fqdn.main: Creating...
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
A complete hosting platform with every infrastructure primitive, all accessible via a unified API.
PHP, Node.js, Python, Ruby, and static sites. Each app gets its own folder, runtime, and auto-injected environment variables with database credentials and service URLs.
Managed MySQL databases with per-user privileges, inline password reset, and GTID replication. Valkey (Redis-compatible) instances with ACL-based access control, configurable memory limits, and a built-in data explorer with key browser, add/delete keys, type-aware value viewer, and interactive command console.
S3-compatible object storage with public/private buckets, access keys, and configurable quotas. Built-in object browser for navigating and managing bucket contents.
DNS records provisioned automatically when you add domains, enable email, or configure SSL. Bring your own zones or use our nameservers. Full record editor, zone history with record promotion, and BIND zone file import/export in the control panel.
Register, transfer, and manage domains through integrated registrar APIs. Multi-step registration wizard adapts per TLD with NIS2-compliant contact verification, DNSSEC, WHOIS privacy, and auto-renewal. Visual TLD flow editor for operators.
Full email hosting with JMAP and IMAP support powered by Stalwart. Aliases, forwarding rules with keep-copy toggle, vacation auto-replies with date picker, and per-domain accounts with auto-provisioned MX, SPF, DKIM, and DMARC records. Integrated webmail client.
Modern webmail client with conversations, calendar, contacts, and full-text search. Auto-provisioned address books and calendars with clean default names. Dark theme with responsive design.
Run any OCI container image with configurable memory, CPU, restart policies, environment variables, and private registry support via image pull secrets.
WireGuard peers with auto-generated keys and configs. The hosting-cli tool uses userspace WireGuard to proxy databases and caches to your local machine — no root required.
Long-running background processes managed by systemd with HTTP and WebSocket proxy support. Scheduled tasks with cron expressions, distributed locking, and auto-disable on repeated failures.
ModSecurity v3 with OWASP Core Rule Set for per-webapp firewall protection. Block or detect-only modes with custom rule exclusions. Nginx rate limiting with configurable requests/second and burst per source IP.
Automatic Let's Encrypt provisioning via HTTP-01 ACME with renewal. Upload custom certificates for domains that need them. Expiry monitoring with auto-created incidents.
On-demand and scheduled backups for web files and databases. Cron-based schedules with configurable retention, one-click restore, and automatic cleanup.
Browser-based file manager with SFTP backend: browse, upload, download, edit with Monaco editor, rename, and delete files. Symlink support, keyboard navigation with type-to-search, and persistent dock terminal that follows between pages.
HAProxy with HTTP/2 and HTTP/3 (QUIC), runtime map updates — no reload needed for domain changes. Consistent hashing on Host header within shards for predictable routing. DDoS mitigation with per-IP rate limiting and slow-loris protection.
Built-in HTTP health checks with configurable intervals, timeouts, and expected status codes. Automatic incident creation on failure and auto-resolution on recovery.
Full-featured web UI with light/dark mode, persistent dock terminal, real-time WebSocket updates, built-in SSH terminal, log streaming, push-to-deploy, inline resource management, draggable dialogs, keyboard navigation, and multi-language support (English, German, Norwegian).
Chroot jails, per-tenant Linux users, ULA IPv6 addressing per tenant, default-deny egress firewall, automatic SSL via Let's Encrypt, encrypted secrets at rest, and TOTP two-factor authentication.
Brands scope all resources with their own NS hostnames, base domain, and hostmaster. API keys are brand-scoped. Run multiple isolated hosting brands from a single platform.
Every API mutation logged with full request/response bodies, API key attribution, and credential sanitization. Domain registry audit trail with comprehensive filtering, statistics, CSV export, and NIS2 compliance reporting. Queryable by brand, user, resource, and time range.
100% API coverage with Personal Access Tokens. Full MCP server for AI-assisted management. Terraform provider, CLI tool, and control panel all built on the same API.
One-click export of your entire infrastructure as a .tf file. Import existing resources into Terraform state with generated import commands.
PR-based ephemeral deployments. Each pull request gets its own preview with optional database, Valkey, S3, and templated env vars. Auto-destroyed after a configurable TTL.
HMAC-signed event notifications for deploys, backups, SSL expiry, and cron failures. Configure per-URL endpoints with retry and secret management via the API or control panel.
Connect a GitHub repo to your webapp and push deploy workflows directly from the control panel. Edit workflows inline, pick from per-runtime templates, or set up manually with GitLab CI.
Centralized logging with Loki and dashboards via Grafana. Per-webapp request metrics with traffic, bandwidth, and status code charts. Separate stacks for control plane and tenant hosting.
Invite team members by email and assign roles — owner, admin, developer, or viewer. Granular permission enforcement on every API endpoint. Manage via control panel, API, or Terraform.
AI agents continuously monitor and automatically resolve infrastructure issues. Gap analysis identifies patterns agents can't fix yet, feeding into built-in reporting and improvement loops.
Built-in AI assistant for debugging webapp issues. Describe the problem in a chat, and the AI investigates using your logs, config, and shell access — with human approval before any changes.
Pull files from your old hosting provider via SFTP. Connect to any remote server, browse and select files, and transfer them directly into your webapp with real-time progress tracking.
Define your entire hosting stack in HCL. The Terraform provider covers 23 resource types with full CRUD support, async provisioning, and import capabilities. Published on the Terraform Registry.
23 resource types
Webapps, databases, DNS, S3, email, containers, VPN, SSH keys, egress rules, uptime monitors, webhooks
Import existing resources
Export your current setup as a .tf file from the control panel
Personal Access Tokens
Long-lived tokens for CI/CD, scripts, and Terraform
resource "hosting_webapp" "myapp" {
tenant_id = var.tenant_id
runtime = "php"
runtime_version = "8.4"
public_folder = "public"
}
resource "hosting_database" "mydb" {
tenant_id = var.tenant_id
}
resource "hosting_database_user" "app" {
database_id = hosting_database.mydb.id
privileges = ["ALL"]
}
resource "hosting_webapp_env_vars" "myapp" {
webapp_id = hosting_webapp.myapp.id
vars = {
APP_ENV = "production"
}
secret_vars = {
DB_PASSWORD = hosting_database_user.app.password
}
}
resource "hosting_fqdn" "main" {
fqdn = "myapp.example.com"
webapp_id = hosting_webapp.myapp.id
ssl_enabled = true
}24 resource types covering the full hosting stack.
All resources with an ID support terraform import.
Full documentation →