A research platform exploring how modern mass hosting should work. Multi-tenant isolation, automated provisioning, and a complete API — with a Terraform provider on top.
$ terraform init
Initializing provider plugins...
- Installing massive-hosting/hosting v0.2.0...
- Installed massive-hosting/hosting v0.2.0
Terraform has been successfully initialized!
$ terraform apply
hosting_webapp.myapp: Creating...
hosting_database.mydb: Creating...
hosting_fqdn.main: Creating...
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
A complete hosting platform with every infrastructure primitive, all accessible via a unified API.
PHP, Node.js, Python, Ruby, and static sites. Each app gets its own folder, runtime, and auto-injected environment variables with database credentials and service URLs.
Managed MySQL databases with per-user privileges and GTID replication. Valkey (Redis-compatible) instances with ACL-based access control, configurable memory and eviction policies. Built-in data explorer for browsing keys and values.
S3-compatible object storage with public/private buckets, access keys, and configurable quotas. Built-in object browser for navigating and managing bucket contents.
DNS records provisioned automatically when you add domains, enable email, or configure SSL. Bring your own zones or use our nameservers. Full record editor and zone history in the control panel.
Full email hosting with JMAP and IMAP support. Aliases, forwarding rules, vacation auto-replies, and per-domain accounts with auto-provisioned MX, SPF, DKIM, and DMARC records.
Run any OCI container image with configurable memory, CPU, restart policies, environment variables, and private registry support via image pull secrets.
WireGuard peers with auto-generated keys and configs. The hosting-cli tool uses userspace WireGuard to proxy databases and caches to your local machine — no root required.
Long-running background processes managed by systemd with HTTP and WebSocket proxy support. Scheduled tasks with cron expressions, distributed locking, and auto-disable on repeated failures.
ModSecurity v3 with OWASP Core Rule Set for per-webapp firewall protection. Block or detect-only modes with custom rule exclusions. Nginx rate limiting with configurable requests/second and burst per source IP.
Automatic Let's Encrypt provisioning via HTTP-01 ACME with renewal. Upload custom certificates for domains that need them. Expiry monitoring with auto-created incidents.
On-demand and scheduled backups for web files and databases. Cron-based schedules with configurable retention, one-click restore, and automatic cleanup.
Browser-based file manager with SFTP backend: browse, upload, download, edit, rename, and delete files. Integrated web terminal with arbitrary working directory.
HAProxy with HTTP/2 and HTTP/3 (QUIC), runtime map updates — no reload needed for domain changes. Consistent hashing on Host header within shards for predictable routing. DDoS mitigation with per-IP rate limiting and slow-loris protection.
Built-in HTTP health checks with configurable intervals, timeouts, and expected status codes. Automatic incident creation on failure and auto-resolution on recovery.
Full-featured web UI with built-in SSH terminal, real-time log streaming, push-to-deploy, inline resource management, multi-language support, and data explorers for S3, Valkey, and DNS.
Chroot jails, per-tenant Linux users, ULA IPv6 addressing per tenant, default-deny egress firewall, automatic SSL via Let's Encrypt, encrypted secrets at rest, and TOTP two-factor authentication.
Brands scope all resources with their own NS hostnames, base domain, and hostmaster. API keys are brand-scoped. Run multiple isolated hosting brands from a single platform.
Every API mutation logged with full request/response bodies, API key attribution, and credential sanitization. Queryable by brand, user, and time range.
100% API coverage with Personal Access Tokens. Full MCP server for AI-assisted management. Terraform provider, CLI tool, and control panel all built on the same API.
One-click export of your entire infrastructure as a .tf file. Import existing resources into Terraform state with generated import commands.
PR-based ephemeral deployments. Each pull request gets its own preview with optional database, Valkey, S3, and templated env vars. Auto-destroyed after a configurable TTL.
HMAC-signed event notifications for deploys, backups, SSL expiry, and cron failures. Configure per-URL endpoints with retry and secret management via the API or control panel.
Connect a GitHub repo to your webapp and push deploy workflows directly from the control panel. Edit workflows inline, pick from per-runtime templates, or set up manually with GitLab CI.
Centralized logging with Loki and dashboards via Grafana. Per-webapp request metrics with traffic, bandwidth, and status code charts. Separate stacks for control plane and tenant hosting.
Invite team members by email and assign roles — owner, admin, developer, or viewer. Granular permission enforcement on every API endpoint. Manage via control panel, API, or Terraform.
AI agents continuously monitor and automatically resolve infrastructure issues. Gap analysis identifies patterns agents can't fix yet, feeding into built-in reporting and improvement loops.
Built-in AI assistant for debugging webapp issues. Describe the problem in a chat, and the AI investigates using your logs, config, and shell access — with human approval before any changes.
Pull files from your old hosting provider via SFTP. Connect to any remote server, browse and select files, and transfer them directly into your webapp with real-time progress tracking.
Define your entire hosting stack in HCL. The Terraform provider covers 23 resource types with full CRUD support, async provisioning, and import capabilities. Published on the Terraform Registry.
23 resource types
Webapps, databases, DNS, S3, email, containers, VPN, SSH keys, egress rules, uptime monitors, webhooks
Import existing resources
Export your current setup as a .tf file from the control panel
Personal Access Tokens
Long-lived tokens for CI/CD, scripts, and Terraform
resource "hosting_webapp" "myapp" {
tenant_id = var.tenant_id
runtime = "php"
runtime_version = "8.4"
public_folder = "public"
}
resource "hosting_database" "mydb" {
tenant_id = var.tenant_id
}
resource "hosting_database_user" "app" {
database_id = hosting_database.mydb.id
privileges = ["ALL"]
}
resource "hosting_webapp_env_vars" "myapp" {
webapp_id = hosting_webapp.myapp.id
vars = {
APP_ENV = "production"
}
secret_vars = {
DB_PASSWORD = hosting_database_user.app.password
}
}
resource "hosting_fqdn" "main" {
fqdn = "myapp.example.com"
webapp_id = hosting_webapp.myapp.id
ssl_enabled = true
}24 resource types covering the full hosting stack.
All resources with an ID support terraform import.
Full documentation →