So you've spent a weekend vibing with Claude, Cursor or OpenAI Codex and you've got something that works on your laptop. Congratulations - that's genuinely impressive and wasn't possible even two years ago. But now comes the question every non-technical founder eventually hits: how do I get this thing online so other people can actually use it?
In our previous post on vibe coding tools, we briefly touched on hosting and said it deserved its own post. This is that post. We're going to walk through the main deployment options from simplest to most complex so you can figure out which one actually fits what you've built.
Before we get into it - what you built matters. A static website, a web app with user accounts, a mobile app and an API-heavy backend all have very different deployment needs. We'll cover the lot.
Quick check: what have you actually built?
Before picking a deployment option you need to understand what your project actually is. Ask your AI assistant to describe the architecture or check the package.json (or equivalent) for clues.
Static site or frontend-only app - HTML, CSS and JavaScript with no server-side logic. Think landing pages, calculators, simple tools. These are the easiest to deploy.
Full-stack web app - A frontend plus a backend server that handles things like user accounts, databases and business logic. Common frameworks here include Next.js, Ruby on Rails, Django and Express.
Mobile app - Built with React Native, Flutter or native code. These need app store submissions which is a whole separate process.
API or backend service - A server that other apps talk to. No user-facing frontend.
Got it? Good. Let's look at your options.
Option 1: static hosting (the easy one)
Best for: Static sites, single-page apps, JAMstack projects
If your project is a frontend-only app or static site, you've got the simplest deployment path. Services like Vercel and Netlify will connect to your GitHub repository and automatically build and deploy your site every time you push code. The whole process takes about five minutes to set up.
How it works:
- Push your code to GitHub (your AI assistant can help with this)
- Sign up and connect your repository
- The service detects your framework and builds it
- You get a live URL instantly
Vercel is the best choice if you've built a Next.js app (they created the framework). Netlify is brilliant for anything else - Gatsby sites, plain HTML, React apps. Both have generous free tiers that will comfortably handle an MVP.
The beauty of this approach is there's almost nothing to manage. No servers, no infrastructure, no security patches. The service handles all of it.
Watch out for: If your app needs a backend (user accounts, a database, server-side logic), static hosting alone won't cut it. You'll need to pair it with a backend service or pick a different option.
Option 2: backend as a service
Best for: Apps that need user accounts, real-time data and storage without managing a server
Firebase (Google) and Supabase are the big players here. They give you a database, user authentication, file storage and serverless functions all in one package. Your frontend talks directly to these services through their SDKs - no backend server needed.
Firebase has been around since 2012 and has excellent documentation. It uses a NoSQL database (Firestore) which is easy to get started with but can get tricky with complex data relationships. The AI tools are very good at generating Firebase code because there are so many examples in their training data.
Supabase is the open-source alternative that's been growing massively. It uses PostgreSQL under the hood which means a proper relational database. If your AI-generated code uses SQL or you need complex queries, Supabase is probably the better choice. Their dashboard is also excellent for non-technical users who want to inspect and manage their data directly.
Things you need to think about:
- Authentication rules. Both services let users sign up and log in easily. But you need to configure security rules to make sure users can only access their own data. This is the bit that vibe coders most often get wrong. An AI might generate working code that has no data isolation between users - meaning user A can see user B's data. Get this reviewed before you launch.
- Costs at scale. Both have generous free tiers but costs can spike if your app takes off. Firebase charges per read/write operation. Supabase charges based on database size and bandwidth. Understand the pricing model before you end up with a surprise bill.
- Vendor lock-in. Firebase especially ties you into the Google ecosystem. Supabase being open-source means you could theoretically self-host it later.
Option 3: managed platforms
Best for: Full-stack web apps with a backend server
This is the category that has exploded in the last few years. If you've built something with Ruby on Rails, Django, Express, or any framework that runs a server process, these platforms make deployment dramatically simpler than doing it yourself.
Railway - The new darling of the deployment world. Railway is excellent for deploying virtually anything. Push your code, it detects the framework, builds it and runs it. Adding a PostgreSQL database is one click. The developer experience is outstanding and their free tier gives you enough to test and demo an MVP. Railway also handles environment variables, logs and monitoring through a clean dashboard.
Render - Similar to Railway with a slightly more mature product. Render offers web services, databases, cron jobs and static sites all under one roof. Their free tier includes a PostgreSQL database and web service, though free tier services do spin down after inactivity (meaning the first request after a period of no traffic will be slow).
Fly.io - Deploys your app as lightweight VMs distributed across the globe. Fly is slightly more technical than Railway or Render but gives you more control over where your app runs geographically. Great if you need low latency for users in specific regions.
A note on Heroku: Heroku pioneered this category and a lot of tutorials still reference it. It's still around and still works but it dropped its free tier in 2022 and has lost a lot of mindshare since. Railway and Render have largely filled the gap.
The key advantage of managed platforms is they handle the operational overhead. Server updates, SSL certificates, scaling, backups - it's all taken care of. You focus on your app, they focus on keeping it running.
Option 4: cloud platforms (PaaS/IaaS)
Best for: Complex apps that need specific infrastructure, apps with strict compliance needs
AWS, Google Cloud and Azure are the big three cloud providers. They offer everything from simple app hosting to machine learning infrastructure and satellite ground stations (genuinely).
For a vibe coded MVP, the relevant services are:
- AWS: Elastic Beanstalk (managed app hosting), Amplify (frontend + backend), Lightsail (simple VPS)
- Google Cloud: Cloud Run (containerised apps), App Engine (managed hosting)
- Azure: App Service (managed hosting), Static Web Apps (frontend)
Why you might need this: If your app handles sensitive data (healthcare, financial services), you may need specific compliance certifications. The big cloud providers offer HIPAA, SOC 2 and ISO 27001 compliant environments. They also let you choose exactly which region your data lives in, which matters for GDPR.
Why you probably don't need this yet: Cloud platforms are powerful but complex. The learning curve is steep and it's easy to accidentally leave services running that rack up costs. For most MVPs, a managed platform like Railway or Render gives you 90% of the capability with 10% of the complexity.
Cost warning: All three offer free tiers but they're designed to get you in the door. AWS in particular is notorious for unexpected bills. Set up billing alerts from day one if you go this route.
Option 5: your own server
Best for: People who want full control, apps with predictable traffic, cost-sensitive projects at scale
At the other end of the spectrum you can rent an actual server and manage everything yourself. Hetzner is the go-to recommendation here - their dedicated servers and cloud VMs are significantly cheaper than the big cloud providers. You can get a capable server for under €10/month.
The deployment tool to know about is Kamal. Built by the team behind Ruby on Rails, Kamal handles deploying Docker containers to any server with zero downtime. It's designed to make self-hosting as painless as possible. You define your setup in a simple configuration file and Kamal handles the rest - pulling images, managing load balancing, rolling out updates.
Coolify is another option worth knowing about. It's an open-source, self-hosted alternative to platforms like Railway and Render. Install it on your Hetzner box and you get a nice web dashboard for deploying and managing applications.
The trade-off is clear: you save money but you're responsible for everything. Server updates, security patches, SSL certificates, backups, monitoring. If the server goes down at 3am, that's your problem. For an MVP that's just you and a handful of early users, this might be fine. For anything with paying customers, think carefully about whether the savings are worth the operational burden.
So which one should you pick?
Here's a rough decision tree:
"I built a static site or simple frontend" → Vercel or Netlify. Don't overthink it.
"I need user accounts and a database but no custom backend" → Firebase or Supabase paired with Vercel/Netlify for the frontend.
"I built a full-stack app and I just want it online" → Railway or Render. Quick, affordable, minimal fuss.
"I have compliance requirements or need specific infrastructure" → AWS, GCP or Azure. Budget for the learning curve.
"I want maximum control and minimum cost" → Hetzner + Kamal or Coolify.
For most vibe coded MVPs, option 2 or 3 is the sweet spot. You get your app online quickly, costs are predictable and you're not spending time on infrastructure when you should be talking to users.
The stuff people forget
Deploying the code is only half the battle. Here are the things that catch people out:
Custom domains. Your app will launch on a subdomain like your-app.railway.app. To use your own domain you need to buy one (Namecheap or Cloudflare) and configure DNS settings. Every hosting platform has guides for this and it's usually straightforward.
HTTPS. Every platform listed above handles SSL certificates automatically. If you're self-hosting, Kamal and Coolify handle this too. There's no excuse for launching without HTTPS in 2026.
Backups. If you're using a database, make sure backups are configured. Managed platforms usually handle this but check. Losing your users' data is the fastest way to kill trust.
What to watch out for
Getting your app online is one thing. Making sure it's safe to use is another. These are the issues we see most often in vibe coded projects that have made it to production.
Data leakage between users. This is the big one. AI-generated code often gets the happy path right but misses data isolation entirely. User A should never be able to see user B's data. If your app has organisations or teams, the boundaries need to be airtight. Test this manually before you launch - log in as different users and try to access each other's resources.
Role-based access control (RBAC). If your app has different user roles (admin, member, viewer), you need to verify that permissions actually work. Don't just trust that the AI got it right. Write tests that confirm a regular user can't access admin endpoints. Try it yourself. Broken RBAC is one of the most common security vulnerabilities in web apps and it's easy to miss when you're building fast.
Costs getting out of control. Managed platforms and cloud services make it easy to rack up unexpected bills. Set billing alerts on every service you use. If you're using an AI API (OpenAI, Anthropic, etc.) in your app, set usage limits. One viral moment or a bot hitting your endpoint in a loop can burn through hundreds of pounds overnight.
Environment secrets. API keys, database credentials and third-party service tokens should live in environment variables, never in your code. Check your repository for accidentally committed secrets - your AI assistant may have hardcoded them during development. Every platform listed above has a way to set environment variables securely. Use it.
Rate limiting. AI-generated APIs almost never include rate limiting. Without it, a bot or a bad actor can hammer your endpoints and either rack up your costs or take your app down entirely. Most frameworks have rate limiting middleware that takes minutes to set up. If your app has any public-facing API endpoints, this is essential.
Input validation. Vibe coded apps tend to trust whatever the user sends. That's how you end up with SQL injection, cross-site scripting (XSS) and other attacks that have been in the OWASP Top 10 for decades. Never assume user input is safe. Ask your AI assistant to specifically audit your code for injection vulnerabilities - it's one of the things they're actually good at catching when prompted directly.
Monitoring and alerting. You need to know when things break before your users tell you. Set up Sentry for error tracking and UptimeRobot to alert you if your site goes down. Both have free tiers that are more than enough for an MVP. If you're running a backend, keep an eye on response times and error rates too.
None of these are nice-to-haves. Data leakage, broken permissions and exposed secrets are the kinds of issues that can sink a product overnight. If you're not confident you've got these covered, talk to someone who does this for a living before you launch. Seriously. The cost of a security review is a fraction of the cost of a breach.
When to get help
Vibe coding is brilliant for getting to a working prototype. But there's a gap between "works on my laptop" and "ready for real users" that's bigger than most people expect. Security, scalability, data architecture, compliance - these are the things that professional developers spend careers learning.
If any of the points above made you uneasy or you're not sure whether your app handles them correctly, that's a sign you need a second pair of eyes. Don't wait until something goes wrong.
Book a free 30-minute call with us. We can review your setup, flag any risks and help you figure out the best path to production. We've helped plenty of founders bridge the gap between prototype and product.
