How I Moved My Digital Stack to Europe
How I Moved My Digital Stack to Europe
我是如何将我的数字技术栈迁移到欧洲的
On digital sovereignty, and why European cloud is better than you think. 关于数字主权,以及为什么欧洲云服务比你想象的更好。
There’s a version of this post that starts with a spreadsheet and ends with a quiet sense of satisfaction. That’s mostly how it went. But underneath the practical exercise of swapping one SaaS tool for another was something that felt more urgent, a growing discomfort with how much of my digital infrastructure sat on servers I didn’t control, in a jurisdiction increasingly prone to unpredictability, operated by companies whose incentives don’t always align with mine. 这篇文章原本可以写成一个从电子表格开始、以一种宁静的满足感结束的故事。过程大抵如此。但在将一个 SaaS 工具替换为另一个的实际操作背后,隐藏着一种更为紧迫的感觉——我越来越不安,因为我的大部分数字基础设施都运行在我无法控制的服务器上,位于一个日益不可预测的司法管辖区,并由那些激励机制并不总是与我一致的公司运营。
Digital sovereignty sounds like a buzzword until you think carefully about what it means. It means knowing where your data lives. It means not being one policy change, one acquisition, or one executive’s bad mood away from losing access to tools your business depends on. It means choosing infrastructure based on values, not just convenience. So I started migrating. “数字主权”听起来像是一个流行词,直到你仔细思考它的含义。它意味着知道你的数据存储在哪里。它意味着你不会因为某项政策的改变、某次收购或某位高管的一时兴起,就失去对业务所依赖工具的访问权限。它意味着基于价值观而非仅仅是便利性来选择基础设施。于是,我开始了迁移。
Analytics: Google Analytics → Matomo
分析工具:Google Analytics → Matomo
Google Analytics was the obvious first target. It’s the canonical example of a service that’s free because you are the product, your visitors’ behavior funneled back into Google’s advertising machinery. Self-hosting Matomo solved this cleanly. The data stays on my own server (I had to instantiate a new small server for this, which is cheap, but not free), and I’m fully GDPR-compliant without the cookie consent theater that Google Analytics typically requires. The reporting is comprehensive, the interface is familiar enough, and I own everything. The main downside is maintenance overhead. You’re now responsible for updates, backups, and keeping the server healthy. For most setups this is low-friction, but it’s not zero friction. Google Analytics 是我首选的迁移目标。它是“免费服务即产品”的典型案例,你的访客行为被汇集到 Google 的广告机器中。自托管 Matomo 干净利落地解决了这个问题。数据保留在我自己的服务器上(为此我不得不配置了一台新的小型服务器,虽然便宜,但并非免费),并且我完全符合 GDPR 标准,无需 Google Analytics 通常要求的那些繁琐的 Cookie 同意弹窗。报告功能全面,界面足够熟悉,而且我拥有所有权。主要的缺点是维护成本。你现在需要负责更新、备份并保持服务器健康。对于大多数设置来说,这并不麻烦,但并非完全没有摩擦。
Email: Google Workspace → Proton Mail
电子邮件:Google Workspace → Proton Mail
Proton Mail is based in Switzerland, not EU territory, but Swiss privacy law is closely aligned with GDPR and arguably stronger in some respects. Proton builds its business model around privacy rather than advertising, and end-to-end encryption is baked in at the protocol level rather than bolted on. The email client is solid, the calendar works well, and for anyone moving away from US-based services, it sits comfortably in the same spirit as the rest of this stack. One adjustment is getting used to Proton’s filter system, which is a bit more limited than Gmail’s. Gmail lets you write filters against virtually anything, including the full body of the message. Proton doesn’t support filtering on email content at all. So if you’ve built a workflow around catching specific phrases or keywords in message bodies, you’ll have to rethink it. For most people this won’t be a dealbreaker, but it’s worth knowing before you migrate. There’s also a practical limitation worth flagging: Proton caps custom domains at three, even on the Duo plan. If you run several domains, like separate addresses for different projects or businesses, you’ll hit that ceiling quickly and need to rethink how you route and send mail. I ended up consolidating, which was probably overdue anyway, but it wasn’t a choice I made entirely freely. Proton isn’t free and charges a substantial fee compared to other options. You’ll get access to a whole suite of Proton apps though. Proton Mail 总部位于瑞士,虽非欧盟领土,但瑞士的隐私法与 GDPR 高度一致,甚至在某些方面更为严格。Proton 的商业模式围绕隐私而非广告构建,端到端加密是在协议层面内置的,而非后期添加。邮件客户端很稳健,日历功能也很好用。对于任何想要脱离美国服务的人来说,它与我这套技术栈的其他部分在精神上高度契合。一个需要适应的地方是 Proton 的过滤系统,它比 Gmail 的限制更多。Gmail 允许你针对几乎任何内容编写过滤器,包括邮件正文。而 Proton 完全不支持基于邮件内容的过滤。因此,如果你之前的工作流依赖于捕捉邮件正文中的特定短语或关键词,你必须重新思考。对大多数人来说,这不算致命伤,但在迁移前值得了解。还有一个值得注意的实际限制:即使在 Duo 套餐中,Proton 也将自定义域名限制为三个。如果你运营多个域名(例如为不同项目或业务使用独立地址),你会很快触及上限,并需要重新考虑如何路由和发送邮件。我最终进行了整合,这可能早就该做了,但这并非我完全自愿的选择。Proton 并不免费,与其他选项相比费用较高。不过,你可以获得一整套 Proton 应用的使用权。
Password Management: 1Password → Proton Pass
密码管理:1Password → Proton Pass
Once I was in the Proton ecosystem, moving password management there as well made sense. Proton Pass is end-to-end encrypted, open source, and benefits from the same Swiss jurisdiction as the rest of Proton’s stack. 1Password is a genuinely great product and this was a lateral move more than an upgrade. The interface is simple, the browser extension works reliably, and having passwords, email, and calendar under one encrypted roof has a certain satisfying coherence to it. 一旦进入 Proton 生态系统,将密码管理也迁移过去就很合理了。Proton Pass 是端到端加密的,开源的,并且受益于与 Proton 其他部分相同的瑞士司法管辖区。1Password 确实是一款出色的产品,这次迁移更多是平级转换而非升级。界面简洁,浏览器扩展运行可靠,将密码、电子邮件和日历整合在一个加密的屋檐下,有一种令人满意的连贯性。
Compute: DigitalOcean → Scaleway
计算服务:DigitalOcean → Scaleway
DigitalOcean has earned its reputation by doing one thing exceptionally well: getting out of your way. The UI is clean, the mental model is simple, and spinning up infrastructure never feels like a chore. It’s the platform that proved developer experience could be a competitive moat. Scaleway was a pleasant surprise. I expected a capable-but-rough European alternative, but what I found was a platform that’s genuinely well thought out. Servers spun up quickly inside a private network of my own configuration, the control panel is clean, and the options available matched everything I actually needed. Scaleway displays projected CO₂ emissions (This actually made me host most of my infrastructure in Paris, where Compute consumes the least energy) alongside server location choices, a nice touch. DigitalOcean 凭借一件事赢得了声誉:不干扰用户。界面简洁,思维模型简单,启动基础设施从不让人感到繁琐。它证明了开发者体验可以成为竞争壁垒。Scaleway 是一个惊喜。我原本以为它只是一个功能尚可但粗糙的欧洲替代品,但实际上它是一个设计得非常周到的平台。服务器在我配置的私有网络中快速启动,控制面板简洁,提供的选项完全满足我的需求。Scaleway 在选择服务器位置时会显示预计的二氧化碳排放量(这实际上促使我将大部分基础设施托管在巴黎,那里的计算能耗最低),这是一个很棒的细节。
Object Storage: Amazon Web Services → Scaleway
对象存储:Amazon Web Services → Scaleway
Scaleway’s object storage is S3-compatible, which makes migration mechanical rather than painful; update your endpoint and credentials and existing code works unchanged. I used a tool called rclone to sync my old AWS S3 storage buckets to the new Scaleway S3 buckets. This took a little more than a week of constant syncing, as these buckets were quite large. Scaleway 的对象存储兼容 S3,这使得迁移过程变得机械化而非痛苦;只需更新端点和凭据,现有代码即可直接运行。我使用了一个名为 rclone 的工具将旧的 AWS S3 存储桶同步到新的 Scaleway S3 存储桶。由于这些存储桶非常大,持续同步花了一周多的时间。
Offsite Backups: Backblaze → OVHcloud
异地备份:Backblaze → OVHcloud
OVH is the largest European cloud provider and brings the reliability and pricing you’d expect at that scale. Their object storage works well as a backup destination and ends up cheaper than Backblaze B2 once you configure lifecycle rules to move older backups to the cold storage class. Getting there, however, requires some patience. The OVHcloud control panel is a labyrinth: the lifecycle rule configuration is buried somewhere in the documentation, and it involves some work in the terminal. Once it’s set up, it works reliably and the cost difference is meaningful. OVH 是欧洲最大的云服务提供商,带来了该规模下应有的可靠性和定价。他们的对象存储作为备份目的地效果很好,一旦你配置了生命周期规则将旧备份移动到冷存储层,其成本比 Backblaze B2 更低。然而,实现这一目标需要一些耐心。OVHcloud 的控制面板像迷宫一样:生命周期规则配置隐藏在文档的某个角落,并且需要一些终端操作。一旦设置完成,它运行非常可靠,且成本差异显著。
Transactional Emails: Twilio SendGrid → Lettermint
事务性邮件:Twilio SendGrid → Lettermint
Lettermint is a European transactional email service that does the job without the bloat. Deliverability is solid, the API is clean, and it has straightforward pricing. Lettermint 是一家欧洲的事务性邮件服务商,它能完成任务且没有冗余功能。送达率稳健,API 简洁,定价直观。