Free Heroku Alternatives for Sysadmins: how to choose, migrate safely, and operate with confidence

When Heroku ended its free plan for Dynos, Postgres, and Data for Redis (Nov 28, 2022), many teams had to move apps and data in a hurry. Two years on, the landscape is clear: there are free (or “always-free”) options beyond Heroku, but there is no 1:1 drop-in. For a sysadmin audience, this guide isn’t a list; it’s an operational plan—which target model to pick, how to migrate with minimal downtime, and how to run with proper observability, security, and predictable costs.

Executive summary

• Target models: PaaS/containers, Serverless, Jamstack, managed DBs/caches, and self-hosted PaaS.
• Migration: inventory → Procfile/Dockerfile → add-ons → data → CI/CD → networking & security → observability → runbooks.
• Risks: sleep policies, blocked SMTP, egress limits, vendor lock-in, missing backups on free tiers.

---

1) Destination models: ops-focused pros & cons

A) PaaS / Managed containers

Render, Koyeb, Northflank, Qoddi, Alwaysdata, Back4App, Netlify/Vercel (with functions).
Pros: git deploy, buildpacks or Docker, simple autoscaling, Postgres/Redis add-ons.
Cons: sleep on free tiers, SMTP restricted, CPU/RAM caps, unspecified egress.

When: web/REST apps, workers and cron jobs where cost/ops matter more than ultra-low latency.

B) Serverless

Cloud Run, AWS Lambda, Azure Container Apps, Cloudflare Workers/Pages Functions.
Pros: scale-to-zero, pay-per-use, global edge (Workers).
Cons: cold start, per-minute quotas/limits, stateless by design, harder end-to-end tracing.

When: stateless APIs, event-driven tasks, microservices.

C) Jamstack & static

Netlify, Vercel, Cloudflare Pages, GitHub Pages, Surge.
Pros: global CDN, preview deploys, tiny cost.
Cons: separate backend (functions or external APIs), build-minutes limits.

D) Managed databases (Heroku Postgres/Redis replacements)

CockroachDB Serverless, Neon (Postgres), Supabase (Postgres), PlanetScale (MySQL), TiDB Cloud, Turso (edge SQLite), Upstash (Redis/Kafka), Redis Enterprise (starter), MongoDB Atlas M0.
Pros: PITR, branching, autosuspend, edge regions.
Cons: small storage, limited SLAs, region restrictions on free.

E) Self-hosted PaaS

Dokku, CapRover, Coolify, Tsuru, Piku.
Pros: full control, git-push deploy, no sleep, no vendor lock-in.
Cons: not free to run (VPS/IaaS bill), you own patching, backups, TLS, monitoring.

---

2) Quick decision tree (ops-first)

• Is the app stateless and OK with cold start? → Serverless (Cloud Run/Lambda/Workers).
• Needs WebSocket or always-on processes? → PaaS/containers (Render/Koyeb/Northflank) or self-hosted (Dokku/CapRover).
• Burst-y traffic + cost sensitivity? → Serverless or PaaS with scale-to-zero.
• Need data residency/GDPR + PITR? → Neon/Supabase/PlanetScale/CockroachDB per stack.
• Want portability and minimal lock-in? → Docker + self-hosted PaaS.

---

3) Migration plan (30-60-90 days)

0) Inventory (week 1)

• Repos, Procfile, buildpacks, env vars, add-ons (Postgres/Redis/SMTP), domains, SSL, schedulers.
• External deps (payments, webhooks, S3, OAuth).
• SLOs: latency, uptime, acceptable downtime window.

1) Runtime (weeks 2–3)

• Convert Procfile → Dockerfile if leaving buildpacks. FROM node:20-alpine WORKDIR /app COPY package*.json . RUN npm ci --only=production COPY . . EXPOSE 3000 CMD ["node","server.js"]
• Split web/worker/cron into separate services/jobs.
• Move secrets from “Config Vars” to a Secret Manager (or PaaS-encrypted env).

2) Data (weeks 3–5)

• Postgres: prefer logical replication; otherwise pg_dump/pg_restore + read-only window. pg_dump -Fc "$HEROKU_DATABASE_URL" -f dump.pg pg_restore --no-owner --no-privileges -d "$NEW_DB_URL" dump.pg
• Redis: export/import if supported; else rehydrate from the real DB (avoid treating Redis as primary storage).
• Validate encodings, extensions, collations.

3) Networking & domains (weeks 4–6)

• TLS/ACME managed by provider, or cert-manager (self-hosted).
• Fixed egress IP if upstream requires allowlisting → NAT Gateway or provider feature.
• WAF/CDN: Cloudflare/Fastly for bots, DDoS, rate limits.
• SMTP: most free tiers block it; use SendGrid/Postmark/Mailgun (free/hobby plans).

4) Observability (weeks 5–7)

• Structured logs (JSON) + correlation-id.
• Centralize with ELK / Loki+Promtail / OpenSearch or managed add-ons.
• Tracing: OpenTelemetry → Tempo/Jaeger/X-Ray/Cloud Trace.
• Metrics: Prometheus + Grafana, alerts in PagerDuty/Opsgenie.

5) CI/CD (weeks 6–8)

• Pipelines via GitHub Actions/GitLab CI: lint → tests → build image → deploy.
• Preview deploys if provider supports them.
• Canary/Blue-Green where feasible.

6) Security & compliance (weeks 7–9)

• SSO/SCIM, RBAC, rotate API keys and tokens.
• Backups daily with verified restore tests (monthly).
• Data residency, DPA/GDPR review per provider.

7) Runbooks & rollback (week 9)

• Written procedures: scaling, incident, DB restore, secret rollover.
• Rollback plan to Heroku or previous release.

---

4) Cookbook by destination (commands & gotchas)

Render / Koyeb / Northflank (managed containers)

• Build via Docker or buildpacks.
• Define web, worker, cron as separate services.
• Attach Postgres/Redis (managed) or external (Neon/Upstash).
• Gotchas: sleep on free, limited egress, SMTP blocked.

Cloud Run (GCP) / Lambda (AWS) / Workers (Cloudflare)

• Minimal container/function.
• Cloud Run: great middle ground—HTTP, concurrency, min instances to reduce cold start.
• Workers: ultra-low latency, KV/Queues/D1; CPU/duration limits.
• Gotchas: cold starts, external state, RDS Proxy or Neon for Postgres.

Dokku / CapRover / Coolify (self-hosted)

• VPS (2–4 vCPU, 4–8 GB RAM) + swap + NVMe disk.
• Install platform, enable ACME/Let’s Encrypt, backups, monitoring.
• git-push deploy (Dokku/Piku) or one-click apps (CapRover/Coolify).
• Gotchas: host patching, firewalling, fail2ban, manual DB PITR.

---

5) Common add-on replacements

• Heroku Postgres → Neon / Supabase / CockroachDB Serverless (PG), PlanetScale (MySQL), TiDB Cloud.
• Heroku Redis → Upstash / Redis Enterprise (starter).
• Heroku Scheduler → PaaS cron/job, or Cloud Scheduler (GCP) / EventBridge (AWS) / Workers Cron (CF).
• Heroku Logplex → Loki/ELK/OpenSearch (managed or self-hosted).
• Heroku Mail → SendGrid/Postmark/Mailgun (free/hobby tiers).

---

6) Day-2 operations (the things that bite)

• Sleep/autosuspend: schedule health pings if allowed, or upgrade to a non-sleep tier.
• Verified backups: never assume on free tiers. Restore to a sandbox monthly.
• Secret rotation: quarterly cadence + audit logs.
• Cost control: monthly usage dashboard, alerts on egress, build minutes, invocations.
• Security: lock SSH, prefer OIDC/SSO, IP allowlists, WAF/CDN, rate limiting.
• Access lifecycle: clean on/off-boarding for PaaS, repos, and secret stores.

---

7) Migration checklist (printable)

• Inventory apps/add-ons/domains/SLAs.
• Dockerfile(s) and health checks.
• Target DB selected + dump/replication plan + PITR.
• Secrets stored in a dedicated manager.
• TLS and DNS cutover with low TTLs.
• Logs, metrics, tracing, and alerts wired.
• CI/CD with preview and rollback.
• Automated backups + restore tests.
• Runbooks for incident/restore/rotation.
• Validate sleep/SMTP/limits of the selected plan.

---

8) Sysadmin FAQs

How do I minimize Postgres downtime?
Prefer logical replication; otherwise dump/restore with a read-only window. For critical apps, consider a temporary dual-write + feature flag cutover.

Can I get a fixed egress IP on free plans?
Rarely. Use a NAT Gateway (your own cloud), a provider offering fixed egress, or Cloudflare Tunnel depending on the use case.

What replaces Heroku’s review apps?
Preview deployments (Vercel/Netlify/Render/Koyeb) or ephemeral CI environments (spin up container + DB branch in Neon/PlanetScale).

What about cron and workers?
Run them as separate services (PaaS) or use Cloud Scheduler / EventBridge / Workers Cron (serverless). Avoid cron inside the web container.

How do I keep serverless costs in check?
Set quotas, timeouts, minimal concurrency, caching, and egress alerts. Review billing weekly in month 1.

---

Provider quick reference

• PaaS/containers: render.com, koyeb.com, northflank.com, qoddi.com, alwaysdata.com, back4app.com
• Serverless & edge: cloud.run, aws lambda, azure container apps, workers.cloudflare.com, pages.cloudflare.com
• DBs: cockroachlabs.cloud, supabase.com, neon.tech, planetscale.com, tidbcloud.com, turso.tech
• Redis/Kafka: upstash.com, redis.com/try-free
• Static/Jamstack: vercel.com, netlify.com, pages.github.com, surge.sh
• Self-hosted PaaS: dokku.com, caprover.com, coolify.io, tsuru.io, piku.github.io

---

Bottom line. Replacing Heroku on a free/hobby budget is feasible if you accept a different operating model: more sleeping, more limits, and more responsibility for visibility and security. For production, consider entry-level paid tiers (no sleep) or a self-hosted platform with solid practices (Docker, backups, monitoring). The “good migration” isn’t the one that copies commands; it’s the one that leaves Operations with visibility, runbooks, and predictable costs.