When a website project needs a customer portal, a partner dashboard, or anything behind a login, we build it on Nhost and Hasura. This post shows how that stack works in practice, using a real insurance platform we have managed for nine years.
Why We Use Nhost
At Essential Code, we build headless websites for marketing teams at established companies. Most of the time, the project is a public website. But some projects need more than that. A customer portal. A partner dashboard. An admin tool. Anything behind a login.
When a project needs authentication, user management, and structured data, we build it on Nhost. Read more about how Essential Code started.
The SunRocks project is the best example of how this works in practice. SunRocks is an insurance company whose platform handles all daily operations and customer interactions. This blog post details the migration from a complicated, cost-intensive hosting environment to Nhost.
What’s behind SunRocks?
SunRocks primarily deals with the day-to-day operations of an insurance agency processing new insurance policies, handling claims, etc., all with a portfolio of over 60,000 policyholders. What makes it unique is that SunRocks’ CEO, Roland Hehle, aims to manage the entire daily operation with just one additional employee. This means the software’s automation level is high.
I’ve had the privilege of managing the SunRocks project for about 9 years, and during my time as the agency’s CEO, we continually expanded the software, most recently incorporating an internal OpenShift installation. This works smoothly as long as you have a team and the deep know-how required to operate such a system. As a solopreneur, it was clear that I couldn’t handle this alone. A pragmatic and forward-looking solution was necessary.
Infrastructure and Tech Stack
SunRocks relied on Hasura + PostgreSQL at its core. Authentication and authorization were handled via Keycloak, and a file storage (S3 compatible) via OpenShift. A few external services like Postmark, PDF Monkey, and Mollie (payment) were integrated. To manage the sometimes high number of emails or PDF creations (insurance certificates), we introduced a queue/worker concept. The queue itself was built on PostgreSQL for simplicity. There were three different frontends: a customer portal for policyholders, a portal for sales partners, and an admin center for all back-office activities. The two portals had already migrated to Next.js, while the admin center was still a Webpack/React application with a custom build.
List of Services:
- Hasura + PostgreSQL
- Keycloak + oauth2-proxy
- Node.js workers for email, PDF creation, and payment
- Node.js API for business logic, triggered by Hasura events and actions
- Next.js-based portals for policyholders and sales partners
- Webpack/React Admin Center
Hardcore over-engineered and resource-intensive, of course. But we had the necessary server capacity at Hetzner and an excellent team of developers. For a team, using the project as a technical playground was fine, but as a solo developer, it presented a massive challenge. How could I operate and develop the software on my own without it becoming a full-time job? After all, I also wanted to pursue other projects with Essential Code.
Hasura: The Constant
From the beginning, it was clear that I did not want to proceed without Hasura. I would even go so far as to say that I will not build any API without Hasura. It’s just a waste of time, considering how effective it is with Hasura. That’s when I came across Nhost. My interest in k8s, DevOps, and cloud infrastructure is limited (though I recognize its importance and have at least a good basic knowledge), and it’s simply unprofessional to offer operations for mission-critical software solo. What if I were incapacitated? A reliable PaaS provider was the only option from my perspective.
For completeness, I looked at other alternatives. Operating everything through DigitalOcean was too complex and felt insecure. Rebuilding on Supabase wasn’t feasible as it would have been too much work, and without Hasura, my productivity would have halved. It also didn’t seem mature enough. I even approached a regional IT company that offers application hosting. They found it too complex. So, I realized that Nhost had everything I needed. It’s open source, which means if things go completely sideways or if Nhost as a company ceases to exist, I could somehow manage on my own and not be totally lost.
The Migration
Since SunRocks was already using Hasura + PostgreSQL, the transition was straightforward. Create a project, get the CLI running, study Nhost’s directory structure a bit, and add the existing migrations. Up and running in 2 hours. PostgreSQL dump restored. Done.
Replacing Keycloak with Nhost Auth was trickier. I had an export from Keycloak, and creating users with all permissions in Nhost Auth was quickly done. However, replacing oauth2-proxy, which we had relied on to save work in the frontends (if only it had been that simple. If you encounter the proxy at any project, run fast), required a bit more effort to implement things like login, password reset, and page permissions. However, Nhost’s tooling and documentation are excellent, and no serious problems arose. The same goes for Nhost’s storage.
Services Replacement:
- Direct transfer of Hasura / PostgreSQL
- Central Node.js service with all business logic (triggered by Hasura events) replaced by Nhost Functions
- Worker for the job queues as Nhost Run Services
- Next.js-based frontends run on Vercel
- Headless website for the business (sunrocks.at) also built on Next.js
I can’t stress enough how awesome it is for a platform like Nhost to offer something like Run. Typical BaaS providers give you a set of services to start with, but usually have no option to run your own custom services in case you need to go beyond what they offer. Nhost Run is one of my favorite features about Nhost. It’s really amazing.
Performance Issues
When you’re used to having too much hardware, you get used to certain query times. Although we were doing well with Nhost’s Pro Plan for customers and partners, the performance for exports and reports in the Admin Center was not good enough. Thanks to the Nhost dashboard, however, you can easily configure every aspect. More CPU? More RAM? No problem. As someone averse to DevOps, this was particularly handy because the complexity is well hidden. Even the config file is tidy and understandable. The developer experience impressed me from day one. Even my client uses the dashboard to create users.
Duration
Since everything had to be done rather quickly, I probably worked a bit more than usual. Still, from the starting gun (Nhost project created) to the complete migration, it took less than two weeks. Add another 2 to 3 weeks for bug fixes and data adjustments, and the entire transition was completed in about a month. I was surprised at how smoothly and quickly everything went. The Discord support from Nhost was invaluable, often providing answers to questions within minutes during such a critical phase.
Conclusion
When a client’s website needs a customer portal, a partner dashboard, or any authenticated section, Nhost is our foundation. The public website runs on a modern CMS through our headless website services. Everything behind a login runs on Nhost.
The SunRocks migration proved that this stack handles real complexity. Over 60,000 policyholders, three separate portals, automated workflows. All running reliably on Nhost with minimal operational overhead.
If your project needs both a great public website and authenticated functionality, read more about how we work or get in touch.