仅欧洲替代方案 Heroku (Salesforce).
Heroku is the original developer-first PaaS, acquired by Salesforce in 2010 and now part of Salesforce.com Inc. Salesforce is a US corporation, Heroku's default region is in the US, and the EU "Common Runtime" lives in AWS Ireland — meaning your Heroku app is on AWS infrastructure with Salesforce as the contractual processor. Both layers are US-jurisdictional. The sovereign alternative is straightforward: a self-hosted PaaS like Coolify or Dokku on EU infrastructure, or a fully-managed equivalent operated by an EU partner.
"欧盟区域"不等于主权。四个问题决定一切。
数据驻留告诉你数据在哪里。主权告诉你哪个法律体系可以强制访问。四个答案都必须成立——否则该技术栈就不主权。
数据物理存储在哪里?
不是"在云中"——而是哪个数据中心、在哪个国家、受哪个司法管辖区管辖。
您的数据路径中还有谁?
每一个接触数据的供应商:CDN、邮件中继、错误追踪、分析管道。
哪些法律可以强制披露?
美国总部的供应商受 FISA 702 和 CLOUD Act 管辖——即使数据存放在法兰克福。
谁实际持有加密密钥?
如果云供应商同时持有数据和密钥,无论 DPA 如何,他们都能读取数据。
在司法管辖权和密钥托管上失败。
欧盟数据、美国母公司、默认路径中的美国次级处理者、供应商管理的密钥。
四项全部通过。
托管在欧盟、由欧盟总部基础设施提供。默认路径中零美国次级处理者。客户持有或欧盟 KMS 密钥。在您的第 28 条 DPA 中按名称列出。
为什么团队正在退出 Heroku (Salesforce)
Heroku exits we have run come from three triggers: a customer audit (B2B SaaS) flagging the AWS-Ireland-via-Heroku data path as Schrems II–exposed, the discontinuation of free dynos in 2022 forcing a cost reassessment, or a strategic decision to remove the double provider chain (Salesforce → AWS) which complicates DPA management. Heroku's value is the developer experience; modern alternatives like Coolify, Dokku, Caprover and Railway-on-Hetzner reproduce 90% of that DX on EU infrastructure.
Heroku (Salesforce) 服务及其仅欧盟等效方案
迁移不是"换一个盒子"。下面的映射是我们为离开以下平台的客户运行的 Heroku (Salesforce) 基于 Schrems II — 完全欧盟司法管辖权,数据路径中没有美国母公司。
| Heroku (Salesforce) 服务 | 仅欧盟替代方案 | 工程说明 |
|---|---|---|
| Dynos (web/worker) | Coolify on Hetzner, Dokku on OVH, Scaleway Serverless Containers | Coolify gives near-identical Heroku DX (git push deploys, one-click apps) on EU infrastructure. Bills typically 60-80% lower than Heroku for equivalent compute. |
| Heroku Postgres | OVH Managed PostgreSQL, Aiven, self-managed PostgreSQL with PgBouncer | Logical replication enables zero-downtime cutover. Heroku Postgres backups can be downloaded as standard pg_dump and restored anywhere. |
| Heroku Redis | OVH Managed Redis, Aiven Redis, self-managed Redis | Standard Redis API; migration via SLAVEOF or RDB transfer. |
| Heroku Connect (Salesforce sync) | Self-built sync via Salesforce REST API, n8n self-hosted, or Pipedream EU | For teams keeping Salesforce CRM, the sync layer rebuilds; for teams replacing Salesforce, this concern goes away. |
| Add-ons marketplace | Direct vendor relationships with EU equivalents (Mailpace for SendGrid, Plausible for Mixpanel, etc.) | Heroku's add-on convenience is the biggest DX loss; direct vendor management is the trade-off for sovereignty. |
| Pipelines (review apps, CI/CD) | GitLab CI EU, Forgejo Actions, GitHub Actions self-hosted on EU runners | Coolify supports preview environments per branch. |
| Heroku Buildpacks | Cloud Native Buildpacks (Paketo), Dockerfile, nixpacks (used by Coolify) | Most Heroku apps deploy unchanged via Cloud Native Buildpacks on Coolify. |
| Logplex / Logging | Self-hosted Loki + Grafana on EU compute, Papertrail EU instance (US-parent — flag) | Loki is the standard pattern; aggregates logs from all containers. |
| Heroku CI | GitLab CI, Forgejo Actions on EU runners | GitLab CI on a self-hosted EU runner is the production-grade replacement. |
| Heroku Private Spaces | Hetzner private networks, OVH vRack, AWS-VPC-equivalent on EU sovereign stack | The "Private Spaces" concept is a VPC by another name; standard EU networking handles it. |
| SSL / domains | Let's Encrypt via cert-manager or Caddy on Coolify, EU registrar (TransIP, Hetzner, OVH) | Domain transfer is a registrar change; SSL is automated by all modern PaaS alternatives. |
我们如何迁移离开 Heroku (Salesforce)
典型的中端市场迁移分三个阶段进行。以下数字假设一个 6-10 人的工程团队和中等复杂的应用程序技术栈。
PaaS choice + dependency map
Decide on the EU PaaS (Coolify is our default for Heroku-style DX; Dokku for minimalists; managed offering from Binadit for hands-off teams). Inventory Heroku apps, dynos and add-ons.
Database + add-on swap
Heroku Postgres replicated to EU managed PostgreSQL with logical replication. Each add-on replaced with EU equivalent (one-by-one to control risk). Logging migrated to Loki.
Application cutover
Apps redeployed on Coolify with the same buildpacks. DNS cutover with low TTL window. Heroku app archived after a verification period.
5-year TCO on Heroku exits: 60–85% cheaper. Heroku's pricing model (per-dyno, per-add-on, per-database tier) compounds quickly; Coolify on Hetzner replaces a typical $500-2000/month Heroku bill for $30-80/month in raw infrastructure plus the managed-partner fee if you don't want to operate the PaaS yourself.
常见问题
Is Heroku's EU region sufficient for GDPR?
Residency only. Heroku's "Common Runtime" EU region runs in AWS Ireland — that is two layers of US-controlled processors (Salesforce as the immediate contracting party, AWS as the underlying infrastructure). The CLOUD Act analysis applies to both. For Schrems II–strict workloads, Heroku EU is not sufficient.
Will we lose the Heroku DX?
Coolify reproduces git-push deploys, one-click app templates, preview environments per PR, automated SSL, environment variables, and per-branch deploys. The DX is genuinely close. The main loss is the add-on marketplace; you swap that for direct vendor relationships, which is more manageable than Heroku marketing suggests.
What about Heroku Connect for Salesforce sync?
If you're keeping Salesforce CRM, Heroku Connect needs to be rebuilt (REST/Bulk API + queue). If you're also moving off Salesforce — which is increasingly common in Schrems II–driven exits — this concern disappears.
Can we use Coolify ourselves or do we need help?
Many teams self-host Coolify successfully on a single Hetzner VM. For multi-tenant production scenarios — multi-environment, blue-green, secrets management — a managed-partner setup makes sense. We deploy and operate Coolify clusters for clients.
How long does a Heroku exit take?
For a small workload (1–3 apps, 1 Postgres, a few add-ons): 1–2 weeks. For a multi-app enterprise Heroku setup with Private Spaces and Heroku Connect: 6–10 weeks. Heroku's app surface is intentionally simple, which makes the migration mostly a choreography exercise.
What about Render or Railway as Heroku alternatives?
Both are US-headquartered, so they don't solve the sovereignty question — they just shift it. We have a separate /alternatives/render page covering Render specifically. For sovereign EU PaaS, Coolify, Dokku and managed offerings on EU infrastructure are the answer.