Deploy Perl/Mojolicious to Europe β Real-Time Web Framework on EU Infrastructure in 2026
There is a version of the story of the modern internet that begins with Python and Node.js and treats everything before 2005 as prehistory. This version is wrong in a specific and important way: it misses the decade during which the web was built, maintained, and scaled by Perl. The CGI scripts that ran the early commercial web. The sysadmin tooling that kept Linux systems alive before Ansible existed. The bioinformatics pipelines that sequenced genomes at EMBL in Heidelberg before Python's scientific stack had matured. Perl did not disappear β it was absorbed into the infrastructure of European enterprises so deeply that many of the systems running today on German banking servers, Dutch logistics platforms, and British pharmaceutical databases began as Perl, and remain Perl because they work.
Mojolicious is what happens when someone who understands this history builds a modern web framework for Perl from scratch: not as a committee-designed specification document, but as a single developer's coherent vision of what Perl web development should look like in the 2020s. That developer is Sebastian Riedel π©πͺ, German software engineer and the creator of both the Catalyst web framework (2004) and Mojolicious (2010). Mojolicious is a real-time web framework with a built-in non-blocking HTTP and WebSocket server, zero required system dependencies beyond Perl itself, a powerful template engine (Mojo::Template), an HTTP client, and a command-line testing framework. It is the distillation of everything Riedel learned building and maintaining Catalyst β which powered a significant fraction of Perl web applications worldwide β minus the complexity that comes from design-by-consensus.
Mojolicious applications deploy to sota.io on EU infrastructure with full GDPR compliance. This guide shows how.
The European Perl Team
Sebastian Riedel π©πͺ β German software engineer β created Mojolicious in 2010 after a decade of work on Catalyst, Perl's modular MVC framework. Riedel's trajectory through the Perl ecosystem tracks the maturation of web development from CGI scripts to PSGI/Plack to full real-time frameworks. His first major contribution, Catalyst, was built to solve the composition problem: how do you build large Perl web applications from small, independent pieces, with a plugin ecosystem that makes the common cases easy without constraining the uncommon ones? Catalyst succeeded β it became the dominant Perl web framework for enterprise applications throughout the 2000s, and is still used in production by European banks, insurance companies, and government systems that cannot afford the disruption of a full rewrite.
Riedel's dissatisfaction with Catalyst was not with its plugin architecture but with its complexity: the cognitive load of understanding Catalyst's middleware stack, the number of dependencies a minimal application pulled in, the friction between the framework and the underlying PSGI specification. Mojolicious is his answer. It ships as a single distribution with no non-core dependencies β cpanm Mojolicious gives you a complete web framework without pulling in 200 indirect dependencies. The application starts up, serves requests through the built-in Hypnotoad HTTP server (a pre-forking non-blocking server written entirely in Perl), and scales to production workloads without a reverse proxy requirement, though nginx integration is straightforward.
Riedel's German origin is notable in the context of EU enterprise software. The German software industry has a long tradition of building on Perl: German banks have used Perl for decades for report generation, transaction processing scripts, and middleware integration; German logistics companies like Deutsche Post and DB Schenker have Perl codebases dating to the 1990s that remain in active use; the German bioinformatics community, centred on research institutes like DKFZ (Deutsches Krebsforschungszentrum, Heidelberg) and the Max Planck Institute for Biology, runs significant Perl infrastructure. Riedel built Mojolicious with this production context in mind: a framework that can be adopted incrementally, that interoperates with legacy Perl code, and that provides a smooth migration path from older CGI and mod_perl applications.
Dan Book πΊπΈ β American developer, "Grinnz" on CPAN β is one of Mojolicious's most prolific contributors, responsible for extensive documentation improvements, bug fixes, and the Minion job queue that ships alongside Mojolicious. Minion is a feature-rich, database-backed job processing system that supports PostgreSQL, SQLite, and MySQL backends β essential for EU backend workloads where background processing must be auditable, GDPR-compliant, and recoverable.
Jan Henning Thorsen π³π΄ β Norwegian developer β has contributed significantly to Mojolicious::Plugin::OpenAPI, the framework's OpenAPI/Swagger integration. Norway is an EEA (European Economic Area) member β GDPR applies directly. Thorsen's plugin brings formal API documentation and validation to Mojolicious: incoming requests are validated against an OpenAPI specification before they reach your route handlers, and responses are validated against the schema before they leave. For EU APIs that must demonstrate GDPR-compliant data handling in regulatory audits, having machine-readable API specifications that can be version-controlled and audited is increasingly essential.
Marcus Ramberg π³π΄ β Norwegian, former Catalyst core contributor, now at Futurice β has contributed to both Catalyst and the broader Perl ecosystem across the Norwegian EU-adjacent EEA legal space. The Nordic Perl developer community (Sweden, Norway, Denmark, Finland) represents a significant and technically sophisticated portion of the global Mojolicious user base, particularly in the healthcare and public sector domains where GDPR compliance is mandatory.
Why Perl/Mojolicious for EU Backends
The CPAN advantage for regulated industries. CPAN (Comprehensive Perl Archive Network) is one of the largest software repositories in the world, with over 200,000 distributions and 40+ years of contributions from European developers. For EU enterprise applications, CPAN provides mature, battle-tested modules for every compliance-relevant task: Crypt::JWT for JSON Web Token handling under GDPR Article 32 security requirements, DBD::Pg for PostgreSQL integration (the standard EU database), Crypt::OpenSSL::RSA for cryptographic key operations, Email::MIME for GDPR-compliant email processing, and POSIX::strftime for timezone-correct audit timestamps. These are not experimental libraries β they have been in production at European banks and government systems for decades.
Mojolicious's async HTTP server for real-time EU applications. Mojolicious ships with two built-in HTTP servers: Morbo (a development server with hot reloading) and Hypnotoad (a production-grade pre-forking non-blocking server). Hypnotoad implements graceful restarts β you can deploy new code without dropping a single connection β which is essential for EU payment systems and healthcare APIs where uptime SLAs are contractual obligations. The non-blocking architecture means a single Hypnotoad process can handle thousands of simultaneous WebSocket connections, making Mojolicious appropriate for real-time EU applications like order tracking, patient monitoring dashboards, and live analytics platforms.
#!/usr/bin/env perl
use Mojolicious::Lite -signatures;
# Middleware: GDPR audit log for all data access
hook before_dispatch => sub ($c) {
my $ip = $c->tx->remote_address;
app->log->info("Request: " . $c->req->url->path . " from $ip");
};
# Health check
get '/health' => sub ($c) {
$c->render(json => { status => 'ok', region => 'eu-de' });
};
# GDPR-compliant data endpoint
get '/api/data' => sub ($c) {
my $subject_id = $c->param('subject_id') // return $c->render(json => { error => 'subject_id required' }, status => 400);
my $db = $c->app->pg->db;
my $data = $db->query('SELECT * FROM personal_data WHERE subject_id = ? AND deleted_at IS NULL', $subject_id)->hash;
unless ($data) {
return $c->render(json => { error => 'not found' }, status => 404);
}
$c->render(json => $data);
};
# GDPR Article 17 β right to erasure
delete '/api/data/:subject_id' => sub ($c) {
my $subject_id = $c->stash('subject_id');
my $db = $c->app->pg->db;
$db->query('UPDATE personal_data SET deleted_at = NOW() WHERE subject_id = ?', $subject_id);
app->log->info("GDPR erasure: subject $subject_id deleted by " . $c->tx->remote_address);
$c->render(json => { status => 'erased' });
};
app->start;
Zero dependency installs for containerised EU deployments. Mojolicious's design philosophy β zero non-core dependencies β makes containerisation straightforward. A Mojolicious Docker image based on a minimal Perl base image, with Mojolicious installed via cpanm, produces a Docker image under 150MB. For EU organisations running container registries on-premise (a common requirement for classified public sector workloads), smaller images mean faster CI/CD pipelines and simpler audit trails.
Perl's strong typing of strings. Perl's string handling model, with Unicode support built in and explicit use utf8 encoding declarations, is well-suited for EU multilingual applications. German umlauts, French accents, Swedish and Finnish special characters, and Greek and Cyrillic scripts all work correctly in Perl with proper UTF-8 handling β a practical requirement for applications serving the EU's 24 official languages. Mojolicious handles encoding transparently, defaulting to UTF-8 for all HTTP responses.
Minion job queue for GDPR-auditable background processing. Mojolicious::Plugin::Minion provides a production-ready job queue built on PostgreSQL. EU backend applications that process personal data asynchronously β GDPR data subject access request exports, consent management email workflows, cross-border data transfer notifications β need an auditable job queue: one where you can answer "what job processed this data subject's request, when did it run, what did it do, and what was the result?" Minion stores all this in PostgreSQL. Jobs are retried automatically, failures are logged with full stack traces, and the queue state is inspectable via Minion's built-in web UI.
Bioinformatics and life sciences compatibility. The EU is home to some of the world's largest bioinformatics research institutions: EMBL (European Molecular Biology Laboratory, Heidelberg π©πͺ), EBI (European Bioinformatics Institute, Hinxton π¬π§), SIB (Swiss Institute of Bioinformatics, Geneva), and Elixir (the pan-European research infrastructure for biological data). All of these run significant Perl infrastructure. BioPerl, the foundational bioinformatics library, is one of the oldest and most widely-used CPAN distributions in academic research. Mojolicious applications that expose REST APIs over BioPerl pipelines β genome browsers, protein databases, clinical variant annotation services β can be deployed on sota.io with the data residency guarantees that EU research funders increasingly require.
Deploy Perl/Mojolicious on sota.io
sota.io runs on Hetzner infrastructure in Germany. Data stays in the EU by default. GDPR compliance is structural, not configurable. Mojolicious applications deploy as Docker containers.
Prerequisites
- sota.io account (sign up at sota.io)
- Docker installed locally
- Perl 5.26+ and cpanm installed
Step 1 β Create a Mojolicious application
# Install Mojolicious
cpanm Mojolicious
# Generate a full Mojolicious application
mojo generate app MyEUApp
cd my_eu_app
For a lightweight single-file app, use Mojolicious::Lite:
#!/usr/bin/env perl
# app.pl
use Mojolicious::Lite -signatures;
use Mojo::Pg;
# Connect to PostgreSQL (injected by sota.io as DATABASE_URL)
helper pg => sub { state $pg = Mojo::Pg->new($ENV{DATABASE_URL}) };
get '/' => sub ($c) {
$c->render(text => 'Mojolicious on EU infrastructure');
};
get '/health' => sub ($c) {
$c->render(json => { status => 'ok' });
};
app->start;
Step 2 β Containerise
FROM perl:5.38-slim
WORKDIR /app
# Install system dependencies for PostgreSQL driver
RUN apt-get update && apt-get install -y \
libpq-dev \
&& rm -rf /var/lib/apt/lists/*
# Install Mojolicious and PostgreSQL driver
COPY cpanfile .
RUN cpanm --notest --installdeps .
COPY . .
EXPOSE 8080
ENV MOJO_LISTEN=http://*:8080
# Use Hypnotoad for production (pre-forking non-blocking server)
CMD ["perl", "script/my_eu_app", "hypnotoad", "-f"]
# cpanfile
requires 'Mojolicious', '>= 9.0';
requires 'Mojo::Pg', '>= 4.0';
requires 'Mojolicious::Plugin::OpenAPI';
Step 3 β Deploy to sota.io
# Install sota CLI
curl -sSL https://sota.io/install.sh | sh
# Initialise project
sota init
# Deploy β builds Docker image, pushes to EU registry, starts service
sota deploy
# Check status
sota status
Your Mojolicious service is now running on Hetzner infrastructure in Germany. Traffic goes to your-project.sota.io over HTTPS automatically.
Step 4 β Connect PostgreSQL
# Provision a managed PostgreSQL instance
sota postgres create --name perl-db
# Get the connection string (injected as DATABASE_URL environment variable)
sota postgres env perl-db
Mojolicious's Mojo::Pg reads DATABASE_URL automatically:
helper pg => sub { state $pg = Mojo::Pg->new($ENV{DATABASE_URL}) };
# Use in route handlers:
get '/users' => sub ($c) {
my $users = $c->pg->db->query('SELECT id, email FROM users WHERE deleted_at IS NULL')->hashes;
$c->render(json => $users);
};
The managed PostgreSQL instance runs in the same Hetzner data centre as your Mojolicious service. No cross-region data transfer, no US Cloud Act exposure.
Mojolicious and the EU Enterprise Perl Ecosystem
Perl's EU presence is not historical curiosity β it is active infrastructure. The German banking sector runs Perl for batch processing, report generation, and inter-system middleware. German banks and financial institutions that operate under BaFin regulation have Perl codebases that predate Java EE and will outlast many of its successors; rewriting them is too expensive and too risky, so they are maintained, extended, and increasingly wrapped in Mojolicious REST APIs that expose legacy functionality to modern frontends.
Dutch logistics companies β the Port of Rotterdam is the largest port in Europe, and the logistics software ecosystem around it is significantly Perl-based β use Perl for EDI (Electronic Data Interchange) processing, shipment tracking, and customs documentation workflows. These applications handle personal data about employees, drivers, and customers, and must comply with GDPR. Mojolicious provides a migration path: existing Perl business logic can be exposed through a GDPR-compliant REST API without a full rewrite.
The European bioinformatics community is the world's largest concentrated user base of Perl in academic research. EMBL Heidelberg, EBI Cambridgeshire, DKFZ, Max Planck institutes, and the Elixir network collectively run thousands of Perl scripts and applications. As EU research funding bodies (DFG π©πͺ, ANR π«π·, NWO π³π±, UKRI π¬π§) increasingly require GDPR compliance for research data management plans, the ability to deploy Perl bioinformatics APIs on EU infrastructure with data residency guarantees becomes a practical requirement for research grant compliance.
Sebastian Riedel's Mojolicious gives all of these communities a coherent, modern, maintained path forward: take your existing Perl code, wrap it in a Mojolicious application with proper HTTP semantics, audit logging, and PostgreSQL persistence, and deploy it on sota.io with GDPR compliance built in. No rewrite required.
Comparison: Mojolicious vs Other EU Backend Options
| Feature | Mojolicious on sota.io | Node.js/Express on sota.io | Catalyst on sota.io | AWS Lambda (US) |
|---|---|---|---|---|
| Language | Perl 5 (mature, stable) | JavaScript | Perl 5 (MVC) | Any |
| Zero deps | Yes (Mojolicious only) | No (node_modules) | No (100+ deps) | No |
| Async I/O | Built-in (Hypnotoad) | Node.js event loop | Via Plack::Middleware | AWS-managed |
| WebSocket | Native | Via ws library | Limited | Via API Gateway |
| GDPR jurisdiction | EU (Hetzner, Germany) | EU (Hetzner, Germany) | EU | US jurisdiction |
| Legacy Perl compat | Full PSGI/Plack | N/A | Full PSGI/Plack | N/A |
| Job queue | Minion (PostgreSQL-backed) | Bull/BullMQ | Custom | SQS |
| Pricing | Flat rate | Flat rate | Flat rate | Per-request |
GDPR and Perl Backends
GDPR compliance for Mojolicious services on sota.io:
Data residency: All data processed by your Mojolicious service stays in Hetzner's German data centres. No automatic replication to US regions, no Cloud Act exposure.
Audit logging: Mojolicious's logging infrastructure (app->log) writes structured logs that can be forwarded to sota.io's log aggregation. Every data access event, every GDPR erasure request, and every consent change can be logged with the subject identifier, timestamp, and processing purpose.
Data protection by design (Article 25): Mojolicious's middleware system (hook before_dispatch) enables request-level GDPR controls: authentication verification, consent checking, and rate limiting before any personal data is accessed or returned.
Right to erasure (Article 17): Perl's DBD::Pg and Mojo::Pg make soft-delete patterns (setting deleted_at timestamps rather than physical deletion) straightforward. GDPR erasure workflows can be implemented as Minion jobs that run on a schedule, find all personal data for a given subject identifier, soft-delete it, generate an erasure certificate, and email confirmation β all auditable in PostgreSQL.
CPAN supply chain security: The EU Cyber Resilience Act (CRA) requires software vendors to track and remediate vulnerabilities in their dependency trees. CPAN's security model β all distributions are signed, cpanm verifies checksums, and the MetaCPAN security team issues advisories β provides a documented chain of custody for every Perl module in your application. cpan-audit scans your installed modules against the CPAN Security Advisory database, producing the SBOM documentation the CRA requires.
Why sota.io for Perl/Mojolicious
EU infrastructure by default. Hetzner Germany. No US region fallback. GDPR data residency without configuration.
Managed PostgreSQL. Provisioned in the same data centre as your Mojolicious service. Mojo::Pg connects via DATABASE_URL. Backups, failover, and version upgrades managed.
Zero DevOps. Push code, sota deploy, done. No Kubernetes clusters to manage, no ingress controllers, no TLS certificate renewal scripts.
Flat-rate pricing. Predictable cost without per-request metering. Suitable for regulated industries where budget predictability is a compliance requirement β which describes most EU enterprises currently running Perl.
German company. No US legal jurisdiction. No Cloud Act exposure. Data processing agreements under GDPR Article 28 with a German data processor.
Perl and Mojolicious represent one of the most significant untapped opportunities in EU cloud migration: the enormous installed base of European enterprise Perl applications that need GDPR-compliant hosting, a modern API layer, and a migration path that does not require a full rewrite. Sebastian Riedel's framework provides the API layer. sota.io provides the GDPR-compliant EU infrastructure. The combination makes EU Perl modernisation tractable.
Deploy your first Mojolicious service to EU infrastructure β