What Hetzner server size do I need for Hermes Agent?

A Hetzner CPX21 (3 vCPU AMD, 4 GB RAM) at €5.91/mo is the recommended starting size for one Hermes bot using a hosted model API. Bump to CPX31 if you run multiple bots or expect heavy traffic. Local model inference needs significantly more RAM and ideally a GPU box.

Does Hetzner block any ports needed by Hermes?

Hetzner blocks SMTP port 465 to fight spam. If your Hermes agent sends email, use port 587 instead. All other AI workload traffic is unrestricted.

How long does a self-hosted Hermes setup on Hetzner take?

About 30 minutes if you are comfortable with SSH and Docker. Provision the server (~2 min), install Docker (~5 min), pull the Hermes image (~3 min), write a config (~10 min), set up Caddy + DNS (~10 min). Add another 1-2 hours over the first month for monitoring, backup verification, and the first patch cycle.

Is self-hosting on Hetzner cheaper than managed Hermes hosting?

On infra alone, slightly: a CPX21 + Hetzner Backups runs about €7/mo vs $6/mo on managed Lite after the first-month $3 promo. The real cost gap is your time — managed includes SSL, monitoring, backups, security patches, and uptime guarantees that you replicate yourself on a VPS.

← All Guides

Self-Hosting Guide

Hermes Agent on Hetzner Cloud

How to deploy Hermes Agent on a Hetzner Cloud VPS — pick the right server, install Docker, run Hermes, and compare against managed hosting on OpenClaw Launch. About 30 minutes start to finish.

Why Hetzner

Hetzner Cloud has been the price-performance leader for self-hosted AI agents throughout 2026: a CX22 (2 vCPU, 4 GB RAM) starts at €4.51/mo, a CPX21 (3 vCPU AMD, 4 GB RAM) at €5.91/mo, and a CPX31 (4 vCPU AMD, 8 GB RAM) at €11.78/mo. The Ashburn (US-East), Hillsboro (US-West), Falkenstein, Nuremberg, and Helsinki regions all run Hermes well. Network egress is included up to 20 TB/mo.

The catch: SMTP port 465 is blocked, so if your Hermes agent sends email use port 587. Hetzner does not block any other AI workload traffic.

Pick the Right Server

Server	Specs	Price	Good For
CX22	2 vCPU Intel, 4 GB RAM, 40 GB	€4.51/mo	One Hermes bot, hosted models
CPX21	3 vCPU AMD, 4 GB RAM, 80 GB	€5.91/mo	Recommended start — comfortable headroom
CPX31	4 vCPU AMD, 8 GB RAM, 160 GB	€11.78/mo	Multiple bots or busy single bot
CPX41	8 vCPU AMD, 16 GB RAM, 240 GB	€26.18/mo	Local model inference (small models only)

Hermes itself is light — the model API is what costs CPU and RAM, and that runs on the provider's side. If you stick with OpenRouter or Anthropic for inference, a CPX21 handles a busy bot easily. Local model inference needs serious RAM and ideally a GPU server (Hetzner offers dedicated GPU boxes, not Cloud).

Provision the Server

Sign up at hetzner.com/cloud and create a project.
Add an SSH key (Settings → Security). Paste your ~/.ssh/id_ed25519.pub contents.
Create a server. Pick Ubuntu 24.04, choose the CPX21 size, attach your SSH key, name it hermes-1, and click Create.
Wait 30 seconds. Note the IPv4 address — you'll point a domain at it later.

Install Docker on Ubuntu

SSH into the box: ssh root@<your-ip>. Then install Docker from the official repo:

# Update apt
apt update && apt upgrade -y

# Install Docker
apt install -y ca-certificates curl gnupg
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
  gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) \
  signed-by=/etc/apt/keyrings/docker.gpg] \
  https://download.docker.com/linux/ubuntu noble stable" | \
  tee /etc/apt/sources.list.d/docker.list
apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Verify
docker run hello-world

Run Hermes Agent

Pull the official image and start a container with a persistent config volume:

# Create a host directory for config + memory
mkdir -p /opt/hermes/data
cd /opt/hermes

# Drop a minimal config
cat > config.yaml <<EOF
gateway:
  port: 3000
  auth:
    token: "$(openssl rand -hex 24)"
models:
  default: openrouter/anthropic/claude-sonnet-4.6
  providers:
    openrouter:
      apiKey: "${OPENROUTER_API_KEY}"
channels:
  telegram:
    enabled: true
    botToken: "${TELEGRAM_BOT_TOKEN}"
    dmPolicy: pairing
EOF

# Run it
docker run -d \
  --name hermes \
  --restart unless-stopped \
  -p 3000:3000 \
  -e OPENROUTER_API_KEY="sk-or-v1-..." \
  -e TELEGRAM_BOT_TOKEN="123:ABC..." \
  -v /opt/hermes/config.yaml:/app/config.yaml \
  -v /opt/hermes/data:/data \
  ghcr.io/nousresearch/hermes-agent:latest

Replace the API keys with your own. Logs are at docker logs -f hermes. The bot is now live on whichever Telegram bot you minted with @BotFather.

Add HTTPS with Caddy

If you want the web UI exposed at a custom domain, point a DNS A record to your server IP and run Caddy as a reverse proxy:

apt install -y caddy

cat > /etc/caddy/Caddyfile <<EOF
hermes.yourdomain.com {
  reverse_proxy localhost:3000
}
EOF

systemctl restart caddy

Caddy fetches a Let's Encrypt cert automatically. Hermes's gateway UI is now at https://hermes.yourdomain.com.

Backups + Monitoring

Hetzner Backups are an extra 20% on your server cost (~€1.18/mo for a CPX21) and cover daily snapshots with 7-day retention. Enable them under your server's Backups tab. For monitoring, Hetzner's built-in metrics show CPU, memory, and network — for application-level alerts, point Healthchecks.io or Better Uptime at https://hermes.yourdomain.com.

Self-Host vs Managed: Which Is Cheaper?

Pure infra cost: a CPX21 + Hetzner Backups + your time = ~€7/mo plus 1–2 hours of setup and ongoing maintenance (security patches, Docker updates, cert monitoring, log rotation, backup verification).

Managed Hermes hosting on OpenClaw Launch starts at $3/mo for the first month (then $6/mo) and includes everything above with no setup. Hermes models on managed infrastructure are live today; native Hermes framework hosting is in private beta.

Self-hosting wins on data sovereignty, local-model inference, and infinite customization. Managed wins on time-to-deploy, zero ops burden, and predictable cost.

Common Issues on Hetzner

SMTP outbound on 465 fails. Hetzner blocks port 465 to fight spam. Use SMTP_PORT=587 if Hermes sends email.
Container restarts on apt upgrade. Docker updates can restart running containers. Add --restart unless-stopped (above) and Hermes will come back up automatically.
Cloudflare 522 errors. If you're fronting with Cloudflare, add the server IP to your Caddy trusted_proxies list and ensure the firewall allows CF's edge IPs on 80/443.
Disk fills with Docker logs. Set log driver limits in /etc/docker/daemon.json: { "log-opts": { "max-size": "10m", "max-file": "3" } }.

Skip the Setup

Don't want to manage a VPS? Deploy Hermes-powered agents on managed infrastructure in 10 seconds at openclawlaunch.com/hermes-hosting from $3/mo. Auto SSL, monitoring, backups, and 99.9% uptime included.