Guide
Hermes Agent on a VPS: Self-Host Hermes Anywhere
Hermes Agent ships as a Docker image and runs on any Linux VPS. Self-hosting gives you full control over your data, infrastructure costs, and configuration — at the cost of managing the setup yourself.
Why Self-Host Hermes?
Most Hermes users are best served by OpenClaw Launch — managed hosting with zero-ops deploys, automatic updates, and included AI credits. But self-hosting makes sense when:
- You need data to stay within a specific jurisdiction or on hardware you control
- You want to run Hermes on existing infrastructure you already pay for
- You need custom network routing, firewall rules, or VPN integration
- You want to run Hermes alongside a local Ollama or other private model server
- You have technical requirements that the managed platform does not cover
Recommended VPS Specs
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 1 vCPU | 2 vCPU |
| RAM | 2 GB | 4 GB |
| Disk | 10 GB | 20 GB |
| OS | Ubuntu 22.04 LTS | Ubuntu 24.04 LTS |
These specs comfortably run the Hermes Docker image, the optional dashboard process, and have headroom for memory-backed vector search if you use Hermes's session memory feature. Providers like Hetzner, DigitalOcean, and Linode all offer 2 vCPU / 4 GB instances in the $6–$12/month range.
Step 1: Install Docker
Hermes Agent runs as a Docker container. Install Docker on your VPS:
# On Ubuntu 22.04 / 24.04
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
# Log out and back in for group changes to take effectVerify Docker is working: docker run hello-world
Step 2: Pull the Hermes Image
The Hermes Agent image is hosted on GitHub Container Registry (GHCR). Always pin to a specific version tag rather than :latest to avoid unexpected behavior from auto-updates:
# Pull a specific pinned version (check the upstream repo for the
# current recommended tag — never use :latest in production)
docker pull ghcr.io/nousresearch/hermes-agent:YYYY.M.DD
# Verify the image is available
docker images | grep hermes-agentFind the current recommended image tag in the upstream Hermes repository.
Step 3: Create a Persistent Data Volume
Hermes stores its configuration, session credentials, and memory data at /opt/data inside the container. Mount a host directory there to persist data across container restarts and updates:
# Create a directory on the host for Hermes data
mkdir -p /home/$USER/hermes-data
# The volume mount in your docker run command:
# -v /home/$USER/hermes-data:/opt/dataWithout a persistent volume, Hermes configuration, WhatsApp/WeChat sessions, and memory data are lost every time the container is replaced.
Step 4: Run the Container
Start Hermes with your persistent data volume, the required environment variables, and the ports it needs:
docker run -d \
--name hermes-agent \
--restart unless-stopped \
-v /home/$USER/hermes-data:/opt/data \
-p 3000:3000 \ # Gateway port (Telegram/Discord/WhatsApp adapter)
-p 9119:9119 \ # Hermes web dashboard
-e OPENROUTER_API_KEY=sk-or-... \
ghcr.io/nousresearch/hermes-agent:YYYY.M.DD \
hermes gateway runReplace YYYY.M.DD with the pinned version tag you pulled. The gateway runs on port 3000; the web dashboard runs on port 9119. The dashboard process may need to be started separately via docker exec — consult the upstream README for the exact startup procedure.
Step 5: Configure Provider and Model
After the container is running, set your inference provider and default model:
docker exec hermes-agent hermes inference set openrouter
docker exec hermes-agent hermes model set anthropic/claude-sonnet-4.6Or edit /home/$USER/hermes-data/config.yaml directly and restart the container. See the model-specific guides for other provider options: Anthropic, DeepSeek, Grok, and others.
Firewall and Network Setup
For production self-hosted Hermes:
- Restrict port 9119 (dashboard) to your own IP with a firewall rule — this port should not be publicly accessible.
- Put a reverse proxy in front of port 3000 if you need HTTPS for your gateway domain. Caddy and nginx are both good options.
- Enable UFW or your provider's firewall to limit incoming traffic to only the ports you need.
Updating Hermes
To update Hermes to a new version, pull the new image tag and recreate the container. Your data volume persists:
docker pull ghcr.io/nousresearch/hermes-agent:NEW.VERSION.TAG
docker stop hermes-agent
docker rm hermes-agent
# Re-run the docker run command with the new tagSelf-Hosted vs OpenClaw Launch
| Self-Hosted VPS | OpenClaw Launch | |
|---|---|---|
| Cost | VPS cost + per-token API costs | From $3/mo with AI credits included |
| Setup time | 30–60 minutes | 10 seconds |
| Maintenance | You manage updates, restarts, backups | Fully managed |
| Data control | Complete — your hardware | Encrypted, EU/US cloud hosting |
| Deploy speed | Minutes (cold start) | ~10 seconds (warm pool) |
| Scaling | Manual VPS resize | Automatic |
For most individuals and small teams, OpenClaw Launch offers a significantly better experience at comparable or lower total cost. Self-hosting is the right choice when you have specific data residency, integration, or operational requirements that managed hosting cannot meet.
What's Next?
- Install Hermes Agent — Full installation walkthrough including Docker prerequisites
- Deploy Hermes Agent — Deployment patterns for different environments
- Hermes Agent + MCP — Extend self-hosted Hermes with MCP tool servers
- Hermes Agent + Anthropic — Configure Claude on your self-hosted instance