DU
Digital Universe
Back to Blog
Tutorial2025-03-0510 min read

How to Set Up a Hetzner VPS from Scratch (2025 Guide)

Step-by-step overview of provisioning and configuring a Hetzner Cloud VPS. Covers server creation, initial access, and the essential first steps.

Getting Started with Hetzner Cloud

Setting up a VPS on Hetzner Cloud is straightforward, but there are important decisions to make at each step. This guide walks through the process and highlights the choices that matter.

Step 1: Create Your Hetzner Account

Sign up at Hetzner Cloud. You'll need:

  • A valid email address
  • Payment method (credit card or PayPal)
  • Identity verification (may require passport/ID for new accounts)

Step 2: Choose Your Server

Navigate to the Cloud Console and click "Add Server."

Location: Choose based on your users' geography.

  • Helsinki (eu-central) — Our recommendation for most use cases. Good connectivity to both Europe and US East Coast.
  • Ashburn (us-east) or Hillsboro (us-west) — For US-focused workloads.

Image (OS): We recommend Ubuntu 24.04 LTS. It has the broadest community support and the most up-to-date packages.

Server Type: For a self-hosted stack (Coolify + Mailcow + apps), the CPX42 is our sweet spot:

  • 8 AMD vCPUs
  • 16 GB RAM
  • 240 GB NVMe SSD
  • 20 TB transfer
  • $21.99/month

Step 3: SSH Keys

Always use SSH key authentication. During server creation, add your public key.

If you don't have one yet:

ssh-keygen -t ed25519 -C "your_email@example.com"

Copy the public key (~/.ssh/id_ed25519.pub) and paste it into the Hetzner SSH key field.

Step 4: First Login

Once the server is provisioned (usually under 30 seconds), SSH in:

ssh root@YOUR_SERVER_IP

Step 5: Essential First Steps

These are the minimum steps every server needs:

1. Update the system

apt update && apt upgrade -y

2. Create a non-root user

adduser deploy
usermod -aG sudo deploy

3. Set up SSH for the new user

mkdir -p /home/deploy/.ssh
cp ~/.ssh/authorized_keys /home/deploy/.ssh/
chown -R deploy:deploy /home/deploy/.ssh

4. Harden SSH — Change the default port, disable root login, disable password auth.

5. Configure the firewall — Only allow the ports you need.

6. Install fail2ban — Automatic banning of brute-force attempts.

What Comes Next

After these basics, you'll want to:

  • Install Docker and Docker Compose
  • Set up Coolify for app deployment
  • Configure DNS and SSL
  • Optionally set up Mailcow for email

Each of these steps has nuances and common pitfalls. Our complete setup guide covers every step in detail, including the exact commands, configurations, and the gotchas we discovered running this setup in production.

Common Mistakes to Avoid

  • Don't skip SSH hardening — Bots will find your server within minutes
  • Don't use password authentication — Key-only is non-negotiable
  • Don't run everything as root — Create a dedicated user
  • Don't forget to configure the firewall — An open server is a compromised server
  • Don't use the default SSH port — Changing it eliminates 99% of automated attacks
#hetzner#vps#setup#tutorial#beginner

Want the Complete Setup Guide?

This blog post covers the basics. Our premium guide includes step-by-step commands, exact configurations, and the solutions to every gotcha we encountered.

Read Free GuideGet Full Access

Related Articles

Tutorial

Docker on Hetzner: A Complete Beginner's Guide

2025-02-10 · 10 min

Tutorial

How to Deploy Next.js on a Hetzner VPS

2025-01-20 · 8 min

Tutorial

Migrating from Shared Hosting to a Hetzner VPS

2024-12-28 · 9 min