Free Resource
The Best Hetzner VPS Configuration — Our Recommended Setup
Everything we learned from building production infrastructure on Hetzner Cloud. This is the “what” and “why” — the step-by-step “how” is in our paid guide.
Why Hetzner
Hetzner Cloud offers the best price-to-performance ratio in the VPS market. While AWS, DigitalOcean, and Linode charge premium prices, Hetzner delivers AMD EPYC processors, NVMe SSDs, and generous bandwidth at a fraction of the cost.
For context: a comparable setup on DigitalOcean would cost $64/month for compute alone. Add managed email, SSL, and a deployment platform, and you're easily at $100+/month. On Hetzner with our recommended stack, the total cost is approximately $26/month — including automated backups.
Hetzner operates GDPR-compliant data centers in Germany, Finland, and the US (Ashburn, VA and Hillsboro, OR). Their Finnish data center (hel1-dc2) offers excellent latency to both European and North American users.
Which VPS Plan to Choose and Why
CPX42
Recommended Plan
8 vCPU
AMD EPYC Genoa
16 GB
RAM
320 GB
NVMe SSD
We recommend the CPX42 at $21.99/month. This gives you enough headroom to run Coolify (your deployment platform), Mailcow (a full email stack with 18+ Docker containers), and multiple web applications simultaneously.
The CPX series uses shared AMD EPYC Genoa vCPUs — the performance is excellent for web workloads. With 20TB of included bandwidth per month, you won't hit transfer limits unless you're serving massive file downloads.
Smaller plans (CPX11 or CPX21) can work for a single app, but Mailcow alone recommends 6GB+ RAM. The CPX42 gives you room to grow without resizing later.
OS Selection
We recommend Ubuntu 24.04 LTSfor its long-term support (until 2029), extensive package availability, and first-class Docker support. It's the most commonly supported OS for both Coolify and Mailcow installations.
AlmaLinux and Rocky Linux are also excellent choices if you prefer RHEL-based systems, but some setup steps will differ. Our paid guide covers Ubuntu specifically.
Initial Server Hardening Checklist
Before installing any software, your server needs to be locked down. Here's what our setup covers:
The exact commands and configurations for each step are in the paid guide.
Recommended Software Stack Overview
Docker + Docker Compose
Container runtime
Everything runs in containers for isolation and easy management.
Coolify v4
Deployment platform (replaces Vercel)
Self-hosted PaaS with Git push deploys, automatic SSL, and preview deployments.
Mailcow
Email server (replaces email providers)
Full email stack with Postfix, Dovecot, SOGo webmail, and anti-spam.
Let's Encrypt
SSL certificates
Free, automatically renewed TLS certificates for all your domains.
UFW + fail2ban
Firewall & intrusion prevention
Network-level security with automatic IP banning for brute-force attempts.
Nginx (via Mailcow)
Reverse proxy
Routes traffic to the correct service based on domain name.
Architecture Overview
Internet │ ├── Port 80/443 ──→ Mailcow Nginx (SSL termination) │ ├── coolify.yourdomain.com ──→ Coolify (port 8080) │ ├── mail.yourdomain.com ──→ Mailcow Web UI │ └── app.yourdomain.com ──→ Coolify → Your Apps │ ├── Port 25/465/587 ──→ Mailcow Postfix (SMTP) ├── Port 993/995 ──→ Mailcow Dovecot (IMAP/POP3) │ └── Port 2222 ──→ SSH (key auth only)
The key architectural challenge: both Coolify and Mailcow want to own ports 80 and 443. Our setup solves this with a non-standard reverse proxy configuration that isn't documented anywhere online. Full solution is in the paid guide.
Cost Comparison
| Service | Traditional | Our Stack |
|---|---|---|
| VPS Hosting | $48-64/mo | $21.99/mo |
| Deployment Platform | $20/mo | $0 (Coolify) |
| Email Hosting | $5-15/mo | $0 (Mailcow) |
| SSL Certificates | $0-10/mo | $0 (Let's Encrypt) |
| Automated Backups | $5-10/mo | ~$4.40/mo |
| Total | $78-99/mo | ~$26.39/mo |
Ready to build your own?
Get the complete step-by-step guide with every command, configuration file, and troubleshooting tip — or let us set it up for you.