StackPatch is liveSee product

Back to StackPatch
Integration · Hetzner Cloud VPS

StackPatch on a Hetzner Cloud VPS

We run the live demo at /patch/audit/mss-vps on a Hostinger VPS, but the install + agent works identically on Hetzner Cloud. Default Hetzner Cloud distros: Ubuntu 24.04, Debian 12, Rocky Linux 9, AlmaLinux 9, Alpine 3.21. Control panel: Hetzner Cloud Console.

Install

# free anonymous quickscan
curl https://mindsparkstack.com/scan.sh | bash

# paid agent install (requires founder seat)
curl -fsSL https://mindsparkstack.com/install.sh | sudo bash -s -- --token spt_...

Source plain text at /scan.sh and /install.sh — read before piping.

Hetzner Cloud-specific notes

Best price/performance for indie SaaS

Hetzner Cloud offers the cheapest 2-vCPU / 8GB-RAM / 80GB-NVMe in the indie tier (~€7/mo CX21). For a single-VPS StackPatch deployment running 1-3 servers, this is the cheapest credible option in 2026.

Firewalls (Hetzner-side)

Hetzner Firewalls work at the network layer above the VM. Configure them in console.hetzner.cloud → Firewalls. Mirror the StackPatch baseline: 22 (preferably restricted to your IP range), 80, 443.

No bundled malware scanner

Hetzner doesn't run on-host or external malware scanning by default. They will email you about outbound abuse complaints (high bounce rate, spam) but won't auto-stop the VM. Self-managed security model.

EU data residency

Hetzner data centers are in Germany and Finland. If your customers care about EU data residency for GDPR purposes, this is a real differentiator vs US-based providers.

Recovery via hcloud CLI / API

curl -X POST -H "Authorization: Bearer $HCLOUD_TOKEN" "https://api.hetzner.cloud/v1/servers/{id}/actions/power_on" — clean REST API. Token at console.hetzner.cloud/projects/<project>/security/tokens.

Hetzner Cloud's default has UFW disabled

StackPatch's install script doesn't modify firewall rules. Wire it yourself if you haven't:

sudo ufw default deny incoming
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Other VPS providers

HostingerDigitalOcean

Don't see your provider? StackPatch is provider-agnostic — it works on any Linux VPS (Linode, Vultr, Contabo, AWS Lightsail, Oracle Cloud free tier, etc). The agent is distro-aware, not provider-specific.

Free quickscan, no signup, 5 seconds

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan See StackPatch ($99 lifetime)Full pillar guide