# Hetzner Cloud Setup Detailed guide for deploying OpenBoatmobile to Hetzner Cloud. ## Why Hetzner? | Spec | Hetznercx23 | DigitalOcean s-2vcpu-4gb | |------|-------------|-------------------------| | vCPU | 2 | 2 | | RAM | 4 GB | 4 GB | | Disk | 80 GB NVMe | 80 GB SSD | | Bandwidth | 20 TB included | 4 TB included | | **Price** | **€4.49/mo** | **$24/mo** | Hetzner is ~70% cheaper for equivalent specs. ## Create Hetzner Account 1. Go to [Hetzner Cloud](https://www.hetzner.com/cloud) 2. Sign up (email verification required) 3. Add a payment method ## Create API Token 1. Go to [Hetzner Console](https://console.hetzner.cloud/) 2. Click your project (or create one) 3. Navigate to **Security** → **API Tokens** 4. Click **Create API Token** 5. Name it (e.g., "openclaw-terraform") 6. Permissions: **Read & Write** 7. Copy the token immediately (shown onlyonce) ## Add SSH Key 1. In Hetzner Console, go to **Security** → **SSH Keys** 2. Click **Add SSH Key** 3. Paste your public key contents: ```bash cat ~/.ssh/id_ed25519.pub ``` 4. Give it a name you can remember (e.g., "laptop-2024") 5. Click **Add SSH Key** ## Choose a Location Hetzner locations: | Code | Location | Continent | |------|----------|-----------| | `nbg1` | Nuremberg | Europe | | `fsn1` | Falkenstein | Europe | | `hel1` | Helsinki | Europe | | `ash` | Ashburn, VA | North America | For US users: `ash` (Ashburn) has the best latency. ## Configure OpenBoatmobile ### Minimal Configuration In `terraform.tfvars`: ```hcl provider = "hetzner" server_name = "my-agent" server_type_hetzner = "cx23" location_hetzner = "ash" # These come from environment: # TF_VAR_hcloud_token # TF_VAR_venice_api_key # TF_VAR_ssh_key_names ``` ### Server Types | Type | vCPU | RAM | Disk | Price | |------|------|-----|------|-------| | cx22 | 2 | 4 GB | 40 GB | €3.79/mo | | **cx23** | 2 | 4 GB | 80 GB | **€4.49/mo** (recommended) | | cpx21 | 3 | 4 GB | 80 GB | €5.99/mo | | cpx31 | 4 | 8 GB | 160 GB | €8.99/mo | The cx23 is the sweet spot for OpenClaw: enough RAM for Node.js + LLM contexts, affordable price. ## Deploy ```bash # Load secrets source .env # Initialize (first time only) terraform init # Preview changes terraform plan # Deploy terraform apply ``` ## Post-Deployment Terraform outputs your server IP: ``` server_ip = "123.45.67.89" ssh_command = "ssh openclaw@123.45.67.89" # or "ssh hermes@123.45.67.89" for Hermes ``` ### Connect ```bash # Username is 'openclaw' or 'hermes' depending on framework ssh @123.45.67.89 ``` ### Check Cloud-Init Status On the server: ```bash # Check if cloud-init is still running cloud-init status # If waiting, you can watch progress: tail -f /var/log/cloud-init-output.log ``` ### Run OpenClaw Onboarding ```bash openclaw onboard --install-daemon ``` ### Verify Gateway ```bash systemctl status openclaw-gateway ``` ## Firewall Rules OpenBoatmobile creates a Hetzner firewall with: | Direction | Port | Source | |-----------|------|--------| | Inbound | 22 (SSH) | Configured IPs | | Outbound | All | Any | To restrict SSH to your IP: ```bash TF_VAR_ssh_allowed_ips='["your.public.ip/32", "another.ip/32"]' ``` ## Cleanup To destroy your deployment: ```bash terraform destroy ``` **Note:** This deletes the server and all data. Backup anything important first. ## Troubleshooting ### "API Token invalid" - Copy the token again (shown only once) - Check for trailing spaces in `.env` - Verify token has Read & Write permissions ### "SSH Key not found" - The key name must match exactly what you entered in Hetzner Console - Case-sensitive - Use the name, not the fingerprint ### Server shows but can't SSH - Wait 2-3 minutes for cloud-init - Check your IP is in `ssh_allowed_ips` - Verify the key is added to your agent: `ssh-add -l` ### Cloud-init stuck ```bash # On the server cloud-init status --wait # Or check logs tail -f /var/log/cloud-init-output.log ```