Self-hosting isn't scary: a practical guide with Coolify and Hetzner

In my Do better post, I promised a guide on self-hosting. This is that guide.

I’ve been self-hosting for over 8 years now. It started with a DigitalOcean VPS, moved to Hetzner auction servers and some old desktop towers that were collecting dust with Coolify, and today I run three dedicated servers that host everything from the blog you’re reading, to the BeerJS and WhatTheStack websites, to ticket management systems, automation workflows, CMS instances, sync solutions, and a bunch of personal tools. Total cost: about 40 EUR/month.

For context, that’s likely less than what a single Vercel Pro seat costs once you factor in bandwidth overages on a few active projects. And I’m running a few dozens of services, apps and websites.

If you’re comfortable deploying to Vercel or Netlify but avoid self-hosting because it sounds hard, this post is for you. And I promise, it’s not as hard as you’ve been led to believe. It’s different, it comes with its own set of challenges, but it’s not hard.

What finally pushed me over the edge was the narrative. “Focus on shipping, leave the infrastructure to us.” It’s a trap, and it always has been a trap. Most infra work isn’t something you bother with every day - not for the vast majority of apps. Not everyone needs AWS scale. Or AWS reseller scale, for that matter.

The fear

Let’s address this head-on. The common objections I hear:

“I don’t want to manage servers.” You’re not managing servers in the traditional sense. You’re clicking buttons in a dashboard. Coolify handles Docker, reverse proxying, SSL, and deployments for you.
“What about security?” Valid concern. But you’re already trusting a third party with your code, your environment variables, and your users’ data. Self-hosting means you control that. Updates are your responsibility, sure, but they’re also a sudo apt update && sudo apt upgrade away. And you can automate them (although that’s not always a great idea).
“What about uptime?” I’ve had less downtime on my Hetzner and local boxes than I’ve experienced from cloud platform outages. Hetzner’s network is solid and dedicated hardware doesn’t share resources with noisy neighbors. Plus, the servers I run on my residential connection haven’t been much of an issue either - I get around 98% uptime on them.
“I don’t know Linux.” You know how to use a terminal. You npm install things. You can ssh into a box and run a script. That’s 90% of what you need. Plus, LLMs help - they are fairly capable with all things linux and can make your life significantly easier.

The reality is, if you can deploy a Next.js app to Vercel, you can deploy anything to Coolify. The DX isn’t the same - but the flexibility is on a different scale. Still, the most common pattern - push to git, build and deploy - works as you’d expect. SSL is automatic. Domains require some DNS setup (a one time thing).

The stack

Here’s what I’m running:

Hetzner auction servers

Hetzner’s Server Auction sells refurbished dedicated servers. When Hetzner introduces newer hardware, the older generation goes to auction. No setup fees, no minimum contract, cancel anytime.

I run one auction server (the other two in my setup are home boxes). A typical auction server looks something like:

Intel i7-6700 or i7-7700, 32-64GB DDR4, 2x 512GB NVMe
Around 40 EUR/month (there are more expensive options of course, but the 40ish range is the sweet spot IMO).
1 Gbit/s port with unlimited traffic

That’s dedicated hardware. Not a VPS, not a shared instance. The whole machine is yours.

The auction stock fluctuates, so specific configs aren’t always available. If you want to track prices, Server Radar is useful.

When you order an auction server, it arrives in rescue mode within minutes. You install your OS (Ubuntu in my case), SSH in, and you’re off.

Home servers

In addition to the Hetzner box, I run two servers on my residential connection (500 Mbps) - hardware I had lying around that was collecting dust:

An Intel Core i7 (5th gen) with 32GB RAM
An AMD Ryzen (2nd gen) with 32GB RAM

These connect to the outside world via Cloudflare Tunnels, which means no port forwarding, no exposed home IP, and no fiddling with dynamic DNS. You install the cloudflared daemon on the machine, it establishes an outbound connection to Cloudflare’s edge, and traffic flows through that tunnel. Coolify documents this setup if you want to go this route.

The upside is obvious: free compute from hardware you already own. The downside is that your uptime is tied to your ISP and your power supply. In practice, it’s been fine - I keep non-critical services on these boxes and anything that needs to be rock-solid lives on Hetzner.

Coolify

Coolify is the glue that makes all of this feel like a managed platform. It’s an open-source, self-hosted PaaS - think Vercel/Netlify/Heroku, but running on your own hardware.

What it does:

Git-based deployments - connect your GitHub/GitLab/Gitea repos, push to deploy. Webhooks, auto-deploy on branch push, the whole thing.
Reverse proxy - Traefik handles routing, load balancing, and SSL termination. You set a domain, Coolify configures Traefik automatically.
Automatic SSL - Let’s Encrypt certificates, requested and renewed automatically. Set your domain with https:// and forget about it.
One-click services - 280+ services you can deploy with a click. Databases (Postgres, MySQL, Redis, MongoDB), analytics (Plausible, Umami), CMS platforms (Ghost, WordPress), automation tools (n8n), and more. This list grows weekly, and even if a service isn’t listed, you might be able to find pre-existing docker compose setups from the community.
Multi-server management - manage all your servers from one dashboard via SSH. I manage all three of my servers from a single Coolify instance.
Docker under the hood - everything runs in containers. If it has a Dockerfile, Coolify can deploy it. If it doesn’t, Nixpacks auto-detects your stack and builds one for you.

Coolify is free and open-source for self-hosted use. There’s a Coolify Cloud option at $5/month if you want managed updates (which I’m using). I could have self-hosted coolify too, but I like supporting the effort.

Cloudflare for DNS and CDN

I use Cloudflare in front of everything for DNS management and CDN caching. The free tier is more than enough. Point your domain’s nameservers to Cloudflare, create A records pointing to your Hetzner server IPs, and you’re done. Cloudflare’s proxy gives you an extra layer of DDoS protection and caches static assets at the edge.

One thing to watch out for: if you’re using Cloudflare’s proxy (the orange cloud), Let’s Encrypt HTTP challenges can fail. Either use DNS challenge for SSL in Coolify, or set Cloudflare’s SSL mode to “Full (strict)” and let Coolify handle the origin cert.

Backups

Automated S3-compatible backups. Coolify has built-in backup scheduling for databases - you configure an S3 endpoint (I use a mix of providers), set a schedule, and it handles the rest. For application data, I use a combination of Coolify’s backup features and some cron jobs that push to S3.

The key thing: backups are automated.

Setting it up from zero

1. Get a server

Go to Hetzner’s auction page, pick a server that fits your budget and order it. You’ll have access within minutes.

If you’re just experimenting, a Hetzner Cloud VPS works too - CX22 at ~4 EUR/month is enough to try Coolify with a few small services. In fact, any VPS would work, as long as you can SSH into it.

2. Install the OS

Boot into rescue mode, install the latest Ubuntu LTS (or a linux flavour of your choice), and SSH in. Hetzner’s installimage tool makes this easy.

3. Install Coolify

curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash

Yes, it’s a curl-pipe-to-bash. I know. If that makes you uncomfortable, read the script first. It’s not doing anything weird.

That’s it. Coolify installs Docker, sets up Traefik, and starts the dashboard. Open http://your-server-ip:8000 in your browser to complete the setup.

Alternatively, get the managed version of Coolify, which allows you to skip a portion of this step. You’ll get an up-and-running coolify instance which you can point towards your server.

4. Point your domain

In Cloudflare (or your DNS provider), create an A record pointing your domain to the server IP. If you’re using Cloudflare’s proxy, make sure SSL mode is set to “Full (strict).“

5. Deploy something

In the Coolify dashboard:

Create a project (organizational container)
Add a resource - pick “Public Repository” if you want to test with a GitHub repo
Set the domain (e.g., https://myapp.example.com)
Click deploy

Coolify clones the repo, detects the framework, builds a Docker image, starts the container, configures Traefik routing, and requests an SSL certificate. Your app is live.

For GitHub integration with auto-deploy on push, set up a GitHub App in Coolify’s settings. After that, every push to your configured branch triggers a build and deploy automatically. Same workflow as Vercel, just on your hardware. And no egress magic ;)

What I actually host

To give you a sense of what’s possible on a single Hetzner server at 40 EUR/month:

This blog (Astro, static)
The entirety of Axiomatic - that’s all the apps we’re building, website, docs sites.
BeerJS Skopje website
WhatTheStack conference website and related apps
A ticketing system (hi.events)
An ActualBudget instance
A NextCloud instance
An OpenWebUI instance
A Searxng instance
Umami analytics
N8N
Stirling PDF
ConvertX

And a bunch of other stuff too. But I think it gets the point across.

Each of these is a separate container, with its own domain, its own SSL cert, and its own deployment pipeline. Coolify manages all of it through one dashboard.

The honest parts

Of course, this isn’t all rainbows and butterflies. Let’s have a look at some of the trade-offs.

The initial setup has a learning curve

Not in Coolify itself - that part is straightforward. The curve is in understanding the fundamentals: how DNS works, what a reverse proxy does, how Docker networking behaves, what SSH keys are for. If you’ve been on managed platforms your whole career, these concepts might be new.

Still, the best way to get acquainted with the ideas is by playing with them. Reading about them can only get you so far.

Updates are your problem

On Vercel, you don’t think about security patches (although, they’ve had their fair share of security issues regardless - nothing is perfect). On your own server, you do. This means:

OS updates (e.g. sudo apt update && sudo apt upgrade - do it regularly)
Coolify updates (one click in the dashboard, but you should read the changelog; Automated for the managed version)
Docker image updates for your services
Keeping an eye on security advisories - Coolify had some serious CVEs in January 2026 that were patched, but you need to actually apply the patches in some scenarios.

This isn’t a lot of work. I spend maybe 30 minutes a month on maintenance across all three servers. But it’s 30 minutes more than zero, and you need to be okay with that.

When things break, you fix them

On a managed platform, you open a support ticket. On your own server, you SSH in and figure it out. Docker logs, Traefik configs, disk space, memory usage - these become your debugging tools. In my experience, things rarely break (dedicated hardware is remarkably stable), but when they do, you’re the one on call. LLMs are very helpful when trying to figure out a setup like this.

Case in point: a Coolify update once broke a handful of my services due to a backwards incompatibility in Docker. Not great. But I hopped on the Coolify Discord, found the fix already being discussed, and had everything back up in about 20 minutes. On a managed platform, I’d have been waiting for a support ticket response. Here, the community was the support team, and they were faster.

The upside? You actually understand your infrastructure. You know where your data lives, how traffic flows, and what each service does. That understanding is valuable, and it makes you a better developer. It makes you understand the magic, and be able to see past the marketing hype.

Coolify isn’t perfect

It’s a great tool, and it’s improving fast (35K+ GitHub stars, very active development). But:

It’s technically still in beta (v4), though it’s stable enough for production in my experience
The documentation has gaps in some areas. Discord is really helpful here - search through the discussions - chances are, someone already had your issue or something similar to it.
Docker Compose deployments can be finicky with port configuration - after years of using it, I still need help understanding some more advanced configs.
The built-in monitoring (Sentinel) is basic, but it can be supplemented with other tools.

To me, none of these are dealbreakers. YMMV, but I think they’re the kind of rough edges you’d expect from an open-source project that’s growing fast.

The math

Let’s do some napkin math. Say you’re running 5 websites and a couple of backend services.

Vercel Pro + managed databases + misc services:

Vercel Pro: $20/month/seat
Managed Postgres (Neon, Supabase, etc.): $25-50/month
Managed Redis: $10-30/month
Analytics service: $10-20/month
Other SaaS tools: varies
Total: easily $80-150+/month, and that’s for one developer

Hetzner + Coolify:

Auction server (mid-range): ~40 EUR/month
Cloudflare: free
Coolify: free (self-hosted)
S3 backups: ~5 EUR/month
Total: ~45 EUR/month, and you can host 20+ services on that one box

I run three servers because I like the separation and have a lot of services. You can start with one and grow from there.

The savings become more dramatic as you scale. Managed platforms charge per service, per seat, per GB of bandwidth. Your own server costs the same whether you run 1 service or 50.

Getting started

If you’ve made it this far and want to try it:

Start small. Get a Hetzner Cloud VPS for ~4 EUR/month. Install Coolify. Deploy your personal site. Get comfortable.
Move one thing at a time. Don’t migrate everything at once. Move your least critical project first and live with it for a month.
Read the Coolify docs. They’re not perfect, but they cover the essentials.
Join the communities. The Coolify Discord and Hetzner Community are both active and helpful.
When you’re ready, grab an auction server. The jump from VPS to dedicated hardware is significant in terms of resources, and the cost difference is marginal.

Takeaway

Self-hosting isn’t a return to the dark ages of sysadmin work. With tools like Coolify, the DX is genuinely close to what you get on managed platforms. You push to git, your app deploys. SSL just works. Databases are one click away. The difference is that you own the whole stack, you control your data, and you’re not at the mercy of pricing changes or platform decisions.

Is it more work than Vercel? Yes, relatively speaking. Is it worth it? For me, absolutely. The combination of cost savings, ownership, and the satisfaction of running your own infrastructure is hard to beat. Plus, you learn things about how the web actually works that managed platforms abstract away - and that knowledge, in my opinion, makes you a better developer.

The tech feudalists want you to believe this is hard. They need you to believe it, because the moment you realize it’s not, their entire value proposition starts looking a lot thinner. Take back your stack. It’s easier than they want you to think, and you’ll be a better developer for it.

Happy hacking!