Published on

Hetzner Server Setup: 7 Best Practices for 2026

Setting up a Hetzner server takes less than 10 minutes and costs as little as €4 per month when using their ARM-based cloud instances. By following security best practices like SSH key authentication and firewall configuration, you can create a production-ready environment on Ubuntu 26.04 LTS. This setup provides a stable foundation for hosting web applications, databases, or AI development environments.

Why is Hetzner a top choice for developers in 2026?

Hetzner offers a balance of high performance and low cost that is difficult for larger cloud providers to match. Their Cloud consoles are intuitive for beginners, yet they provide the same powerful API (Application Programming Interface) access that professionals require. Because they use modern hardware like the latest Ampere Altra processors, your applications run faster while consuming less energy.

Choosing a European provider also helps with data privacy regulations like GDPR (General Data Protection Regulation). You get to pick exactly which data center your server lives in, such as Nuremberg, Falkenstein, or Helsinki. This geographical control ensures lower latency (the time it takes for data to travel) for your specific user base.

Which Hetzner Cloud options should you choose?

When you first open the Hetzner Cloud Console, the variety of "Server Types" might feel overwhelming. For most beginners in 2026, the CAX series is the best starting point. These servers run on ARM64 architecture, which offers the best price-to-performance ratio for modern software.

If your specific software requires Intel or AMD chips, look for the CX or CPX series equivalents. We've found that starting with a smaller plan like the CAX11 is usually the smartest move. You can always "scale up" (increase your server's power) later with just a few clicks and a quick reboot.

For your Operating System, always select Ubuntu 26.04 LTS. The "LTS" stands for Long Term Support, meaning the developers will provide security updates for years to come. This prevents you from having to rebuild your server every few months just to stay secure.

How do you launch the server with best practices?

Before you click "Create & Buy Now," you need to handle your authentication method. Never use a "Root Password" for a public server because hackers use automated bots to guess passwords 24/7. Instead, you must use an SSH Key (a pair of cryptographic files that act as a digital lock and key).

Step 1: Open your computer's terminal (Command Prompt on Windows or Terminal on Mac). Step 2: Type ssh-keygen -t ed25519 and press Enter to create your keys. Step 3: Copy the content of the file ending in .pub and paste it into the Hetzner "SSH Keys" section.

This ensures that only someone with your specific private key file can log in to the server. It is the single most important security step you can take. Once your key is added, select your location and hit the create button to start your instance (a virtual server running in the cloud).

What are the essential first steps after logging in?

Once your server status turns green, you need to connect to it using your terminal. Replace 1.2.3.4 with the actual IP address provided in your Hetzner dashboard.

Step 1: Connect to your server.

# ssh into the server as the root user
ssh [email protected]

Step 2: Update the system software to ensure everything is current.

# Update the list of available packages
apt update 
# Upgrade all installed software to the latest versions
apt upgrade -y

Step 3: Create a new user so you don't have to stay logged in as "root" (the all-powerful administrative user).

# Create a user named 'dev'
adduser dev
# Give the 'dev' user administrative powers
usermod -aG sudo dev

Step 4: Copy your SSH key to the new user so you can log in securely.

# This command automates copying the key from root to the dev user
rsync --archive --chown=dev:dev ~/.ssh /home/dev

How do you configure the Hetzner Firewall?

Hetzner provides a free "Cloud Firewall" that sits outside your server and blocks unwanted traffic before it even reaches your OS. This adds an extra layer of protection without slowing down your server's CPU (Central Processing Unit). You should configure this immediately after your server is live.

Navigate to the "Firewalls" tab in the Hetzner Cloud Console and create a new firewall. By default, you should add an "Inbound Rule" for SSH (Port 22) so you can still access the machine. If you are building a website, you will also need to open HTTP (Port 80) and HTTPS (Port 443).

Apply this firewall to your server instance using the "Resources" tab within the firewall settings. This ensures that all other ports are "stealthy" and invisible to scanners. Using the external firewall is better than using internal software like UFW (Uncomplicated Firewall) because it reduces the processing load on your server.

What are the common troubleshooting steps for beginners?

It is normal to feel stuck if your server doesn't respond to your commands. Usually, the issue is related to the firewall or the SSH key configuration. If you cannot connect, first check the Hetzner Console to see if the "Status" is "Running."

If you get a "Permission Denied" error, it means your terminal is not using the correct private key. You can specify which key to use by typing ssh -i ~/.ssh/my_private_key [email protected]. If you lose access entirely, Hetzner provides a "Web Console" in the browser that lets you log in even if your SSH settings are broken.

Don't worry if you make a mistake and break the configuration during your first try. One of the best features of cloud servers is the "Rebuild" button. This wipes the server clean and lets you start over with Ubuntu 26.04 in seconds, allowing you to practice until the process feels natural.

Next Steps

Now that your server is secure and updated, you can start installing the tools you need for your project. Most developers begin by installing Docker (a tool to run applications in isolated containers) or a web server like Nginx. You might also want to set up automated backups in the Hetzner dashboard, which costs a small extra fee but protects your data from accidental deletion.

For more detailed guides, visit the official Hetzner documentation.

Read the Setting Documentation