MCP.so
Sign In
Servers

Hetzner Cloud Mcp Server

@wbf-solutions

The Hetzner MCP with SSH server management. 60 tools — Cloud API + SSH in one MCP server.

Overview

What is Hetzner Cloud MCP Server?

An MCP server that lets you manage Hetzner Cloud infrastructure from any MCP-compatible client (Claude.ai, Claude Desktop, VS Code, Cursor). It combines the Hetzner Cloud API (25 tools for power, metrics, snapshots, firewalls, DNS) with a full SSH management layer (27 tools for services, logs, Nginx, MySQL, system health) — 60 tools total. Built for sysadmins and developers who need both API and server‑level control.

How to use Hetzner Cloud MCP Server?

Clone the repository, install dependencies with Composer, copy .env.example to .env, and set your Hetzner API token, server details, SSH key path, and an API key. Configure an Nginx reverse proxy with PHP‑FPM (fastcgi_buffering off required for SSE). Then add a custom connector in Claude.ai, Claude Desktop, or another client, pointing to https://yourdomain.com/api.php with the API key passed as ?key=XXX or Authorization: Bearer. Tools are invoked via MCP tool calls.

Key features of Hetzner Cloud MCP Server

  • Two management layers: Cloud API and SSH
  • 60 tools covering server, DNS, and SSH operations
  • Dynamic multi‑server configuration (1 to N servers)
  • Destructive guards (confirmation required for dangerous ops)
  • Transport via SSE and Streamable HTTP
  • Self‑hosted, open source (MIT), PHP 8.1+

Use cases of Hetzner Cloud MCP Server

  • Manage Hetzner servers through Claude.ai or Claude Desktop from any device
  • Perform sysadmin tasks: restart services, tail logs, check memory, firewall status
  • Automate server provisioning: snapshots, backups, rescale, rebuild
  • Manage DNS zones and records without leaving your AI chat
  • Monitor system health and run read‑only SQL queries

FAQ from Hetzner Cloud MCP Server

What are the two management layers?

Layer 1 (Hetzner Cloud API) handles server power, metrics, snapshots, firewalls, DNS, rescue, rebuild — works even if the OS is unresponsive. Layer 2 (SSH) gives real sysadmin tools: service control, logs, Nginx, MySQL, supervisor, cron, UFW, disk/memory/CPU monitoring.

How do I authenticate with this MCP server?

You can run without authentication (behind a VPN/firewall), use a static API key (MCP_API_KEY), or add OAuth 2.1 token introspection for multi‑user deployments. Clients pass the key as ?key=XXX or via Authorization: Bearer header.

Can I manage multiple servers?

Yes. Define any number of servers in the .env file with SERVERS=web,staging and individual SERVER_* variables for ID, IP, SSH user, and aliases. SSH tools are auto‑directed to the configured server.

What security measures are in place?

Dangerous operations require confirm=true. SSH commands block 29 dangerous patterns (e.g., rm -rf, dd, mkfs). SQL is restricted to SELECT, SHOW, DESCRIBE, EXPLAIN only. Rate limiting uses atomic flock() per IP.

Do I need SSH access for all tools?

No. Cloud API tools (server power, metrics, snapshots, firewalls, DNS) work without SSH. SSH‑based tools (service management, logs, MySQL, etc.) require an SSH key configured for the server and SSH_KEY_PATH set in the .env file. If SSH is not configured, those tools are automatically disabled.

Tags

More from Developer Tools