This guide will help you deploy FireClaw on Hetzner Cloud.
- Hetzner Cloud account
- Domain name (optional, for SSL)
- SSH key pair
- Basic knowledge of Linux and Docker
- Hetzner Cloud Server (CX21 or higher recommended)
- Domain name pointed to your server IP
- Environment variables (see
.env.example) - API Keys:
- Google OAuth (optional)
- Razorpay (for payments)
- Resend (for emails)
- Hetzner Cloud API token
- Go to https://console.hetzner.cloud
- Click "New Project" → Name it "FireClaw"
- Click "Add Server"
- Select:
- Location: Choose closest to your users (e.g., Nuremberg, Helsinki)
- Image: Ubuntu 22.04
- Type: CX21 (2 vCPU, 4GB RAM, €5.83/mo) or higher
- Networking: Enable IPv4 & IPv6
- SSH Key: Add your public SSH key
- Firewall: Create new firewall with rules:
- TCP: 22 (SSH)
- TCP: 80 (HTTP)
- TCP: 443 (HTTPS)
- Click "Create & Buy"
- Note down the server's IP address
# Install hcloud CLI
brew install hcloud # macOS
# or
curl -L https://github.com/hetznercloud/cli/releases/latest/download/hcloud-linux-amd64.tar.gz | tar xz
# Login
hcloud context create fireclaw
# Create SSH key
hcloud ssh-key create --name my-key --public-key-from-file ~/.ssh/id_rsa.pub
# Create firewall
hcloud firewall create --name fireclaw-fw \
--rules-file firewall-rules.json
# Create server
hcloud server create \
--name fireclaw-prod \
--type cx21 \
--image ubuntu-22.04 \
--ssh-key my-key \
--firewall fireclaw-fw \
--location nbg1- Go to your domain registrar (Namecheap, GoDaddy, Cloudflare, etc.)
- Add an A record:
- Name:
@(orfireclaw) - Type: A
- Value: Your Hetzner server IP
- TTL: 3600
- Name:
- Optionally add www subdomain:
- Name:
www - Type: CNAME
- Value:
fireclaw.yourdomain.com
- Name:
Wait 5-30 minutes for DNS propagation.
ssh root@YOUR_SERVER_IPapt update && apt upgrade -y# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
# Install Docker Compose
apt install docker-compose-plugin -y
# Verify installation
docker --version
docker compose versionapt install -y git curl wget nano ufw fail2banufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable
ufw statuscd /opt
git clone https://github.com/yourusername/fireclaw.git
cd fireclawcp .env.example .env
nano .envEdit the .env file with your values:
# Database
MONGODB_URI=mongodb://admin:CHANGE_THIS_PASSWORD@mongodb:27017/fireclaw?authSource=admin
# NextAuth
NEXTAUTH_URL=https://fireclaw.yourdomain.com
NEXTAUTH_SECRET=$(openssl rand -base64 32)
# Google OAuth (get from https://console.cloud.google.com)
AUTH_GOOGLE_ID=your_google_client_id
AUTH_GOOGLE_SECRET=your_google_client_secret
# Razorpay (get from https://dashboard.razorpay.com)
RAZORPAY_KEY_ID=rzp_live_xxxxx
RAZORPAY_KEY_SECRET=your_key_secret
# Resend (get from https://resend.com/api-keys)
RESEND_API_KEY=re_xxxxx
# Hetzner Cloud API (get from https://console.hetzner.cloud)
HETZNER_API_TOKEN=your_hetzner_api_token
# MongoDB Root Credentials
MONGO_ROOT_USER=admin
MONGO_ROOT_PASSWORD=CHANGE_THIS_PASSWORD
# Port
PORT=3000Generate NEXTAUTH_SECRET:
openssl rand -base64 32docker compose up -d --builddocker compose logs -fdocker compose psYou should see:
fireclaw- Running on port 3000mongodb- Running (internal)nginx- Running on ports 80/443certbot- Running (for SSL renewal)
nano nginx/nginx.confReplace your-domain.com with your actual domain.
# Stop nginx temporarily
docker compose stop nginx
# Get certificate
docker compose run --rm certbot certonly \
--standalone \
--preferred-challenges http \
--email your-email@example.com \
--agree-tos \
--no-eff-email \
-d fireclaw.yourdomain.com \
-d www.fireclaw.yourdomain.com
# Uncomment HTTPS server block in nginx.conf
nano nginx/nginx.conf
# Uncomment the HTTPS server block and comment HTTP
# Restart nginx
docker compose up -d nginxdocker compose run --rm certbot renew --dry-runcurl http://YOUR_SERVER_IP
# or
curl http://fireclaw.yourdomain.comcurl https://fireclaw.yourdomain.comdocker exec -it fireclaw-mongodb-1 mongosh -u admin -p YOUR_MONGO_PASSWORD --authenticationDatabase admindocker compose logs fireclawcd /opt/fireclaw
git pull origin maindocker compose down
docker compose up -d --builddocker compose build fireclaw
docker compose up -d --no-deps --build fireclaw# All services
docker compose logs -f
# Specific service
docker compose logs -f fireclaw
docker compose logs -f mongodb
docker compose logs -f nginx# Create backup directory
mkdir -p /opt/backups
# Backup script
docker exec fireclaw-mongodb-1 mongodump \
-u admin \
-p YOUR_MONGO_PASSWORD \
--authenticationDatabase admin \
--out /data/backup
# Copy to host
docker cp fireclaw-mongodb-1:/data/backup /opt/backups/backup-$(date +%Y%m%d-%H%M%S)docker exec -i fireclaw-mongodb-1 mongorestore \
-u admin \
-p YOUR_MONGO_PASSWORD \
--authenticationDatabase admin \
/data/backup# Docker stats
docker stats
# Disk usage
df -h
# Memory usage
free -hdocker compose logs fireclaw
docker compose logs mongodb# Check what's using port 80/443
sudo lsof -i :80
sudo lsof -i :443
# Stop the service
sudo systemctl stop apache2 # if Apache is running# Check MongoDB logs
docker compose logs mongodb
# Verify connection string in .env
cat .env | grep MONGODB_URI# Check certbot logs
docker compose logs certbot
# Manually renew
docker compose run --rm certbot renew# Clean Docker
docker system prune -a --volumes
# Clean old images
docker image prune -a- Change default passwords in
.env - Enable firewall (UFW)
- Install fail2ban to prevent brute-force
- Regular updates:
apt update && apt upgrade -y - Setup automated backups
- Use strong NEXTAUTH_SECRET
- Enable rate limiting (already configured in nginx)
- Monitor logs regularly
Add to docker-compose.yml:
redis:
image: redis:alpine
restart: always
networks:
- fireclaw-networkEdit docker-compose.yml:
mongodb:
command: mongod --wiredTigerCacheSizeGB 1.5docker compose up -d --scale fireclaw=3| Resource | Cost (€/month) |
|---|---|
| CX21 Server (2 vCPU, 4GB RAM) | €5.83 |
| IPv4 Address | Free |
| Backup Space (20GB) | €0.60 |
| Total | ~€6.43/month |
For production, upgrade to CX31 (€11.65/mo) or CX41 (€23.31/mo).
- Hetzner Docs: https://docs.hetzner.com
- Docker Docs: https://docs.docker.com
- Next.js Docs: https://nextjs.org/docs
Your FireClaw application should now be running at:
Next steps:
- Test all features
- Setup monitoring
- Configure backups
- Add custom domain
- Invite users!