Why I trust Hetzner VPS for client projects
and how I set them up the right way
Over the years, I’ve deployed projects on all kinds of infrastructure: AWS, GCP, Azure, and plenty of VPS providers. Each has its place. If you’re running a global SaaS at massive scale, AWS makes sense. If you need deep integrations with enterprise tools, Azure can be the right fit.
But here’s the thing: not every project needs the complexity (or the price tag) of the big clouds. When I’m building fast, when budgets matter, or when I want full control without ten layers of abstraction — that’s when Hetzner shines.
Hetzner isn’t flashy. It doesn’t overwhelm you with 300 services and acronyms. What it does give you is reliable hardware, transparent pricing, and the flexibility to shape the server exactly the way you need it. For a lot of real-world client projects, that’s not just enough — it’s ideal.
Picking the right plan (from an agency perspective)
Here’s the truth: most of the time, we start projects on Hetzner’s smaller VPS plans. Why? Because speed of iteration matters more than raw specs at the beginning.
At Lynsoft, our rule is:
Start small, validate fast.
Scale up only when the product or client load demands it.
Always design the system so migration to a bigger plan is painless.
That mindset has saved our clients thousands of dollars and us countless headaches.
Location matters more than you think
Hetzner’s regions (Germany, Finland, U.S.) look like a simple dropdown when you create your server. But for us, choosing the right one has a direct impact on user experience.
When Lynsoft deployed an app for a client in Costa Rica, we tested from both the U.S. and German data centers. Latency dropped by nearly half from the U.S. region. That difference translated into snappier dashboards and happier end users.
It’s a small decision during setup that pays off in production.
Security from day one (not day ten)
One thing I’ve learned: you don’t secure a server later. Later never comes. The moment a VPS goes live, I run through a quick checklist:
SSH keys only. Passwords disabled. Always.
Root login disabled. No excuses.
UFW firewall enabled. Allow only what the app needs.
We’ve built a set of tools that automatically harden servers based on the security level you select. The stronger the security, the more system resources it will consume — so the goal is to balance protection with performance. The table below summarizes each (opinionated) level:
src
┣ config
┃ ┣ security-levels.conf
┃ ┗ system-paths.conf
┣ lib
┃ ┣ common.sh
┃ ┣ config.sh
┃ ┣ logging.sh
┃ ┣ module-base.sh
┃ ┗ validation.sh
┣ modules
┃ ┣ 01-system-update.sh
┃ ┣ 02-ssh-hardening.sh
┃ ┣ 03-firewall.sh
┃ ┣ 04-fail2ban.sh
┃ ┣ 05-kernel-security.sh
┃ ┣ 06-auditing.sh
┃ ┣ 07-monitoring.sh
┃ ┣ 08-security-tools.sh
┃ ┣ 09-ubuntu24-features.sh
┃ ┣ 10-compliance-scanning.sh
┃ ┗ 11-reporting.sh
┣ harden.sh
┣ install.sh
┗ security-validation.sh
Creating snapshots like a habit
Every founder has a story about the night they broke production. Mine involves a late-night Nginx config change that locked me out of a server completely. That’s when snapshots stopped being “nice to have” and became non-negotiable.
Now, before I touch critical configs, I make a snapshot in the Hetzner Cloud Console. I label it something obvious like before-docker-update or pre-db-migration. If something goes wrong, I just roll back.
Key takeaways:
Take a snapshot in the Hetzner Cloud Console.
Name it clearly (
pre-docker-update,before-db-upgrade).Only then do we touch configs or deploy containers.
It’s the equivalent of a “Save Game” button for production. And when you’re managing multiple projects for clients, it’s not optional — it’s how you sleep at night.
Backups: cheap insurance for serious projects
Snapshots are great, but they’re manual. For ongoing client projects, we also enable Hetzner’s automatic backups. It costs a few extra euros per month, but the ROI is huge.
I’ve had a client’s database corrupt after a bad import. Restoring from backup took minutes and avoided what could’ve been a very awkward conversation; it’s saving your reputation as a developer and your client’s trust in your company.
At Lynsoft, we frame this to clients as part of our “peace of mind” policy: we don’t just build software, we safeguard it.
Making the server yours
Once the basics are in place — updates, security, snapshots, backups — that’s when the fun begins. Some projects get Docker with multiple microservices. Others run on a simple Nginx reverse proxy pointing to a Next.js app. Internal tools sometimes just need a bare Postgres database with monitoring stacked on top.
That’s what I love about Hetzner: the freedom. With AWS for instance, you often feel like you’re being funneled into using their services (RDS for databases, ECS/Fargate for containers, CloudFront for CDN, etc.). With Hetzner, you get the raw building blocks and the control to shape them however you want. You’re in control of what runs on the machine. Want Postgres? Install it yourself. Prefer Docker Swarm, Kubernetes, or Nomad? Spin it up. Nginx, Traefik, Caddy? Your choice.
The important thing isn’t the exact stack — it’s that you own the environment. With Hetzner, we’re not fighting arbitrary limits. We build what the project needs.
The founder’s perspective
Looking back at all the servers I’ve deployed, one thing stands out: choosing Hetzner isn’t just about saving money. It’s about reliability and control — two things every founder needs when building software that real people rely on.
That doesn’t mean AWS or other cloud giants don’t have their place. If you’ve got deep budgets and need to move at lightning speed with managed services, they can be the right call. But when cost efficiency and flexibility matter, Hetzner is hard to beat.
For me, a well-configured Hetzner VPS is like a solid foundation: invisible to users, but essential for everything built on top.
And if there’s one lesson I’ve learned over the years, it’s this: treat every VPS as if it were going to production tomorrow. Secure it, back it up, and make it yours.
That mindset is what transforms a low-cost server into infrastructure you can trust.
