Self hosted Coolify instance on Hetzner with Terraform

Deploy Coolify on Hetzner Cloud using the Terraform. This project aims to create a highly optimized, auto-upgradable, highly available and cost-effective self hosted Coolify instance for deployng your projects on Hetzner Cloud.

Default configuration will create a one server in Falkenstein Germnay with 2 VCPU, 4 GB RAM, 40 GB disk space, 20TB out traffic for 5.77EUR/month. Change configuration to your needs in variables.tf file, see Additional Configuration

Prerequisites

Before you begin, ensure you have the following:

• A Hetzner Cloud account. You can sign up here (free €⁠20 in cloud credits for new users)
• Terraform command-line tool installed

Install Terraform:

wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform

Deployment Steps

1. Generate Hetzner API Token

Create new project in Hetzner console https://console.hetzner.cloud/projects

Obtain API token from Hetzner console that will be used by Terraform to interact with the platform. Navigate to your project and click on SECURITY > API TOKENS > GENERATE API (give read/write access)

Paste API token in the hcloud_token variable in variables.tf. More secure way to store API token is to create .auto.tfvars file in the root of your project and paste API token there, sintax is same as in .env file (hcloud_token = "API_TOKEN"). This will overwrite default value. In same way other variabels can be changed from default values without having to change them in the code.

2. Initialize and Apply Terraform

Initialize Terraform and apply the configuration:

cd <your-project-folder>
terraform init --upgrade
terraform validate
terraform apply -auto-approve

3. Open UI or SSH into the server

When Terraform finishes, give server a couple of minutes to install all dependencies. Coolify's UI will be available at:

# Coolify version 3
SERVER_IP:3000

# Coolify version 4
SERVER_IP:8000

Default installed Coolify version is 3, because it is easy to navigate for new users and ver. 4 is still in beta. You can chage version in server-config.sh

If needed, you can ssh into the server with the following command:

ssh root@<server-ip> -i ~/.ssh/coolify_key.pem

4. Destroy infrastructure

To destroy the infrastructure run the following command:

terraform destroy -auto-approve

Aditional Configuration

1. Firewall Rules

To make the server access more secure, we created firewall rules that only allow traffic on certain ports.

Add more rules in firewall.tf file if you use service with specific port.

rule {
    destination_ips = []
    direction       = "in"
    port            = "5432"
    protocol        = "tcp"
    source_ips = [
      "0.0.0.0/0",
      "::/0",
    ]
  }
  rule {
    destination_ips = ["0.0.0.0/0"]
    direction       = "out"
    port            = "5432"
    protocol        = "tcp"
    source_ips = [
      "0.0.0.0/0",
      "::/0",
    ]
  }

2. List images, servers types and locations

Check the list of images, servers and prices on official Hetzner Cloud website. Also, you can query REST API with the same API_TOKEN we created earlier.

Only Debian and Ubuntu images are supported.

export TF_HETZNER_TOKE= <API_TOKEN>

curl \
 -H "Authorization: Bearer $TF_HETZNER_TOKEN" \
 'https://api.hetzner.cloud/v1/images'

curl \
 -H "Authorization: Bearer $TF_HETZNER_TOKEN" \
 'https://api.hetzner.cloud/v1/server_types'

 curl \
 -H "Authorization: Bearer $TF_HETZNER_TOKEN" \
 'https://api.hetzner.cloud/v1/locations'

You can use fetch-data.sh to fetch the data from the API and save it to .json in data folder. Images are filtered by type and architecture and only x86 servers are listed, ARM is excluded.