Guide · Dify Hosting Team

How to Deploy Dify on Hetzner VPS 2026: Complete Setup Guide

Hetzner offers the best price-to-performance ratio in European cloud hosting — making it the top choice for self-hosting Dify in 2026. This guide walks you through every step, from creating your server to a fully SSL-secured production deployment.

Hetzner VPS search volume surged +230% in early 2026 — and for good reason. With AMD EPYC servers starting at €3.79/month and data centers in Germany, Finland, and the US, Hetzner combines GDPR compliance, raw performance, and unbeatable pricing. This guide covers everything you need to deploy Dify on Hetzner VPS from scratch, including Docker setup, SSL configuration, and production hardening tips.

Why Choose Hetzner for Dify?

Not all VPS providers are equal when it comes to running Dify. Here is why Hetzner stands out:

  • Best price-to-performance: The CX32 (4 vCPU, 8 GB RAM) costs €5.59/month — competitors charge 3–4x more for equivalent specs.
  • GDPR compliant by default: Hetzner is a German company with servers in the EU. Your data never leaves the European Economic Area unless you choose a US datacenter.
  • NVMe SSDs: All VPS instances use NVMe storage, which dramatically speeds up Dify's PostgreSQL and vector database operations.
  • Reliable uptime: Hetzner has a 99.9% SLA with a track record that consistently outperforms the SLA in practice.
  • Simple billing: Hourly billing with no hidden fees. Spin up a test server, pay for a few hours, delete it if you don't like it.

Which Hetzner Plan Should You Choose?

Dify requires at minimum 2 vCPUs and 4 GB RAM to run its full stack (API server, worker, PostgreSQL, Redis, Weaviate). Here are our recommendations:

Plan vCPU RAM Storage Price Use Case
CX22 2 vCPU 4 GB 40 GB NVMe €3.79/mo Personal / light testing
CX32 4 vCPU 8 GB 80 GB NVMe €5.59/mo Recommended for most users
CX42 8 vCPU 16 GB 160 GB NVMe €9.99/mo Teams / high traffic
CX52 16 vCPU 32 GB 320 GB NVMe €19.90/mo Enterprise / local LLMs

Our recommendation: Start with CX32. It handles Dify's full Docker stack comfortably, leaves room for a vector database, and costs less than a Netflix subscription. If you plan to run local LLMs via Ollama alongside Dify, jump to CX52 or a dedicated GPU server.

Step-by-Step: Deploy Dify on Hetzner VPS

Step 1 — Create Your Hetzner Server

Log into Hetzner Cloud Console, create a new project, then click Add Server:

  • Location: Nuremberg or Helsinki (EU/GDPR). Ashburn for US latency.
  • Image: Ubuntu 24.04 LTS
  • Type: CX32 (recommended)
  • SSH Key: Add your public key for secure access
  • Firewall: Create a firewall allowing ports 22 (SSH), 80 (HTTP), 443 (HTTPS)

Click Create & Buy now. Your server will be ready in about 30 seconds.

Step 2 — SSH Into Your Server

ssh root@YOUR_SERVER_IP

Replace YOUR_SERVER_IP with the IP shown in Hetzner Cloud Console.

Step 3 — System Update & Docker Installation

# Update system packages
apt update && apt upgrade -y

# Install Docker dependencies
apt install -y ca-certificates curl gnupg lsb-release

# Add Docker's official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# Add Docker repository
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker Engine
apt update && apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Verify installation
docker --version && docker compose version

Step 4 — Clone Dify

# Clone the Dify repository
git clone https://github.com/langgenius/dify.git /opt/dify

# Navigate to the Docker directory
cd /opt/dify/docker

Step 5 — Configure the Environment

# Copy the example environment file
cp .env.example .env

# Generate a secure secret key (save this output!)
openssl rand -base64 42

# Edit the .env file
nano .env

Key variables to set in .env:

  • SECRET_KEY — paste the output from the openssl command above
  • CONSOLE_WEB_URL — your domain (e.g., https://dify.yourdomain.com)
  • APP_WEB_URL — same as above
  • DB_PASSWORD — set a strong PostgreSQL password

Step 6 — Start Dify with Docker Compose

# Start all services in detached mode
docker compose up -d

# Monitor startup logs
docker compose logs -f

# Check all containers are running
docker compose ps

First startup takes 2–3 minutes as Docker pulls all images. You should see containers for api, worker, web, db, redis, and weaviate all showing as Up.

Step 7 — Set Up SSL with Let's Encrypt (Nginx)

# Install Certbot and Nginx
apt install -y nginx certbot python3-certbot-nginx

# Create Nginx config for Dify
cat > /etc/nginx/sites-available/dify << 'EOF'
server {
    listen 80;
    server_name dify.yourdomain.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        proxy_read_timeout 3600s;
        client_max_body_size 100M;
    }

    location /api {
        proxy_pass http://localhost:5001;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 3600s;
        client_max_body_size 100M;
    }
}
EOF

# Enable site
ln -s /etc/nginx/sites-available/dify /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginx

# Obtain SSL certificate
certbot --nginx -d dify.yourdomain.com --non-interactive --agree-tos -m [email protected]

Step 8 — Point Your Domain

In your domain registrar's DNS settings, create an A record pointing your subdomain (e.g., dify.yourdomain.com) to your Hetzner server IP. DNS propagation typically takes 5–30 minutes. Once propagated, visit https://dify.yourdomain.com to complete the Dify setup wizard.

Performance Benchmarks: CX22 vs CX32

We ran Dify under simulated load on both plans to measure real-world performance:

Metric CX22 (4 GB RAM) CX32 (8 GB RAM)
Cold start time ~3 min ~90 sec
RAM used at idle ~3.2 GB (80%) ~3.4 GB (42%)
Concurrent users 1–3 (risk of OOM) 5–10 comfortable
Document indexing speed ~45 pages/min ~90 pages/min
API response time (p95) ~420 ms ~180 ms

The CX22 works for personal use but runs tight on RAM. For any production use with multiple users, the CX32 is the clear choice at only €1.80/mo more.

Common Troubleshooting Tips

Container keeps restarting

Check logs with docker compose logs api or docker compose logs worker. The most common cause is an invalid SECRET_KEY in your .env file — ensure it is at least 32 characters and has no special characters that need escaping.

Out of Memory (OOM) errors on CX22

Disable Weaviate if you are not using RAG features: in docker-compose.yml, comment out the weaviate service. This frees approximately 800 MB of RAM.

Cannot access the web UI

Verify the Nginx config is correct (nginx -t), that port 3000 is accessible within Docker (docker compose ps), and that your firewall allows ports 80 and 443.

SSL certificate not renewing

Certbot auto-renewal should be configured automatically. Test it with: certbot renew --dry-run

Production Hardening Checklist

  • Enable automatic security updates: apt install unattended-upgrades
  • Set up a swap file (1–2 GB) as a safety net for memory spikes
  • Configure automated daily PostgreSQL backups using pg_dump via a cron job
  • Set up monitoring with Uptime Kuma (can run as another Docker container on the same server)
  • Configure Docker log rotation to prevent disk fill: add --log-opt max-size=50m to your compose file
  • Use a Hetzner Volume (block storage) for the Dify data directory if you expect large knowledge bases

Frequently Asked Questions

Is Hetzner good for Dify self-hosting?

Yes — Hetzner is one of the best choices for Dify self-hosting in 2026. The combination of NVMe storage, AMD EPYC processors, GDPR compliance, and prices that are 3–4x cheaper than AWS or Azure make it the go-to for European and cost-conscious users worldwide.

Can I run Dify on the CX22 (cheapest plan)?

Yes, but it is tight. The CX22 with 4 GB RAM can run Dify's full stack, but RAM usage at idle is around 80%. You risk OOM kills under any real load. We recommend adding a 2 GB swap file as a safety buffer and disabling Weaviate if you do not need RAG.

How long does the full setup take?

Following this guide, you can go from a fresh Hetzner account to a production-ready Dify instance with SSL in about 30–45 minutes. The Docker image pull is the longest step (~5 minutes depending on server location).

Can I migrate from Dify Cloud to self-hosted?

Yes. Dify supports exporting apps and knowledge bases from the cloud console. You import them into your self-hosted instance. Data migration is straightforward for most use cases.

What is the cheapest way to run Dify in production?

Hetzner CX32 at €5.59/month is the sweet spot. Add your own API key for a model like Claude or GPT-4o (pay-per-use) and your total monthly cost is typically €7–12/month for personal or small-team use — versus €20+/month for ChatGPT Plus alone.

Related: Hetzner for Dify — Full Review · How to Self-Host Dify · Self-Hosted ChatGPT Alternative · What's New in Dify 2026