Proxmox on Hetzner

Proxmox on Hetzner

Proxmox VE on a Hetzner dedicated server is one of the most cost-effective ways to run a production virtualization platform in Europe today. For the price of a hosted VPS bundle, you get a full hypervisor on bare metal with two NVMe drives, plenty of ECC RAM, and unmetered traffic. This article walks through the install, networking, storage, and snapshots — everything you need to take a freshly leased Hetzner box and turn it into a stable home for a dozen virtual machines.

Why bare metal, why Hetzner

The hyperscaler pitch is convenience: pay per minute, scale on demand, never touch a screwdriver. The reality for steady, predictable workloads is different. If your peak load is also your average load, and you never need to spin up two hundred EC2 instances at three in the morning, the per-minute pricing model just makes you pay for flexibility you do not use.

A Hetzner AX52 (Ryzen 7 7700, 64 GB DDR5, 2 × 1 TB NVMe) costs around €52 a month including IPv4 and unmetered traffic. The closest AWS equivalent is roughly €700 a month before bandwidth. Same cores, same memory, same storage, ten times the bill. Hardware does break sometimes, but Hetzner replaces drives within four hours of a ticket and a properly mirrored ZFS pool will not lose data because of it.

Picking the right box

For a Proxmox host you want three things in this order: storage that survives a drive failure, enough RAM to host the VMs you actually plan to run, and a CPU generation that supports modern virtualisation extensions. The auction at hetzner.com/sb usually has AX-line boxes with two NVMe drives and 64 to 128 GB of ECC RAM in the €40 to €70 range. Avoid the SX-line storage servers (slow spinning rust) and the older PX boxes (no AVX-512, no nested virtualisation).

Installing Proxmox without a KVM

Hetzner does not officially support Proxmox via the installimage tool, but you can get there in three commands from the rescue system. Boot into rescue, then:

installimage -a -n proxmox-host -r yes -l 1 \
  -p /:ext4:60G,swap:swap:8G,/var/lib/vz:ext4:all \
  -K /root/.ssh/authorized_keys \
  -i /root/images/Debian-1204-bookworm-amd64-base.tar.gz

That gives you a fresh Debian 12 with your SSH key already authorised. After it reboots, add the Proxmox repository, install the package, and remove the Debian kernel:

echo "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription" \
  > /etc/apt/sources.list.d/pve.list
wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg \
  -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
apt update && apt install -y proxmox-ve postfix open-iscsi
apt remove -y linux-image-amd64 'linux-image-6.1*'

Reboot, and the Proxmox web UI is on port 8006. Total elapsed time: about fifteen minutes.

Networking the dirty way

Hetzner gives you one public IPv4 by default. To put VMs behind it, the easiest path is a Linux bridge with NAT and port-forwarding rules. The cleaner path is ordering a single additional IP (€1 a month) or a /29 subnet (€5 a month) and routing those straight into the VMs.

For most setups the NAT approach is fine: forward ports 80 and 443 to a single reverse-proxy VM (Caddy and Traefik are both popular choices), which then dispatches to the right backend by hostname. The configuration lives in /etc/network/interfaces on the host:

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o enp0s31f6 -j MASQUERADE
    post-up iptables -t nat -A PREROUTING -i enp0s31f6 -p tcp --dport 443 -j DNAT --to 10.0.0.10:443
    post-up iptables -t nat -A PREROUTING -i enp0s31f6 -p tcp --dport 80  -j DNAT --to 10.0.0.10:80

Storage and snapshots

Configure the two NVMe drives as a ZFS mirror at install time. ZFS gives you cheap copy-on-write snapshots and incremental sends to a Hetzner Storage Box for off-site backups. A reasonable schedule is daily snapshots at 03:00 retained for fourteen days, with weekly snapshots retained for eight weeks. Incremental backups of a dozen VMs typically run in a few minutes because only changed blocks travel the wire.

The send command is roughly:

zfs snapshot -r rpool/data@$(date +%F)
zfs send -i rpool/data@previous rpool/data@$(date +%F) | \
  ssh -i /root/.ssh/storage_key u1234@u1234.your-storagebox.de \
  "cat > backups/data-$(date +%F).zfs"

Running your first VM the cloud-init way

Manually clicking through the Proxmox VM creation wizard is fine for one box. For a fleet of VMs that need to look identical, build a cloud-init template once and clone from it. Download a Debian generic cloud image, create a template VM with cloud-init enabled, and turn it into a template:

wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.qcow2
qm create 9000 --memory 2048 --net0 virtio,bridge=vmbr0
qm importdisk 9000 debian-12-genericcloud-amd64.qcow2 local-zfs
qm set 9000 --scsihw virtio-scsi-pci --scsi0 local-zfs:vm-9000-disk-0
qm set 9000 --ide2 local-zfs:cloudinit
qm set 9000 --boot c --bootdisk scsi0
qm set 9000 --serial0 socket --vga serial0
qm set 9000 --agent enabled=1
qm template 9000

From here, qm clone 9000 101 --name web01 --full gives you a fresh VM with SSH keys, hostname, and network already configured via cloud-init properties. From zero to a usable VM in under thirty seconds.

What to expect from a single AX52

An AX52 with 64 GB of RAM comfortably hosts a small fleet of application VMs alongside a couple of supporting services without breaking a sweat. As a rough capacity guide:

• 10 to 15 small Linux web VMs (1 to 2 vCPU, 2 to 4 GB RAM each)
• One or two AI inference VMs running quantised models on CPU (Ollama, Open WebUI)
• One automation VM (n8n, Home Assistant, Node-RED)
• One monitoring stack (Prometheus + Grafana)
• A reverse proxy and a backup target

Typical real-world load on a setup like that sits well below the box's headroom: CPU rarely above 25%, RAM around two-thirds full, and several hundred gigabytes of free disk on a 1 TB mirror. Hetzner's network has been historically reliable, with the occasional planned maintenance window the only meaningful downtime.

Limits to be aware of

A single Proxmox host on a single dedicated server is great for steady-state workloads but it is still a single point of failure. Avoid putting anything on it that you cannot afford to have down for the four hours it takes Hetzner to swap a drive. For high-availability requirements, deploy a second host and use Proxmox replication, or move the workload to a managed service. Honesty about limits is part of how this stack stays cheap.

If you want help

If a stack like this sounds right for your business but you would rather not spend your weekends learning ZFS, iptables, and cloud-init, our Server Management service handles the deployment, hardening, and ongoing operation of Proxmox boxes for clients across Europe. You get the cost savings of bare metal without the operational burden.