# Build Hetzner Server

## Before we begin

Please make sure you created your SSH key pairs prior to starting these steps.

{% content-ref url="/pages/SZ8YBbmpjJILqGWxrmx5" %}
[SSH Remote Access](/run-a-node/references/ssh-remote-access.md)
{% endcontent-ref %}

## VPS Build Procedure

Creating your account on Hetzner is a simple process similar to all other SaaS model services. At the current time, we will leave this process up to you.   

{% stepper %}
{% step %}

### Sign Up for an Account

### <https://www.hetzner.com/>

<div align="left"><figure><img src="/files/VdwVeZf83k0AadqdXnWm" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

### Create a Project

Create the project and enter into the Project's dashboard.

<div align="left"><figure><img src="/files/fVIhzcYCDw5V7dn7Dq32" alt=""><figcaption></figcaption></figure></div>

<div align="left"><figure><img src="/files/FPagrrogLddkCFfaHb6q" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

### Create Resource

Click on the `Create Resources` button.

Choose `Servers`

<div align="left"><figure><img src="/files/cNPBAqRkBERXSxXewDz2" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

### Location

Choose either the `Nuremberg` or `Helsinki` location.  &#x20;

These locations provide more server resource types.
{% endstep %}

{% step %}

### Image

Choose `Ubuntu` and make sure that `24.04` is selected from the dropdown box.

<div align="left"><figure><img src="/files/xji8g55Dz1dsZIT5VkHn" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

### Type

Select `x86 (Intel/AMD)`&#x20;

Once selected a table of resource types will populate.  You may choose a resource name from the list that best meets the specs requirements for your type of validator node.

Hypergraph Hybrid Nodes

* CPX51 is recommended
* CX52 is also recommended is aviable
* CPX41 may suffice however, you will run into disk space issues so be cautious.

Dor Data Layer 1 Nodes

* CX22
* CPX11
  {% endstep %}

{% step %}

### Networking

You may leave this section with the defaults
{% endstep %}

{% step %}

### SSH Keys

Add SSH key

<div align="left"><figure><img src="/files/yY7lybVK9xsI63ynsSMj" alt=""><figcaption></figcaption></figure></div>

Copy and Paste your **PUBLIC** key to the provided box.

### Follow this document [Upload SSH Public Key](/run-a-node/references/ssh-remote-access/upload-ssh-public-key.md).

If the `Name` field does not populate, create a name for the key that will help you identify it later.

Click the `Add SSH key` button.

<div align="left"><figure><img src="/files/CceBdohwEehZJVEcWgcf" alt=""><figcaption></figcaption></figure></div>

Select your SSH key if not already checked.

{% endstep %}

{% step %}

### Volumes

We can skip this section
{% endstep %}

{% step %}

### Firewalls

We can skip this section.  We will handle this in the next few steps.
{% endstep %}

{% step %}

### We can skip all the remaining sections

Leave set to their defaults
{% endstep %}

{% step %}

### Create & Buy now

<div align="left"><figure><img src="/files/PvpMuPFHJMe2Hv06W6RB" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

### Creation complete

Our server should populate into our server dashboard.

<div align="left"><figure><img src="/files/CVngcTl8fYRUpAfnxMP2" alt=""><figcaption></figcaption></figure></div>

Record the `public ip address` for later.
{% endstep %}

{% step %}

### Firewalls

Rest your mouse over the :house: button on the left side panel.

Choose `Firewalls`.

<div align="left"><figure><img src="/files/FdQ7j8gY5spWtjFpGfwO" alt=""><figcaption></figcaption></figure></div>

From the `Inbound rules` section, you should see a `TCP` :arrow\_right: `22` rule.

**Please refer to** [**Wide Open SSH Access**](/run-a-node/references/ssh-remote-access/securing-ssh-access.md) **document for details on the security implications of allowing any system that is connected to the internet to have access to your `SSH` port.  This document contains instructions on how to determine your local IP address for entry in this section.**

If you decide to leave your SSH access wide open you can skip to the next step. &#x20;

Click on `Any IPv4` it will turn red, click the <kbd>delete</kbd> to remove it.

Click on `Any IPv6` it will turn red, click the <kbd>delete</kbd> to remove it.

Type in the `IP address` you retrieved that is allocated to your local system into the same box to replace the `Any IPv4` and `Any IPv6` entries, and hit enter.

Replace the `Add description` with `SSH`&#x20;

<figure><img src="/files/otxptlcd6PClYYiExAde" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

### Create Layer1 Rule

This rule is designed for validator Hypergraph hybrid DAG layer1 and Dor data layer1 nodes.

Click on `Add rule`

<div align="left"><figure><img src="/files/tySpWDCYV373t5Kad8lz" alt=""><figcaption></figcaption></figure></div>

Leave the `Any IPv4` and `Any IPv6` entries.

Leave the `TCP` protocol type

Replace in `9010` for the `Port`

Replace in `9011` in the `Port range`&#x20;

Replace `Add description` with `Layer1`&#x20;

<figure><img src="/files/UKdhxurXK3zzYWwQh0uV" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

### <mark style="color:red;">Hypergraph Validator Node Only</mark>

{% hint style="danger" %}
Dor data layer1 nodes do not use these port settings.  Open these ports will offer attackers an open port to your VPS without a service listening on the inside.  This is not recommended.
{% endhint %}

Repeat the previous step to add a rule for `Layer0`.

Ports `9000` and `9001`.

<figure><img src="/files/WRH5hGD7YZrSKEDL1ayz" alt=""><figcaption></figcaption></figure>

Click on the `Create Resource` button.

Choose `Servers`.

<div align="left"><figure><img src="/files/CSR0UD4j1tsCUCL66s0P" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

### Outbound rules

Skip this section
{% endstep %}

{% step %}

### Apply to

Click on `Select Resources` :arrow\_right: `Server`.

Choose our server name from the list.
{% endstep %}

{% step %}

### Labels

Skip this section
{% endstep %}

{% step %}

### Name our firewall policy

<div align="left"><figure><img src="/files/ugMlgCKWLBk3IGZX8N6a" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

### Create our firewall

<div align="left"><figure><img src="/files/rAbwEELT9QJzg65KYVYh" alt=""><figcaption></figcaption></figure></div>
{% endstep %}
{% endstepper %}

## Complete

### You have successfully launched a Server instance on Hetzner, Congratulations!

You are now ready to continue to connect to your node for the first time, install nodectl and turn your VPS into a Constellation Network Validator Node!


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.constellationnetwork.io/run-a-node/validator-node-guides/build-your-node/cloud-provider-specific/build-hetzner-server.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.