Deploy Hermes AI Agent with Docker, automatic HTTPS, and authentication. This guide works for both AI assistants (e.g., via Devopness MCP Server, Devopness API) and manual setup through the web interface.
What is Hermes? #
Hermes is an autonomous AI agent that can write code, deploy applications, browse the web, integrate with Slack and GitHub, and automate repetitive tasks. It works like having a developer on your team.
Deploying AI agents typically requires complex server configuration, Docker expertise, and manual SSL certificate management. This guide shows you how to deploy Hermes using Devopness, which handles all the infrastructure automatically.
What You'll Build #
By the end of this guide, you'll have Hermes AI Agent deployed and running:
- Running 24/7 on your cloud infrastructure
- Accessible via secure HTTPS dashboard (
https://hermes.example.com
) - Protected by username/password authentication for trusted/private access, with OAuth/OIDC recommended for public internet deployments
- With persistent storage that survives deployments
- Auto-renewing SSL certificates (every 90 days)
- Ready to integrate with Slack, GitHub, and other services
This guide is for: Anyone who wants to deploy Hermes to a cloud server, without manual configuration. Works with any AI assistant or via Devopness web UI.
Don't have a Devopness account yet? Create your free account to get started.
Pro Tip: Let AI Do the Work #
You can have an AI assistant (e.g., Claude Code, Cursor, Cline, Windsurf) execute this entire deployment for you using the Devopness MCP Server.
Copy this prompt to your AI assistant:
Read the Hermes deployment guide at
[https://www.devopness.com/blog/deploy-hermes-ai-agent-devopness]and execute it step by step using Devopness MCP tools.
Your AI assistant will handle the deployment while keeping you informed at key decision points.
Prerequisites #
An Environment with Credentials Ready
In Devopness, you work inside "Environments" (Development, Staging, or Production). You'll need an environment with:
A Cloud Provider Credential- So Devopness can create servers for you (AWS, Azure, Google Cloud, DigitalOcean, Hetzner, or any cloud provider) - A GitHub Credential- So Devopness can download Hermes' code (GitHub Personal Access Token) - An LLM Provider Account- So Hermes can use AI (OpenRouter, OpenAI, Anthropic, Groq, or Ollama Cloud)
Need help setting up? Follow this guide first: How to Create an Environment
Step 1: Create the Server #
Create a server with these specifications:
Name:hermes-server
Cloud Provider: AWS, Azure, GCP, DigitalOcean, Hetzner, or others** Region**: Choose the closest to your users** Instance Size**: 4GB RAM minimum, 20GB disk** Operating System**: Latest Ubuntu LTS
Why these specs: Hermes requires 4GB RAM for browser automation and AI tasks. Ubuntu LTS provides long-term security updates.
Step 2: Create the Application #
Create an application with these settings:
Name:hermes-agent
(lowercase, no spaces)Source Provider: GitHub** Repository**:NousResearch/hermes-agent
Branch:main
Programming Language: Docker** Root Directory**:/
Build Command:
docker compose -p ${APPLICATION_NAME} pull && docker compose -p ${APPLICATION_NAME} up -d && docker compose -p ${APPLICATION_NAME} logs || { docker compose -p ${APPLICATION_NAME} logs; exit 1; }
Step 3: Add the Storage Path Variable #
Create an environment variable for persistent storage:
Key:APPLICATION_PATH
Value:/home/devopness/hermes-agent
(replacehermes-agent
with your app name)Target: OS Environment Variable** Visibility**: Visible
Why: Defines where Hermes stores chat history, API keys, browser sessions, and uploaded files. Without this, every deployment resets to factory defaults.
Step 4: Add Configuration Files #
Create three configuration files.
File 1: .env
Prepare the following values and replace them in the file content below:
HERMES_DASHBOARD_BASIC_AUTH_PASSWORD
- use a strong password (20+ characters)
HERMES_DASHBOARD_BASIC_AUTH_SECRET
- use a random 32+ character string (generate at[https://generate-random.org/api-token-generator]or run
openssl rand -base64 32
)
Description: Dashboard settings and authenticationPath:.env
Content:
CONTAINER_NAME=${APPLICATION_NAME}-hermes
HERMES_UID=__DEVOPNESS_UID__
HERMES_GID=__DEVOPNESS_GID__
HERMES_DASHBOARD=true
HERMES_DASHBOARD_HOST=0.0.0.0
HERMES_DASHBOARD_PORT=9119
HERMES_DASHBOARD_BASIC_AUTH_USERNAME=agent
HERMES_DASHBOARD_BASIC_AUTH_PASSWORD=CHANGE_THIS_PASSWORD
HERMES_DASHBOARD_BASIC_AUTH_SECRET=CHANGE_THIS_SECRET
HERMES_SHM_SIZE=1g
HERMES_MEMORY_LIMIT=4G
HERMES_MEMORY_RESERVATION=2G
HERMES_CPU_LIMIT=2.0
File 2: .env.hermes
Description: LLM provider API keys and integrationsPath:.env.hermes
Content:
TERMINAL_ENV=local
🔸 Note: This file is the source of truth for environment variables and is copied to persistent storage on every deployment. Changes made directly in the Hermes dashboard or inside ${APPLICATION_PATH}/data/.env
will be overwritten on the next deployment. Add long-lived API keys and integration secrets to .env.hermes
, then redeploy.
File 3: docker-compose.yml
Description: Container configuration and resourcesPath:docker-compose.yml
Content:
services:
hermes:
image: nousresearch/hermes-agent:v2026.6.5
container_name: ${CONTAINER_NAME}
restart: unless-stopped
command: gateway run
privileged: true
volumes:
- ${APPLICATION_PATH}/data:/opt/data
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- .env
ports:
- "127.0.0.1:${HERMES_DASHBOARD_PORT}:${HERMES_DASHBOARD_PORT}"
shm_size: ${HERMES_SHM_SIZE:-1g}
deploy:
resources:
limits:
memory: ${HERMES_MEMORY_LIMIT:-4G}
cpus: "${HERMES_CPU_LIMIT:-2.0}"
reservations:
memory: ${HERMES_MEMORY_RESERVATION:-2G}
networks:
- hermes-net
networks:
hermes-net:
driver: bridge
name: ${APPLICATION_NAME}-network
🔹 Tip: Check Docker Hub for newer versions. Always pin to a specific version tag (not latest
) for reproducible deployments.
🔸 Security note: This configuration uses privileged: true
and mounts /var/run/docker.sock
. Required for Hermes to run Docker commands and browser automation, but gives the container elevated access to the host. Deploy with HTTPS and strong authentication.
Step 5: Configure the Deployment Pipeline #
Update your deployment pipeline settings:
Max Parallel Actions: Set to1
(prevents deployment conflicts where outdated configurations could override newer ones)
Add three custom pipeline steps in this order:
Step 1: Create Hermes Storage
Position: After "Get source from Git repository"Name:Create Hermes storage
Command:
mkdir -p ${APPLICATION_PATH}/data && \
chown devopness:devopness ${APPLICATION_PATH}/data
Step 2: Update UID/GID Placeholders
Position: After "Create Hermes storage"Name:Update UID/GID placeholders
Command:
DEVOPNESS_UID=$(id -u devopness) && \
DEVOPNESS_GID=$(id -g devopness) && \
sed -i "s/__DEVOPNESS_UID__/${DEVOPNESS_UID}/g" .env && \
sed -i "s/__DEVOPNESS_GID__/${DEVOPNESS_GID}/g" .env
Why: Aligns container user permissions with host filesystem.
Step 3: Copy Hermes Configuration
Position: After "Activate current build"Name:Copy Hermes configuration to data folder
Command:
cp .env.hermes ${APPLICATION_PATH}/data/.env && \
chmod 600 ${APPLICATION_PATH}/data/.env && \
chown devopness:devopness ${APPLICATION_PATH}/data/.env
Why: Copies API keys to persistent storage so they survive deployments.
Step 6: Deploy Hermes #
Deploy the application:
Pipeline: Deploy pipeline (already configured)Source: Branchmain
Servers: Select the server created in Step 1
Deployment takes 5-8 minutes on first run (downloads Docker images, builds the container).
Devopness redirects you to the Action page where you can watch the deployment live. Wait for the action to complete.
Step 7: Test Your Deployment (Optional) #
🔹 Tip: If you have a domain ready, skip to Step 8 for HTTPS setup.
Find and edit the auto-generated virtual host for your server (hostname matches your server's public IP address):
Application: Select your Hermes applicationApplication Listen Address:http://localhost:9119
Deploy and wait for the action to complete. Then test access at http://YOUR_SERVER_IP
. You should see the Hermes login page (username: agent
, password: from your .env
file).
Authentication Security Notice #
This guide uses HTTP Basic Authentication (username/password), suitable for trusted networks or VPN access.
Best practices:
- Use a strong password (20+ random characters)
- Deploy with HTTPS enabled
- Consider IP whitelisting for additional security
For public internet deployments, use OAuth (e.g., Nous Portal) or self-hosted OIDC (e.g., Keycloak, Auth0, Okta). For further instructions, see Hermes documentation.
Step 8: Setup HTTPS with Custom Domain (Optional) #
Point your domain to your server's IP address (A record).
Create a name-based virtual host:
Domain:hermes.example.com
Application: Select your applicationApplication Listen Address:http://localhost:9119
Create an SSL certificate:
Virtual Host: Select the virtual host created aboveCertificate Authority: Let's Encrypt
Test access to https://hermes.example.com
- you should see the Hermes login page with a valid SSL certificate.
Step 9: Configure and Test Hermes #
Add your LLM provider API key to .env.hermes
:
OPENROUTER_API_KEY=sk-or-v1-...
Redeploy the application.
In the Hermes dashboard:
- Go to Models→ select your provider and model - Go to Chat→ send a test message
Done! Your Hermes AI Agent is deployed and ready to use.
Next Steps #
Your AI assistant is now running and ready to automate tasks.