{"slug": "how-to-run-hermes-agent-24-7-on-a-vps-steven-s-setup-guide", "title": "How to run Hermes Agent 24/7 on a VPS — Steven's Setup Guide", "summary": "A developer has published a step-by-step guide for running the open-source Hermes Agent AI assistant 24/7 on a virtual private server (VPS) for as little as $5 per month. The setup, which connects the agent to messaging apps like Telegram and Discord for continuous task execution, requires no prior Linux or sysadmin experience and relies on external APIs for heavy AI processing. The guide recommends using a dedicated VPS with separate credentials and SSH key authentication to isolate security risks from personal accounts.", "body_md": "This guide is for anyone who wants to run Hermes Agent always-on without keeping their personal computer on. It's written for beginners — you don't need to know Linux or sysadmin work to get this working.\n\nHermes is an open-source AI agent from [Nous Research](https://github.com/NousResearch/hermes-agent). It runs on a server (or VPS), connects to your messaging apps (Telegram, Discord, etc.), and can execute tasks, browse the web, manage files, and more — 24 hours a day, 7 days a week.\n\nThe heavy AI processing happens via external API (OpenRouter, OpenAI, etc.) — the VPS just runs the coordinator.\n\nA VPS (Virtual Private Server) means:\n\n**Your agent runs 24/7**— no need to keep your laptop on** You can access it from anywhere**— phone, tablet, any computer** It stays secure**— no exposed ports on your personal machine** It's cheap**— decent VPS plans start at ~$5/month\n\n| Provider | Price | Best For | Setup Difficulty |\n|---|---|---|---|\nHetzner CX22 |\n~$5/mo | Best price-to-performance | Medium (manual Docker) |\nHostinger VPS |\n~$5-9/mo intro | Beginners — one-click Hermes template | Very Easy |\nOracle Free Tier |\nFree (if you can get it) | Max specs for zero cost | Medium-Hard |\n\n**Plan:** CX22~~4.51 EUR/mo (~~$4.80-5 USD)**Specs:** 2 vCPU, 4 GB RAM, 40 GB NVMe SSD**Why:** Consistently praised in the community. Reliable, stable pricing, good EU locations.**Con:** Manual Docker setup — not one-click, but straightforward.**Best for:** Cost-conscious users who want long-term reliability.\n\n**Plan:** KVM 1 or KVM 2 (intro pricing ~$5-9/mo, renews higher)**Why:** They have an**official one-click Docker template for Hermes Agent**. Fastest setup. Lots of YouTube tutorials.** Con:**Renewal pricing is higher than intro. Some mixed long-term feedback.** Best for:**First-time VPS users who want quick deployment without deep sysadmin work.\n\n**Specs:** Up to 4 ARM vCPU + 24 GB RAM**Why:** Extremely powerful, completely free.**Con:** Often sold out for new accounts. ARM architecture (check compatibility). Account risk if you exceed limits.**Best for:** Users willing to try for the free tier or already have access.\n\n**Best value:** Hetzner CX22 — ~$5/mo**Easiest setup:** Hostinger — one-click Hermes template**Best free option:** Oracle Free (if you can get it)**Pre-built image:** Lightnode — ~$10/mo with Hermes-ready image\n\nThis is one of the most important setup decisions you'll make.\n\n**Treat your VPS as its own operator — not an extension of your personal accounts.**\n\n- Create a\n**separate email** for the VPS (e.g., vps-admin@[yourdomain].com) - Create a\n**new GitHub account** or use a dedicated GitHub token scoped only to what the agent needs **Never give the VPS your personal GitHub credentials**- Use scoped permissions — the agent should only have access to what it needs, not full read/write to everything\n\nWhy this matters:\n\n- If the VPS is ever compromised, the damage is isolated\n- You can rotate credentials without affecting your personal accounts\n- It makes it clear who's doing what in your agent logs and Git history\n\nMost tutorials and guides assume Ubuntu. Stick with the LTS (Long Term Support) version.\n\n```\n# On your local machine — generate an SSH key if you don't have one\nssh-keygen -t ed25519 -C \"vps-hermes\"\n\n# Copy it to your VPS\nssh-copy-id -i ~/.ssh/id_ed25519.pub your_vps_ip\n\n# Then disable password authentication on the VPS\nsudo nano /etc/ssh/sshd_config\n# Set: PasswordAuthentication no / PermitRootLogin no / PubkeyAuthentication yes\nsudo systemctl restart sshd\n```\n\nNever run your agent as root. Create a dedicated user:\n\n```\n# Create a new user\nsudo adduser hermes\nsudo usermod -aG sudo hermes\n\n# Switch to that user\nsu - hermes\n# Enable UFW (Uncomplicated Firewall)\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\nsudo ufw allow 22/tcp    # SSH\nsudo ufw allow 80/tcp    # HTTP (for Let's Encrypt later)\nsudo ufw allow 443/tcp  # HTTPS\nsudo ufw enable\n```\n\nHostinger has an official one-click Docker template for Hermes. Use their control panel — search for \"Hermes\" in the templates/marketplace section and follow the wizard.\n\nThis dramatically reduces the setup complexity. You'll still need to configure environment variables (see below).\n\n```\n# Update the system\nsudo apt update && sudo apt upgrade -y\n\n# Install Docker\ncurl -fsSL https://get.docker.com | sh\n\n# Add your user to the docker group\nsudo usermod -aG docker hermes\n\n# Log out and back in for group to take effect\n# Then verify\ndocker --version\n# Clone the Hermes Agent repo\ngit clone https://github.com/NousResearch/hermes-agent.git\ncd hermes-agent\n\n# Copy the environment template\ncp .env.example .env\n\n# Edit the .env file with your settings\nnano .env\n```\n\nKey environment variables:\n\n```\n# Telegram bot token (get from @BotFather on Telegram)\nTELEGRAM_BOT_TOKEN=[REDACTED]\n\n# Your OpenRouter or OpenAI API key (for AI processing)\nOPENROUTER_API_KEY=[REDACTED]\n\n# Admin Telegram ID (so only you can talk to it)\nADMIN_TELEGRAM_ID=[REDACTED]\n# Start Hermes via Docker\ndocker compose up -d\n\n# Check the logs\ndocker compose logs -f\n```\n\n**Never expose your VPS ports to the public internet.** Use a tunnel instead.\n\nYou already use Cloudflare for domains. This is the easiest secure path.\n\n**How it works:** Your VPS makes an outbound connection to Cloudflare. Anyone wanting to access your agent goes through Cloudflare — no open ports on your VPS.\n\n```\n# Install cloudflared on your VPS\ncurl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o cloudflared\nchmod +x cloudflared\nsudo mv cloudflared /usr/local/bin/\n\n# Authenticate (you'll need your Cloudflare API token)\ncloudflared tunnel login\n\n# Create a tunnel\ncloudflared tunnel create hermes-agent\n\n# Route it to your domain\ncloudflared tunnel route dns hermes-agent your-domain.com\n\n# Run the tunnel\ncloudflared tunnel run --token [YOUR_TUNNEL_TOKEN]\n```\n\nFor the full Cloudflare Tunnel setup walkthrough, see the [official docs](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/).\n\nTailscale creates a VPN mesh between your devices. Good if you want SSH access from anywhere plus web dashboard access.\n\n```\n# Install Tailscale on your VPS\ncurl -fsSL https://tailscale.com/install.sh | sh\n\n# Connect (you'll get a one-click link from the Tailscale admin console)\nsudo tailscale up --accept-routes\n```\n\n**Cloudflare Tunnel vs Tailscale:**\n\n| Cloudflare Tunnel | Tailscale | |\n|---|---|---|\n| Best for | Web dashboards, HTTPS | Full SSH, any port/service |\n| Setup | Easier | Slightly more complex |\n| Encryption | Cloudflare terminates TLS | True end-to-end (WireGuard) |\n| DDoS protection | Excellent (built-in) | None (you handle it) |\n| Client needed? | No | Yes (on your devices) |\n\n**Recommendation:** Start with Cloudflare Tunnel (you're already in the Cloudflare ecosystem). You can add Tailscale later if you want easier SSH access.\n\nOnce Hermes is running and your tunnel is active, you'll set up Telegram.\n\n- Open Telegram and chat with\n**@BotFather** - Send\n`/newbot`\n\n- Follow the prompts — give it a name and username\n- Copy the bot token — this goes in your\n`.env`\n\nfile as`TELEGRAM_BOT_TOKEN`\n\nWith Cloudflare Tunnel running, your agent's web dashboard is accessible via your domain. You'll also receive messages in Telegram once the bot is connected.\n\nConfigure in your `.env`\n\n:\n\n```\nTELEGRAM_BOT_TOKEN=[your bot token from BotFather]\nADMIN_TELEGRAM_ID=[your Telegram user ID — get it from @userinfobot]\n```\n\nYour Telegram bot is public by default — anyone who finds the URL can message it. Use `ADMIN_TELEGRAM_ID`\n\nto restrict access so only you can control the agent. Combine with Cloudflare Tunnel so the dashboard isn't publicly indexed.\n\nOnce your VPS is set up, you'll access it via SSH:\n\n```\n# Standard SSH\nssh -i ~/.ssh/your_key.pem hermes@your_vps_ip\n\n# With Tailscale (from anywhere, if connected to your tailnet)\nssh hermes@hostnamefromtailscale\n```\n\nAdd this to your local `~/.ssh/config`\n\n:\n\n```\nHost vps-hermes\n    HostName your_vps_ip\n    User hermes\n    IdentityFile ~/.ssh/your_key.pem\n    ForwardAgent yes\n```\n\nThen simply run: `ssh vps-hermes`\n\n**MCP (Model Context Protocol)** is the recommended long-term access method — it's more token-efficient than SSHing in, and lets you connect to your Hermes agent from any computer without needing to maintain an SSH session.\n\nInstead of opening an SSH tunnel and running commands live, MCP lets you make API calls to your running agent from any client that supports MCP (including code editors and other AI tools).\n\nTo set up MCP with your Hermes agent:\n\n**Enable the MCP server** in your Hermes configuration — this exposes a local MCP endpoint**Configure your MCP clients**(Claude Desktop, Cursor, Zed, etc.) to connect to your VPS's MCP endpoint** Authenticate**— use a scoped token so the connection is secure\n\nThis is the direction the Hermes community is moving. It's cleaner than SSH for most use cases, and it's what Devon uses for his production setup.\n\nSSH is still the right choice for initial server setup, troubleshooting, and when you need direct terminal access. MCP is your ongoing interface.\n\nDocker Compose handles restarts automatically, but add a watchdog for extra reliability:\n\n```\n# Install tmux to keep your session alive\nsudo apt install tmux\n\n# Create a named tmux session\ntmux new -s hermes\n\n# Run your docker compose inside\ndocker compose up -d\n\n# Detach from tmux with Ctrl+B, then D\n# Reattach later with: tmux attach -t hermes\n```\n\nA simple cron job that checks if Hermes is running and restarts it if not:\n\n```\n# Add to crontab\ncrontab -e\n\n# Check every 5 minutes\n*/5 * * * * /home/hermes/check_hermes.sh\n```\n\nWhere `check_hermes.sh`\n\ncontains:\n\n``` bash\n#!/bin/bash\nif ! docker ps | grep -q hermes-agent; then\n    cd /home/hermes/hermes-agent\n    docker compose up -d\n    echo \"$(date): Hermes restarted\" >> /home/hermes/hermes.log\nfi\n```\n\nThese are the minimum rules for keeping your VPS safe:\n\n**SSH keys only**— no password authentication** Non-root user**— run your agent as a regular user, not root** Cloudflare Tunnel or Tailscale**— no open ports on the VPS** ufw/firewall enabled**— only allow ports you explicitly need** Fail2ban**— prevents brute force attacks on SSH\n\n```\n# Install fail2ban\nsudo apt install fail2ban -y\nsudo systemctl enable fail2ban\nsudo systemctl start fail2ban\n```\n\n**Regular updates:**\n\n```\n# Weekly update script\nsudo apt update && sudo apt upgrade -y\n```\n\n**Scoped GitHub credentials**— the VPS agent has only the permissions it needs, nothing more** No credentials in public repos**— all tokens/keys go in`.env`\n\nor environment variables, never hardcoded\n\nThese are the durable practices that make running an always-on agent sustainable:\n\nThink of yourself as the CEO. You define what needs to be done, then let the agent execute. Don't try to micromanage every step.\n\n- Agents should leave evidence of what they did (comments, logs, saved files)\n- If something fails, report what was accomplished before the failure — not just \"it failed\"\n- Escalate to a human only for: architecture decisions, security issues, risky changes\n\n- Work flows through issues/tasks, not just chat memory\n- One task at a time, with clear completion criteria\n- Improvements and lessons learned become issues, not just chat notes\n\nStable patterns get promoted:\n\n- Repeated procedure — skill (automated)\n- Lesson learned — documentation\n- Decision made — decision log (with rationale)\n- Evidence gathered — research file\n\n- Route simple tasks to cheaper models\n- Save the strongest models for tasks that actually need reasoning\n- Track API costs — this is where the real spending is (not the VPS)\n\n[Hermes Agent GitHub](https://github.com/NousResearch/hermes-agent)[digitalknk/openclaw-runbook](https://github.com/digitalknk/openclaw-runbook)— community runbook (may need updating for latest Hermes)[Cloudflare Tunnel Docs](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/)[Tailscale](https://tailscale.com/)— VPN mesh for secure access[Hetzner Cloud](https://www.hetzner.com/cloud/)— best price/performance VPS[Hostinger VPS](https://www.hostinger.com/vps-hosting)— easiest beginner setup with one-click Hermes\n\nIf something in this guide is outdated or unclear, open an issue on the [Hermes Agent repo](https://github.com/NousResearch/hermes-agent) or reach out to the community on Discord/Reddit.\n\n*This guide is maintained by the Main Branch community. Last updated: 2026-05.*", "url": "https://wpnews.pro/news/how-to-run-hermes-agent-24-7-on-a-vps-steven-s-setup-guide", "canonical_source": "https://gist.github.com/thothagent/0e581c97f527f0ae2dbdb78e946f81a6", "published_at": "2026-05-20 16:09:37+00:00", "updated_at": "2026-05-27 08:43:53.108948+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "ai-infrastructure", "ai-products", "artificial-intelligence"], "entities": ["Hermes Agent", "Nous Research", "OpenRouter", "OpenAI", "Hetzner", "Hostinger", "Oracle"], "alternates": {"html": "https://wpnews.pro/news/how-to-run-hermes-agent-24-7-on-a-vps-steven-s-setup-guide", "markdown": "https://wpnews.pro/news/how-to-run-hermes-agent-24-7-on-a-vps-steven-s-setup-guide.md", "text": "https://wpnews.pro/news/how-to-run-hermes-agent-24-7-on-a-vps-steven-s-setup-guide.txt", "jsonld": "https://wpnews.pro/news/how-to-run-hermes-agent-24-7-on-a-vps-steven-s-setup-guide.jsonld"}}