If you’re exploring high-performance infrastructure for your next private cluster project, Hetzner’s bare metal offering is one of the best bangs for your buck. Whether you’re a home-lab enthusiast or a startup tinkering with production-grade setups, Hetzner gives you raw power without breaking the bank.

In this first part of the series, I’ll walk through:

• Procuring a bare metal server via Hetzner’s auction

• Getting through the verification (KYC) process

• Choosing the right payment method

• Securing login via SSH keys

• Picking the right OS and data center

• A teaser for what’s coming next

Step 1: Buy a Server from Hetzner Auction

Hetzner’s server auction is a hidden gem. I’ve found some seriously capable machines at great prices compared to their regular offerings.

Recommended spec for a private cluster node:

• CPU: Intel Xeon (e.g., E5-2670 v3 or better)

• Memory: 128 GB ECC DDR4

• Storage: 2 x 240 GB SSD in RAID 1 (for redundancy)

• Network: 1 Gbps port

These machines are more than enough for running a Kubernetes master, CI/CD jobs, or small VM clusters. Keep in mind that the auction servers are used or refurbished, but they’re tested and quite reliable.

Step 2: Account Verification (KYC for Indian Customers)

Before I could start using the server, Hetzner asked for identity verification. As an Indian customer, I had to go through their KYC process. This included:

• Uploading a government-issued ID

• Submitting address proof (like a utility bill or bank statement)

• Sometimes recording a short video or selfie for verification

This is covered in Hetzner’s account verification documentation.

Note: The process can take anywhere from 24 to 72 hours. It may take longer on weekends or if the documents need manual review, so it’s best to factor that into your setup timeline.

Step 3: Payment Methods

Hetzner supports multiple payment options:

• Credit or debit cards

• PayPal

• BitPay (for crypto payments)

For my use case, using an international credit card made the most sense. It allows automatic billing every month, which saves me from having to track due dates or process manual payments.

Step 4: Use SSH Key Authentication

Once the server was provisioned, I used SSH key-based authentication to log in. It’s more secure than using passwords and eliminates the risk of brute-force attacks.

To generate a key:

ssh-keygen -t ed25519 -C "your_email@example.com"

I added the public key to Hetzner when I was setting up the server. If you missed it during provisioning, it is easy to add later via the console interface.

Step 5: Choose the Right OS and Data Center

I went with Ubuntu 24.04 LTS for the OS. It’s stable, current, and has wide support across all the tools I plan to use.

For the data center location, I considered network latency and regional performance. My top picks:

• Helsinki (FSN1) – great for workloads targeting Europe and India

• Singapore (SGP1) – better if most traffic is Asia-Pacific based

The location you choose can affect latency and bandwidth, so it’s worth aligning with your traffic pattern.

What’s Next

Now that the server is ready and secured, I’ll move on to setting up a private VPN endpoint that effectively air-gaps the node from the public internet.

In the next part of this series, I’ll cover that setup in detail - including how I configured a secure, private access tunnel and locked down all external exposure.

Stay tuned for Part 2.