Deploy Secure Cloud Infrastructure on Hetzner

Production-ready Terraform configuration for automated deployment of a complete cloud architecture on Hetzner Cloud. Features bastion host, isolated private network, and full application stack with MariaDB, OpenSearch, Redis, and RabbitMQ.

Get Started View on GitHub

Key Features

๐Ÿ”’

Complete Isolation

Private servers with no public IP, not directly reachable from the Internet for maximum security.

๐Ÿšช

Bastion Host

Single SSH access point with public IP, acts as NAT gateway and DNS server for internal network.

๐ŸŒ

Private Network

Hetzner Cloud Network (10.0.0.0/16) with automatic routing and internal DNS resolution.

๐Ÿ—„๏ธ

Complete Stack

MariaDB, PHP-Nginx, OpenSearch, Redis, and RabbitMQ all configured and ready to use.

๐Ÿ“Š

Monitoring

Netdata installed on all servers with basic auth authentication and reverse proxy access.

๐Ÿ’พ

Database Backup

Automated backup service with secure remote access for MariaDB databases.

๐Ÿ”‘

Automatic SSH Keys

Internal SSH keys automatically generated by Terraform for secure bastion-to-server communication.

๐Ÿณ

Docker Ready

All services run in Docker containers with persistent storage and proper configuration.

๐Ÿ”ง

Fully Customizable

Extensive terraform.tfvars configuration with sensible defaults and detailed documentation.

Network Architecture

Secure, isolated infrastructure with bastion host acting as gateway

๐Ÿšช Bastion Host

NAT Gateway + DNS Server

Public IP + 10.0.0.2

๐Ÿ—„๏ธ Database

MariaDB in Docker

10.0.0.4

๐Ÿ˜ PHP-Nginx

Application Server

10.0.0.3

๐Ÿ” OpenSearch

Search Engine

10.0.0.5

๐Ÿ’พ Redis

Cache & Sessions

10.0.0.6

๐Ÿฐ RabbitMQ

Message Queue

10.0.0.7

Security Note: All private servers have NO public IP and are completely isolated from direct Internet access. All traffic routes through the bastion host with NAT.

Getting Started

Quick Start

# Clone the repository
git clone https://github.com/francesco-oghabi/scalable-web-application-terraform-hetzner.git
cd scalable-web-application-terraform-hetzner

# Create configuration file
cp terraform.tfvars.template terraform.tfvars
# Edit terraform.tfvars with your Hetzner API token and settings

# Initialize Terraform
terraform init

# Review deployment plan
terraform plan

# Deploy infrastructure (10-15 minutes)
terraform apply --auto-approve

Prerequisites

  • Terraform >= 1.0
  • Hetzner Cloud account with API token
  • SSH key added to Hetzner Cloud project
  • Local SSH key for connection (default: ~/.ssh/id_rsa)

Server Configuration

Server Private IP Recommended Type Services
Bastion Host 10.0.0.2 cx11 NAT, DNS, SSH Gateway
PHP-Nginx 10.0.0.3 cx22+ PHP 8.3-FPM, Nginx, Certbot
Database 10.0.0.4 cx22+ MariaDB, Backup Service
OpenSearch 10.0.0.5 cx32+ Full-text Search
Redis 10.0.0.6 cx22+ Cache, Sessions
RabbitMQ 10.0.0.7 cx22+ Message Broker

Infrastructure Components

๐Ÿšช Bastion Host

  • NAT Gateway with iptables
  • Internal DNS server (dnsmasq)
  • SSH jump host for private servers
  • Nginx reverse proxy for Netdata
  • Automated SSH key generation

๐Ÿ—„๏ธ MariaDB Database

  • Docker containerized deployment
  • Persistent storage with volumes
  • Read-only user for monitoring
  • Automated backup support
  • Secure remote backup service

๐Ÿ˜ PHP-Nginx Server

  • PHP 8.3-FPM with Nginx
  • Certbot for Let's Encrypt SSL
  • Composer for dependency management
  • Docker support included
  • Magento-optimized configuration

๐Ÿ” OpenSearch

  • Full-text search engine
  • Plugins: analysis-phonetic, analysis-icu
  • Configurable heap size
  • Single-node discovery mode
  • Data persistence with volumes

๐Ÿ’พ Redis Cache

  • Version 7.2 in Docker
  • Password authentication
  • AOF persistence enabled
  • Configurable max memory
  • LRU eviction policy

๐Ÿฐ RabbitMQ

  • Message broker with Management UI
  • AMQP protocol support
  • Web interface on port 15672
  • Clustering support ready
  • Persistent message storage

Why Choose This Infrastructure?

๐Ÿ”’ Security First

Complete network isolation with bastion host, no direct Internet access to backend servers, and automated security updates.

โšก Production Ready

Battle-tested configuration used in real production environments with comprehensive monitoring and backup solutions.

๐Ÿ’ฐ Cost Effective

Hetzner Cloud offers excellent price-performance ratio. Start from โ‚ฌ20/month for complete stack.

๐Ÿ“š Well Documented

Extensive README with step-by-step guides for installation, configuration, SSL setup, and troubleshooting.

๐Ÿ”ง Easy Maintenance

Simple terraform commands for updates, built-in reboot scripts, and clear infrastructure outputs.

๐Ÿš€ Fast Deployment

Complete infrastructure deployed in 10-15 minutes with a single terraform apply command.

Perfect For

๐Ÿ›’ E-commerce

Deploy Magento 2 or other e-commerce platforms with all required services pre-configured.

๐Ÿ“ฑ Web Applications

Host modern PHP applications with caching, search, and message queue capabilities.

๐Ÿงช Development & Staging

Quickly spin up complete environments for testing and development at minimal cost.

๐ŸŽ“ Learning DevOps

Learn Infrastructure as Code, networking, and cloud deployment best practices.

Ready to Deploy?

Start building your secure cloud infrastructure on Hetzner today

View on GitHub Visit Oghabi.it