SokkoSokko
← Back to blog

AI Agent VPS Hosting: When a Raw VPS Stops Being Enough

Sokko Team10 min read

Why AI agent VPS hosting is the obvious first move

Most people running an autonomous agent for the first time reach for a virtual private server, and that instinct is correct. AI agent VPS hosting is cheap, predictable, and gives you a real Linux box you fully control. A Hetzner CX22 runs about 4 to 5 euros per month for 2 vCPU and 4 GB of RAM, as listed on https://www.hetzner.com/cloud/. A DigitalOcean basic droplet starts at $6 per month. For a single agent that polls a queue, answers a Telegram chat, or runs a research loop overnight, that is plenty of hardware.

The pitch is simple: rent a box, SSH in, install your runtime, start the process, and your agent is online 24/7. No cold starts, no per-request billing, no platform abstractions to learn. If you have deployed a web app to a VPS before, you already know the drill. For the first few weeks this feels like the whole problem is solved.

It usually is, until it isn't. The gap between "my agent runs on a server" and "my agent runs reliably enough that I stop checking on it" is wider than it looks, and every failure mode below is one people hit in production.

If you are still deciding where to run anything at all, start with how to deploy an AI agent for the full path from laptop to production, then come back here for the VPS-specific tradeoffs.

What a single agent actually needs to stay up

Before comparing hosting styles, it helps to name what an always-on agent depends on. These are the things that break at 3 a.m.:

  • Automatic restart. The process will crash. An unhandled promise, an OOM kill, a bad API response. Something takes it down, and it has to come back without you.

  • Persistent workspace. Agents that write files, cache embeddings, or keep a scratch directory need that state to survive restarts and reboots. A clean container every boot loses memory the agent thought it had.

  • Secrets that are not in plaintext. API keys for your model provider, Telegram tokens, database URLs. On a raw VPS these tend to end up in a .env file or, worse, the systemd unit itself.

  • Some access control. The moment a second person can deploy, you need to know who can restart, read logs, or rotate keys.

  • Resource isolation. One runaway agent should not starve the others on the same box.

  • Observability. You need logs, and ideally metrics, without SSHing in and running journalctl by hand.

A raw VPS gives you none of these by default. You bolt each one on yourself. Let's walk the failure modes in order.

Failure mode 1: a crash with nothing to restart it

Run your agent with node index.js inside an SSH session and it dies the moment you disconnect. The fix everyone learns is nohup, then tmux, then eventually a real process supervisor. On a modern Linux box that supervisor is systemd, and it is genuinely good at this job.

Here is a minimal unit that keeps an agent alive and restarts it on any exit:

# /etc/systemd/system/agent.service
[Unit]
Description=My AI agent
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=agent
WorkingDirectory=/opt/agent
EnvironmentFile=/opt/agent/.env
ExecStart=/usr/bin/node /opt/agent/index.js
Restart=always
RestartSec=5
# stop a crash loop from pinning the CPU
StartLimitIntervalSec=60
StartLimitBurst=5

[Install]
WantedBy=multi-user.target

Enable and start it:

sudo systemctl daemon-reload
sudo systemctl enable --now agent.service
journalctl -u agent.service -f

If you prefer containers, Docker gives you the same guarantee with a restart policy:

docker run -d \
  --name agent \
  --restart unless-stopped \
  --env-file /opt/agent/.env \
  -v /opt/agent/workspace:/workspace \
  ghcr.io/your-org/agent:latest

The --restart unless-stopped flag is the important part. It brings the container back after a crash and after a host reboot. Both approaches solve the "process died and stayed dead" problem well. This is the one area where a raw VPS is fully sufficient, so give yourself the systemd or Docker restart policy on day one.

Failure mode 2: no persistent workspace snapshots

Restart is not the same as durability. Your agent restarts fine, but what about the 40 GB of cached documents, the SQLite memory store, or the git checkout it was mid-edit on? On a raw VPS your "backup" is whatever you remember to rsync or whatever your provider snapshots on a schedule you configured once and forgot.

Hetzner and DigitalOcean both offer volume snapshots, typically around $0.05 per GB per month, but they are manual or coarse-grained. There is no per-agent versioned workspace you can roll back to a known-good state. If an agent corrupts its own working directory, and they do, you are restoring a whole-disk snapshot from last night and losing everything since.

For agents whose value lives in accumulated state, this matters a lot. Persistent memory is a first-class concern, not an afterthought. If that is your situation, read cost to run an AI agent 24/7 for how storage and snapshot costs stack up over months.

Failure mode 3: secret sprawl

On one VPS with one agent, a .env file is fine. The problem is that it never stays one agent. Add a second agent, a cron job, a webhook receiver, and suddenly your Telegram token and model API key are copied into three .env files, one systemd EnvironmentFile, and your shell history from when you tested it.

There is no rotation story. When a key leaks, you grep the whole box hoping you find every copy. There is no audit of what read which secret. A raw VPS has no concept of scoped secret access, so every process that can read the disk can read every key.

The honest mitigation on a VPS is to install something like HashiCorp Vault or use age-encrypted files, but now you are running and maintaining a secrets manager on the same box you were trying to keep simple.

Failure mode 4: no RBAC

The first time a teammate needs to "just restart the agent," you hand them the root SSH key or make them a sudoer. There is no middle ground on a raw VPS. You cannot grant "can restart agent, can read logs, cannot read secrets, cannot touch the other agents." It is all or nothing at the shell level.

For a solo hobby project this is a non-issue. For anything a team touches, it is a real security and blast-radius problem. Proper role separation is exactly what RBAC and team management exists to solve, and it is not something you retrofit onto raw SSH access cleanly.

Failure mode 5: noisy-neighbor OOM

Stack several agents on one box to save money and they compete for the same RAM. One agent loads a large model context, spikes to 3 GB, and the Linux OOM killer picks a victim. Sometimes it kills the offender. Often it kills a different, innocent agent, or a database process, because the kernel optimizes for freeing memory, not for fairness.

You can set memory limits with systemd (MemoryMax=1G) or Docker (--memory=1g), and you should. But that only caps each agent; it does not schedule them intelligently or move a hungry one to a box with headroom. On a single VPS, your ceiling is the box, and when you hit it, something dies.

Raw VPS vs managed runtime: an honest comparison

Here is the tradeoff laid out. Neither column is "wrong." They serve different stages.

ConcernRaw VPS (Hetzner / DigitalOcean)Managed agent runtime
Starting cost~$5/month, very predictableHigher per-agent, includes the platform
Automatic restartYou configure systemd or DockerBuilt in
Persistent workspaceManual snapshots, whole-diskPer-agent versioned workspace
Secrets.env files, DIY VaultScoped secret store with rotation
RBACRoot SSH or nothingRoles per user and per agent
Resource isolationYou set limits; box is the ceilingScheduler spreads load across nodes
Observabilityjournalctl, DIY GrafanaLogs and metrics out of the box
Egress controliptables by handAllow-rules per agent
Time to first agentMinutesMinutes
Time to a hardened fleetWeeks of ops workSame afternoon
Who maintains itYou, foreverThe platform

The pattern is clear. A raw VPS wins on day one and on cost for a single agent. A managed runtime wins the moment you have multiple agents, more than one person, or state you cannot afford to lose. That is the honest ceiling of AI agent VPS hosting: unbeatable for one agent, and increasingly costly in effort past that.

How do I decide between a VPS and a managed runtime?

Use these rules of thumb. Stay on a raw VPS when:

  1. You are running one or two agents.

  2. You are the only operator.

  3. The agent is stateless or its state is cheap to rebuild.

  4. You genuinely enjoy the ops work, or want to learn it.

Move to a managed runtime when any of these become true:

  1. You have three or more agents to keep straight.

  2. A second person needs scoped access.

  3. Losing the agent's workspace would cost real money or time.

  4. You are spending more evenings on the server than on the agent.

  5. Compliance or a client requires audit logs and secret rotation.

The break-even is rarely about raw compute cost. A $5 VPS is cheaper than any managed plan on the invoice. The real cost is your time spent rebuilding restart, snapshots, secrets, RBAC, and observability, one Stack Overflow answer at a time, and then maintaining all of it.

Where Sokko fits

When the raw VPS math stops working, this is the gap Sokko fills. It is a managed platform for running AI agents like OpenClaw, Hermes, and OpenSRE 24/7, and it ships the exact list above as defaults: a persistent per-agent workspace, a scoped secret store with rotation, roles across your team, egress rules so an agent only reaches the hosts you approve, and built-in logs and metrics. You do not run the servers or write systemd units; Sokko handles that layer. If you have outgrown one box but do not want to run infrastructure to keep five agents alive, that is the trade Sokko is built for. If you are still at one agent on one VPS and happy, keep your $5 droplet; there is no shame in the simple setup working.

The bottom line

AI agent VPS hosting is the right place to start and a fine place to stay for small, single-operator setups. Give yourself a systemd unit or a Docker restart policy on day one and you have solved the most common failure by yourself. The reasons to leave are not about the price of the box. They are persistent state you cannot lose, secrets that outgrow a .env file, teammates who need scoped access, and agents that fight over RAM. When two or three of those hit at once, the weeks of ops work to harden a raw VPS start to cost more than a managed runtime that hands you all of it on day one. Know which stage you are in, and pick the boring option for that stage.