Your Home Lab Needs One Box It Doesn’t Control
Your home lab is humming. Services are running. Drives are spinning. It’s great — until you need something that lives on the public internet and you’d rather not expose your home IP, punch holes in your router, or trust your ISP’s asymmetric upload with anything important.
You need one VPS. One cheap box in the cloud that handles the stuff your home NAT can’t: off-site backups, a Tailscale relay or Headscale server, a public-facing reverse proxy, a small always-on service that can’t handle 10-minute reboots when you forget to pay the power bill.
Three names come up every time: Hetzner, DigitalOcean, and Vultr.
They all sell small Linux VMs. The experience of choosing, configuring, and paying for them is about as similar as shopping at Aldi, Whole Foods, and a Costco in another timezone.
Here’s the honest breakdown.
Heads up: some links below are referral links — they don’t cost you anything and the comparison is the same whether you use them or not.
The 30-Second Answer
If you just need a quick pick:
- Hetzner — best price-to-performance on the planet for EU/US. This is the right answer for most home-labbers.
- DigitalOcean — polished UX, excellent docs, big marketplace, worth the premium if you want hand-holding or you’re onboarding a team.
- Vultr — most global locations, hourly billing, high-frequency compute option. Pick it when you need a box in Singapore or São Paulo, or when you need to spin something up for four hours and delete it.
That’s the verdict. The rest of this article explains why.
What Each One Actually Is
Hetzner is a German infrastructure company that’s been around since 1997. They run their own data centers. No VC money burning a hole in their pricing model. The result is VPS pricing that makes other providers look embarrassed. They now have US locations in Ashburn (Virginia) and Hillsboro (Oregon), so the “EU only” objection is mostly gone. Bandwidth allowances are generous. The control panel is functional without being flashy.
DigitalOcean is the “developer cloud” that taught a generation of sysadmins to deploy their first VPS via a tutorial they found on Google. Their docs are genuinely good — like, “this is how you explain a concept to someone who hasn’t seen it before” good. The marketplace is full of one-click apps. Droplets (their VMs), managed databases, Spaces (S3-compatible object storage), and App Platform are all in the same billing account. You pay more for that ecosystem.
Vultr sits between the two. More locations than anyone — 32+ regions as of writing. Hourly billing on everything. A “high-frequency” compute tier with NVMe storage for latency-sensitive workloads. The UI has rough edges. The docs are thinner than DO’s. Support reputation is mixed. But for location coverage and billing flexibility, nothing touches it.
Price and What You Actually Get
Hetzner is the benchmark here. Their entry-level shared-vCPU ARM instance runs around €3–4/month. The entry-level x86 shared box is in the €4–5/month range. For that you get a usable slice of real hardware in a real data center with generous outbound bandwidth included. Comparable specs on DigitalOcean or Vultr cost roughly twice as much.
DigitalOcean entry-level Droplets start around $6/month and go up. You get what you pay for in terms of UX and ecosystem support, but you are absolutely paying for it. Bandwidth overage fees exist and will surprise you if you’re running a backup target that actually gets used.
Vultr entry-level is in the $2.50–5/month range depending on tier and location, though the cheapest tiers have tighter resource limits. Their high-frequency compute tier costs more but delivers meaningfully faster disk I/O — relevant if you’re running a database or Postgres on the box.
The pattern: Hetzner wins on raw price-per-spec by a comfortable margin. Vultr competes on the low end in specific tiers. DigitalOcean costs more and makes no apologies for it.
Performance and Network
Hetzner punches well above its price class. Their hardware is current, network is fast, and the included bandwidth allowances are generous — something like 20TB outbound per month on mid-tier boxes, compared to 1–2TB on comparable DO/Vultr tiers. For a Restic backup target or a Headscale server, you will not hit the limit. If you somehow do, the overage pricing is still reasonable.
DigitalOcean network performance is solid and consistent. Premium plans use NVMe SSDs. For most workloads it’s indistinguishable from Hetzner. The difference shows up in the bill.
Vultr high-frequency compute is genuinely faster on disk-heavy workloads — NVMe on shared hardware. Standard Vultr boxes are competitive. Network is fine. Bandwidth allowances vary more by plan and location than the other two, so read the small print before running a high-egress workload.
One real caveat on Hetzner: they’ve gotten stricter about account verification in response to fraud and abuse. New accounts may need to upload ID or wait for manual review. This is a one-time annoyance, not an ongoing problem, but it has caught people off guard at 2 AM when they just wanted to spin up a box. Budget time for it.
Locations
Hetzner: Germany (Nuremberg, Falkenstein), Finland (Helsinki), Virginia USA (Ashburn), Oregon USA (Hillsboro). That covers Europe and US coasts. If you’re in Asia or South America, Hetzner doesn’t reach you.
DigitalOcean: NYC, SFO, Amsterdam, Singapore, London, Frankfurt, Toronto, Bangalore, Sydney. Good global spread. You can get reasonably close to most places.
Vultr: 32+ regions including Tokyo, Seoul, Osaka, Mumbai, Sydney, São Paulo, Mexico City, Warsaw, Stockholm, and more. If you need a box in a specific geography — a Minecraft server near your friends, a compliance requirement, a relay node for regional latency — Vultr is the only one of these three that’ll get you there.
For most home-lab overflow use cases (Tailscale relay, backup target, reverse proxy), you want low latency to your home, which usually means US East, US West, or EU. Hetzner covers all three.
The Experience: Console, API, Docs, Marketplace
DigitalOcean wins this category. Not close. The control panel is clean and intuitive. The documentation is some of the best in the industry — full tutorials, not just API reference pages. Community tutorials cover almost everything you’d want to run. The Marketplace has one-click installs for Nextcloud, Gitea, Grafana, and fifty other things. Terraform provider, robust API, GitHub Actions integration. If you’re teaching someone to use cloud infrastructure for the first time, you start them here.
Hetzner has a functional control panel (Hetzner Cloud Console) that does everything you need without extra decoration. The API is good. Terraform provider works. Community resources exist but are thinner — you’ll find your answers, just with more digging. The Robot panel for dedicated servers is a different UI entirely, which is confusing until you realize Hetzner also sells dedicated hardware at absurd prices and has had separate systems for decades.
Vultr has the roughest UX of the three. The control panel works. The API is documented. But the overall experience feels like it was designed by someone who needed the feature, shipped it, and moved on. Not broken — just not polished. Terraform and CLI tooling exist and are functional.
Comparison at a Glance
| Hetzner | DigitalOcean | Vultr | |
|---|---|---|---|
| Entry price | ~€4–5/mo | ~$6/mo | ~$2.50–5/mo |
| Price/performance | Best | Premium | Middle |
| Locations | EU + US (4) | 13 regions | 32+ regions |
| Bandwidth included | Generous (20TB+) | 1–2TB typical | Varies by plan |
| UX & docs | Functional | Excellent | Rough |
| API & IaC | Good | Excellent | Good |
| Best for | Budget-conscious home-labbers | Teams, beginners, ecosystem | Specific geographies, burst boxes |
Where Each One Bites You
Hetzner:
- Strict account verification — new accounts can get flagged for manual review. Don’t start your on-call migration at midnight.
- Fewer locations than the others. No Asia, no South America. If you need those, you’re going elsewhere.
- Support is terse. They respond. They fix things. They don’t write paragraphs. If you need hand-holding through an incident, that’s not the vibe.
- The shared-vCPU tier means noisy-neighbor variance. For light workloads (relay, backup target) you won’t notice. For a latency-sensitive application, look at the dedicated vCPU tiers.
DigitalOcean:
- You pay a meaningful premium for the polish. If budget is tight, it adds up.
- Bandwidth overage fees. 1TB of outbound is included on entry Droplets, and if you’re running an actual backup job that moves data, you’ll watch the meter.
- The platform breadth means more stuff to accidentally leave running. Managed database you spun up for a test? $15/month minimum. Object Storage buckets with forgotten data? Small but real.
- Some features lock you into proprietary-ish patterns (App Platform, Managed Kubernetes) that make migration friction later.
Vultr:
- Support reputation is genuinely mixed in the community. Tickets get closed. Issues get resolved eventually. It’s not reliable for time-sensitive problems.
- UI inconsistencies across control panel sections. Feels like different teams built different parts.
- Bandwidth fine print varies more than competitors. Read per-plan details, especially for high-egress workloads.
- Pricing clarity on the lower tiers requires careful reading — some regions don’t offer the cheapest plans, and the price grid can mislead.
Real Scenarios → Real Picks
Off-site Restic or Borg backup target
Pick: Hetzner. Cheap storage-optimized boxes, enormous bandwidth allowance, EU data sovereignty if you care about that. Spin up a CAX11 ARM box, install restic, point your repos at it. The bandwidth you’ll use for daily incrementals won’t touch the cap.
A quick cloud-init to harden the box before you attach your backup jobs:
#cloud-configusers: - name: backupuser groups: sudo shell: /bin/bash sudo: ["ALL=(ALL) NOPASSWD:ALL"] ssh_authorized_keys: - ssh-ed25519 AAAA...your-public-key...
packages: - ufw - unattended-upgrades - restic
runcmd: - ufw default deny incoming - ufw default allow outgoing - ufw allow 22/tcp - ufw --force enable - dpkg-reconfigure --priority=low unattended-upgrades - passwd -l rootTailscale relay / Headscale server / CGNAT escape
Pick: Hetzner if EU or US is fine, Vultr if you need a specific region. A Headscale server or a DERP relay needs low latency to your clients. Pick the region geographically closest to where most of your nodes are. Hetzner’s Ashburn location works well for US East Coast home labs. For everything else geo-wise, Vultr’s location spread wins.
A basic setup after provisioning:
# Minimal hardening — run as root on first boot# Assumes Ubuntu 22.04/24.04
# Create a non-root user (replace 'ops' with your username)adduser opsusermod -aG sudo ops
# Copy your SSH keymkdir -p /home/ops/.sshecho "ssh-ed25519 AAAA...your-public-key..." >> /home/ops/.ssh/authorized_keyschown -R ops:ops /home/ops/.sshchmod 700 /home/ops/.sshchmod 600 /home/ops/.ssh/authorized_keys
# Lock down SSHsed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_configsed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_configsystemctl restart sshd
# Firewall — adjust ports for your actual servicesufw allow 22/tcpufw allow 80/tcpufw allow 443/tcpufw allow 41641/udp # Tailscale / DERPufw default deny incomingufw default allow outgoingufw --force enable
# Auto security updatesapt install -y unattended-upgradesdpkg-reconfigure --priority=low unattended-upgradesSmall always-on service (monitoring endpoint, RSS bridge, small API)
Pick: Hetzner for budget, DigitalOcean if it’s for work or you need the ecosystem. An always-on service that runs at low traffic doesn’t need much. Hetzner’s ARM boxes are absurdly cheap and idle at basically no CPU. If the service is work-adjacent, you’re sharing it with coworkers, or you want the managed options (databases, load balancers, backups), DigitalOcean’s ecosystem is worth the premium.
Ephemeral CI runner or burst compute
Pick: Vultr. Hourly billing, high-frequency NVMe option, spin it up, run the build, delete it. The combination of true hourly billing and HF compute makes Vultr genuinely better for burst workloads than the alternatives. DigitalOcean does hourly billing too, but at a higher price floor. Hetzner’s minimum billing period behavior is worth reading their current docs on before assuming.
The Verdict
Here’s where we land:
Hetzner is the default pick for most home-labbers. Best price-per-spec, generous bandwidth, EU and US locations, solid API. If you don’t have a specific reason to go elsewhere, go here. Budget an extra 10 minutes on signup for verification.
DigitalOcean is the pick when experience matters more than price. Great docs for unfamiliar territory, a marketplace full of one-click installs, an ecosystem where everything talks to everything. Worth it for teams, for learning, for “I just want it to work and I’ll pay a bit more for that.”
Vultr is the pick for location and flexibility. If you need a node in Southeast Asia, South America, or the Nordic region, Vultr goes where the others don’t. Hourly billing makes it the right tool for burst compute and short-lived experiments. Just don’t rely on support for anything urgent.
If you’ve been waffling between these three, the answer is almost certainly Hetzner. The exceptions are real but they’re edge cases. The price difference is not. Your 2 AM self — the one who just realized off-site backups were a good idea — will appreciate having a €4/month box ready to go.
