HostSSH is one control plane for the whole life of a server: the first push to production, the day-to-day of managed databases, and the 3am recovery you hope never comes — proven on a schedule so you don't hope, you know.
Most tools dump a database and call it a backup. HostSSH captures the entire server — the Coolify brain and its master key, every database, all Docker volumes, system config and the sidecars that glue them together — into a single encrypted .hsi image.
That image is the unit of everything: restore it in place, clone it to a staging twin, or relocate it to a brand-new VPS. A deterministic IP-rewrite pass flips every public reference, while internal services ride a stable WireGuard overlay — so a moved box just works on arrival.
A backup you've never restored is a rumour. HostSSH runs scheduled restore-drills: it pulls a recent image into a throwaway sandbox, brings the stack up, and verifies databases to the row — then tears the sandbox down.
Every drill rolls up into a backup-health score so you can see, at a glance, that recovery actually works — and get alerted the moment a backup stops being restorable, not the day you need it.
Push a repo and HostSSH takes it to a live, TLS-terminated URL. Railpack inspects the code and builds a lean OCI image — no Dockerfile, no Nix. Docker runs it as a supervised container with health checks, secret injection and zero-downtime rollouts.
Traefikbinds your domain, issues and renews Let's Encrypt certificates, and load-balances traffic. Routes are declarative, so a relocated box re-binds them automatically — the deploy layer and the disaster-recovery layer are the same layer.
Need a target box? Queue one. HostSSH provisions fresh VPSes across Hostinger, Hetzner, DigitalOcean, Vultr and AWS, installs the base stack, and hands back a ready node — whether it's the destination of a migration or just more capacity.
The queue tracks each provision through to a healthy, reachable server, retries transient provider failures, and surfaces the result in the same fleet view as everything else.
HostSSH ships a Model Context Protocol server so an AI agent can operate the fleet in plain language: deploy a service, provision a box, kick off a backup, run a restore-drill, or migrate a server — all through the same authenticated, license-gated actions a human uses.
Because the MCP rides the real control-plane API, agents inherit the same RBAC and audit trail. No shadow path, no extra blast radius.
Features unlock per tier through ed25519 license tokens the agent verifies locally — so capabilities are enforced even offline, and an expired license never blocks an emergency restore.
The control plane keeps every agent and server in one fleet view — health, backups, deploys and drills — regardless of which provider each box lives on. One pane of glass for a multi-cloud fleet.
One command installs the agent, prompts for your license key, and unlocks the deploy pipeline, managed databases, backup, clone, relocate & Web-SSH.
$ curl -fsSL https://get.hostssh.com | sh