Server Providers
Learn about the server providers supported by Forge.
Supported Server Providers
Forge can create and manage servers on the following cloud server providers:
If your preferred server provider is not supported by Forge, you may use Forge’s “Custom VPS” option to create your server. Custom VPS servers receive all of the same functionality as first-party supported server providers. Learn more
Linking Server Providers
You can link server providers from your Server Providers dashboard. It is possible to link any number of supported provider accounts, including multiple accounts for one provider.
Amazon AWS API Access
There are a few requirements you should review to ensure Forge works correctly with your linked AWS account:
- AWS IAM users must have Programmatic API Access.
- AWS IAM users need to belong to a group with the AmazonEC2FullAccess and AmazonVPCFullAccess managed policies.
- If you are using an existing VPC, the subnet must be configured to auto-assign public IP addresses.
- If you are using an existing VPC, the default security group must allow Forge to SSH into the server. Here is an example:
| Type | Protocol | Port Range | Source | Description | |
|---|---|---|---|---|---|
| HTTP | TCP | 80 | Custom | 0.0.0.0/0 | |
| HTTP | TCP | 80 | Custom | ::/0 | |
| SSH | TCP | 22 | Custom | YOUR_IP_ADDRESS/32 | SSH from your IP |
| SSH | TCP | 22 | Custom | 159.203.150.232/32 | SSH from Forge |
| SSH | TCP | 22 | Custom | 159.203.150.216/32 | SSH from Forge |
| SSH | TCP | 22 | Custom | 45.55.124.124/32 | SSH from Forge |
| HTTPS | TCP | 443 | Custom | 0.0.0.0/0 | |
| HTTPS | TCP | 443 | Custom | ::/0 |
Akamai / Linode API Access
When creating a new Akamai Cloud API token for your Akamai account, Akamai will ask you to select which permissions are needed by the token. You will need to select the following permissions:
- Linodes - Read/Write
- IPs - Read/Write
In addition, you may wish to set the token to never expire.
DigitalOcean OAuth Access
The easiest way to allow Forge to communicate with your DigitalOcean account is by using the “Login with DigitalOcean” button. This option can be found on the Server Providers page within your Forge account.
Clicking the “Login with DigitalOcean” button will redirect you to DigitalOcean’s Authorize Application page, where you’ll be asked to approve the required permissions requested by Forge.
Once approved, Forge will create an OAuth credential, allowing it access to the necessary permissions needed in provisioning and managing your servers on your behalf.
DigitalOcean API Access
In addition to granting Forge access via OAuth, you can also use a Personal Access Token to enable Forge to communicate with your DigitalOcean account. When creating a new Personal Access Token for your DigitalOcean account, you will need to select which scopes will be granted on the token. You must select either:
- Full Access: Grants access to all scopes based on the account’s current role permissions
- Custom Scopes: Grants granular permissions on specific scopes. The following are required by Forge to successfully provision a server:
- Droplet - Create / Read / Update / Delete
- Reserved IP - Create / Read / Update / Delete
- SSH Key - Create / Read / Update / Delete
- VPC Key - Create / Read / Update / Delete
Vultr API Access
The Vultr server provider requires you to add the Forge IP addresses to an IP address allow list so that Forge can communicate with your servers. You should ensure that you do this before provisioning a Vultr server via Forge.
Hetzner Cloud API Access
Hetzner API tokens are specific to a Hetzner Project. If you utilize Hetzner Projects, you should ensure that Forge has an API token for each Hetzner Project.
Bring Your Own Server
Alongside supporting several first-party server providers, Forge also supports the ability to use your own custom server. To do so, select the Custom VPS option when creating a new server.
In addition, you should review the following server requirements:
- The server must be running a fresh installation of Ubuntu 20.04, 22.04 or 24.04 x64.
- The server must be accessible externally over the Internet.
- The server must have
rootSSH access enabled. - The server requirements should meet the following criteria or more: 1 CPU Core with 1GHz, 1GB RAM, and 10GB Disk space.
- The server must have curl installed.
Please refer to the Forge IP address documentation if you restrict SSH access to your server by IP addresses.
If you are protecting your internal network through Network Address Translation and you are mapping public SSH ports to different internal SSH ports, you may let Forge know about this by checking the This server is behind a NAT checkbox. This will show an extra input field, NAT SSH Port, that you can use to tell Forge about the SSH port to which SSH traffic is mapped. Forge will use this port to allow traffic into the server via ufw. If the internal SSH port is the same as the public SSH port, you may leave the NAT SSH Port field empty.
Was this page helpful?