MCP Server Hosting: Where to Actually Deploy in 2026

MCP Server Hosting: Where to Actually Deploy in 2026

HostingSift | | 9 min read

Model Context Protocol went from "Anthropic curiosity" to "thing every AI tooling vendor implements" in roughly twelve months. If you build agentic apps in 2026, you almost certainly need to host an MCP server somewhere. The official docs cover the protocol. They do not cover the boring infrastructure question: where does this thing actually run, and what does it cost?

This guide answers that. We will look at the three deployment modes (stdio, HTTP, SSE), the security gotchas that bite teams in production, and the actual hosting price points for running MCP servers at scale. Real plans, real numbers from providers in our database.

What an MCP server is, in one paragraph

Model Context Protocol is an open standard from Anthropic that lets LLM applications connect to external tools and data sources through a unified interface. An MCP server exposes resources (files, database rows, API endpoints) and tools (functions the model can call) to any compatible client. Claude Desktop, Cursor, VS Code Copilot, and dozens of agent frameworks all speak MCP now. Build one server, plug into all of them.

The protocol itself is JSON-RPC 2.0 over a transport layer. That transport is where hosting decisions start mattering.

Three transport modes, three hosting profiles

1. Stdio (local only)

The server runs as a subprocess of the client. The client spawns your binary, talks to it over stdin/stdout, kills it on exit. Zero network surface. Zero hosting needed.

This is how every Claude Desktop config you have ever seen works. command: "node", args: ["./my-server.js"], done. Great for personal tools, code that runs against your local filesystem, anything you do not want exposed to the internet.

Hosting cost: zero. You are the host.

2. HTTP with Server-Sent Events (SSE)

The original networked transport. Server runs as a long-lived HTTP service. Clients connect, hold an SSE stream open, send requests over POST. This is the mode most public MCP servers use today.

Hosting requirements: a process that stays running, a public URL with TLS, and a host that does not kill long-lived connections. That last one matters more than people realize. Serverless platforms with hard timeouts (Vercel Functions, Cloudflare Workers default tier) will close the SSE stream after 10-60 seconds. Game over.

3. Streamable HTTP (the 2025 spec update)

Anthropic merged SSE and POST into one bidirectional endpoint. Stateless mode is possible. Each request is a self-contained exchange. This unlocks serverless and edge deployments because you no longer need a persistent connection.

Stateless streamable HTTP is the mode you want if your server does not need session memory. Stateful mode still requires a sticky backend.

Picking the right host

The decision tree:

  • Stateless streamable HTTP, low traffic: serverless or PaaS. Cheapest.
  • Stateful SSE, persistent connections: VPS or container platform.
  • High traffic, autoscaling: managed container service or Kubernetes.
  • Internal-only, behind VPN: any VPS with a private network.

Most teams overestimate which bucket they fall into. If your MCP server fronts a small API and gets a few hundred requests per day, you do not need Kubernetes. A 4 EUR VPS is fine.

Self-hosted on a VPS: the realistic baseline

This is what most production MCP servers actually run on. A small VPS, Node or Python process behind a reverse proxy, systemd keeping it alive. Total cost: under 10 EUR per month.

ProviderPlanvCPU / RAMStoragePrice
HetznerCX232 / 4 GB40 GB NVMe3.49 EUR/mo
HetznerCAX11 (ARM)2 / 4 GB40 GB NVMe3.79 EUR/mo
NetcupVPS 500 G122 / 4 GB128 GB NVMe4.87 EUR/mo
ContaboCloud VPS 104 / 8 GB75 GB NVMe3.60 EUR/mo
DigitalOceanBasic Regular 1 GB1 / 1 GB25 GB SSD$6/mo
VultrRegular Cloud Compute1 / 1 GB25 GB SSD$6/mo
LinodeShared Nanode1 / 1 GB25 GB SSD$5/mo

The Hetzner CX23 at 3.49 EUR has shocked a lot of engineers in 2026. Two vCPUs and 4 GB RAM for the price of a coffee. It handles MCP servers with hundreds of concurrent SSE connections without breaking a sweat.

For pure value, Contabo Cloud VPS 10 at 3.60 EUR gives you 4 vCPU and 8 GB RAM, but the I/O is slower and latency varies. Fine for a hobby MCP server. Not what you want for production.

If you are running multiple MCP servers and need elbow room, the Hetzner CCX13 dedicated AMD instance at 12.49 EUR with 2 dedicated vCPUs and 8 GB RAM is the sweet spot most teams converge on.

The setup, briefly

Provision the VPS. Install Node or Python. Clone your MCP server repo. Wrap the process in systemd (or PM2 if you prefer). Put Caddy or nginx in front for TLS. Open port 443. Done.

Anthropic publishes a TypeScript SDK and a Python SDK. Both have starter templates. Most teams have their first MCP server live in under an hour.

PaaS deployment: less work, slightly more money

If you do not want to think about systemd or TLS certs, Railway and Render handle the plumbing.

Railway charges per resource used. A small MCP server with 512 MB RAM and minimal CPU lands around $5 to $8 per month including bandwidth. You push from GitHub, Railway builds and deploys. SSE works out of the box because Railway runs your container long-lived.

Render's Web Service plans start at $7 per month for 512 MB RAM, $25 for 2 GB. Render also handles SSE and WebSockets correctly. Their free tier spins down after inactivity, which kills MCP servers, so do not use it for anything serious.

The tradeoff is honest: PaaS costs roughly 2x what a Hetzner VPS costs for equivalent resources, and you trade that money for zero ops work. Worth it for small teams without an ops person.

For deeper PaaS analysis, see our PaaS hosting comparison.

Serverless: cheap and fast, with caveats

Streamable HTTP in stateless mode opens the door to truly serverless MCP servers. Cloudflare Workers, AWS Lambda, Vercel Functions can all host an MCP endpoint as long as each request is self-contained.

Cloudflare Workers is probably the best fit. Global edge, zero cold starts under typical load, $5 per month for 10 million requests on the paid tier. Their nodejs_compat flag handles the Anthropic SDK reasonably well.

Watch out for these limits:

  • Request timeout: Workers is 30 seconds CPU time, Lambda is 15 minutes max, Vercel Hobby is 10 seconds (yes, 10).
  • Response size: Workers caps at 100 MB streamed, Lambda at 6 MB synchronous.
  • Cold starts: relevant if your MCP server hits cold instances often. Workers wins here.

If your MCP server wraps a slow external API and individual tool calls might take 45 seconds, serverless is wrong. Use a VPS.

If your MCP server is a thin wrapper around a fast database query, serverless is perfect and you might never spend more than a few dollars per month.

The security part nobody likes talking about

An MCP server is a remote code execution surface for whoever talks to it. The LLM client calls tools on your server. Those tools execute code. If you expose that endpoint to the public internet without auth, you are running an open execution endpoint.

Here is what teams keep getting wrong:

1. No authentication on the MCP endpoint

The MCP spec supports OAuth 2.1 for HTTP transports. Use it. Anthropic added OAuth flows to the spec in 2025 specifically because too many public MCP servers shipped without auth.

If OAuth is too much for your use case, at minimum require a bearer token in the Authorization header and validate it on every request. Hardcoded API keys in env vars work fine for B2B MCP servers used by a single client team.

2. Tools that take filesystem paths

An MCP tool called read_file(path) that does no path validation is a path traversal exploit waiting to happen. The LLM will eventually try ../../../etc/passwd because the user asked it to debug something. Validate. Sandbox. Use chroot or container isolation for anything filesystem-related.

3. Database tools with no row-level filtering

If your MCP server exposes a query_users() tool, the LLM client speaks for whoever invoked it. Pass user identity through the protocol context and apply row-level security at the database. Otherwise tenant A can ask their AI for tenant B's data through your MCP server, and your AI will happily oblige.

4. Rate limiting

LLMs in agent loops can hammer an endpoint. A buggy agent we saw last quarter called the same MCP tool 4,000 times in two minutes before timing out. Without rate limiting that becomes your AWS bill. Caddy and Cloudflare both do this cheaply.

Real-world architecture: MCP server in front of a SaaS API

The most common production pattern in 2026 looks like this:

  1. Your existing SaaS has a REST API.
  2. You write an MCP server that wraps the REST API in tool definitions.
  3. The MCP server runs on a small VPS or Railway service.
  4. OAuth flow issues per-customer tokens.
  5. Claude/Cursor/your-agent-of-choice connects to the MCP server using those tokens.

This unlocks AI integration without forcing your customers to integrate with twenty different agent frameworks. You build one MCP server. Everything else just works.

For a B2B SaaS doing 50,000 tool calls per day, this entire setup runs comfortably on a 6.49 EUR Hetzner CPX22 with Caddy fronting the Node process. Total monthly bill: under 10 EUR including bandwidth.

Where MCP server hosting is going

Two trends to watch in 2026:

MCP marketplaces. Anthropic, Glama, and Smithery are building registries where third parties publish hosted MCP servers. You will not always host your own. You will sometimes use a hosted MCP server the way you use a third-party API today. Pricing models there are still shaking out, mostly per-call or per-seat.

MCP-native hosting platforms. A handful of providers are building dedicated MCP hosting products: deploy your server with one command, get OAuth and rate limiting included, pay per request. Expect this category to consolidate quickly. By 2027 we will probably have two or three dominant players the same way Vercel won Next.js hosting.

For now, a VPS plus a half-day of setup gets you a production MCP server cheaper than any managed alternative.

The 30-second recommendation

Building your first MCP server for testing? Stdio mode, local machine. No hosting.

Shipping an MCP server to a customer or to the public? Hetzner CX23 at 3.49 EUR plus Caddy plus systemd. You will spend an hour setting up. The thing will run for years.

Already on a PaaS for your main app? Add the MCP server to the same project on Railway or Render. Your bill goes up by maybe $5 per month.

Want zero ops and very low traffic? Stateless streamable HTTP on Cloudflare Workers. Free tier handles a surprising amount.

The hosting decision matters less than the security one. Auth your endpoint, validate your tool inputs, rate-limit your server. Then ship.

Share this article

Mentioned Hostings

Related Comparisons

Related Articles