diff --git a/examples/hetzner/.gitignore b/examples/hetzner/.gitignore
new file mode 100644
index 000000000..7f001f9dc
--- /dev/null
+++ b/examples/hetzner/.gitignore
@@ -0,0 +1,3 @@
+# sst
+.sst
+key_rsa
diff --git a/examples/hetzner/bun.lockb b/examples/hetzner/bun.lockb
new file mode 100755
index 000000000..99d6e605f
Binary files /dev/null and b/examples/hetzner/bun.lockb differ
diff --git a/examples/hetzner/package.json b/examples/hetzner/package.json
new file mode 100644
index 000000000..57292c5eb
--- /dev/null
+++ b/examples/hetzner/package.json
@@ -0,0 +1,7 @@
+{
+  "name": "base-ts",
+  "version": "0.0.0",
+  "dependencies": {
+    "sst": "^0.1.54"
+  }
+}
diff --git a/examples/hetzner/sst-env.d.ts b/examples/hetzner/sst-env.d.ts
new file mode 100644
index 000000000..f110f3304
--- /dev/null
+++ b/examples/hetzner/sst-env.d.ts
@@ -0,0 +1,8 @@
+/* tslint:disable */
+/* eslint-disable */
+import "sst"
+declare module "sst" {
+  export interface Resource {
+  }
+}
+export {}
diff --git a/examples/hetzner/sst.config.ts b/examples/hetzner/sst.config.ts
new file mode 100644
index 000000000..bb28c55ae
--- /dev/null
+++ b/examples/hetzner/sst.config.ts
@@ -0,0 +1,69 @@
+/// <reference path="./.sst/platform/config.d.ts" />
+
+import { writeFileSync } from "fs";
+import { resolve } from "path";
+
+export default $config({
+  app(input) {
+    return {
+      name: "hetzner",
+      removal: input?.stage === "production" ? "retain" : "remove",
+      home: "aws",
+      providers: { hcloud: true, tls: true, docker: true },
+    };
+  },
+  async run() {
+    const privateKey = new tls.PrivateKey("PrivateKey", {
+      algorithm: "RSA",
+      rsaBits: 4096,
+    });
+    const publicKey = new hcloud.SshKey("PublicKey", {
+      publicKey: privateKey.publicKeyOpenssh,
+    });
+    const server = new hcloud.Server("Server", {
+      image: "debian-12",
+      serverType: "cx11",
+      sshKeys: [publicKey.id],
+      userData: [
+        `#!/bin/bash`,
+        `apt-get update`,
+        `apt-get install -y docker.io apparmor`,
+        `systemctl enable --now docker`,
+        `usermod -aG docker debian`,
+      ].join("\n"),
+    });
+
+    const keyPath = privateKey.privateKeyOpenssh.apply((key) => {
+      const path = "key_rsa";
+      writeFileSync(path, key, { mode: 0o600 });
+      return resolve(path);
+    });
+
+    const dockerProvider = new docker.Provider("DockerProvider", {
+      host: $interpolate`ssh://root@${server.ipv4Address}`,
+      sshOpts: ["-i", keyPath, "-o", "StrictHostKeyChecking=no"],
+    });
+
+    const nginx = new docker.Container(
+      "Nginx",
+      {
+        image: "nginx:latest",
+        ports: [
+          {
+            internal: 80,
+            external: 80,
+          },
+        ],
+        restart: "always",
+      },
+      {
+        provider: dockerProvider,
+        dependsOn: [server],
+      },
+    );
+
+    return {
+      url: $interpolate`http://${server.ipv4Address}`,
+    };
+  },
+});
diff --git a/examples/hetzner/tsconfig.json b/examples/hetzner/tsconfig.json
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/examples/hetzner/tsconfig.json
@@ -0,0 +1 @@
+{}