Dedicated NixOS server with process supervision for your MCP endpoints.
SSE and HTTP transports supervised by watchdog. Auto-restart on any failure.
"Check MCP health" — OpenClaw monitors your endpoints and alerts you.
MCP Server Hosting: Remote MCP Servers on Dedicated Infrastructure
Host your Model Context Protocol servers on self-healing dedicated servers with streamable HTTP endpoints, OAuth 2.1 authorization, and the osModa mcpd daemon for lifecycle management. Every tool call is authenticated, every action is audit-logged, and every crash recovers automatically. Plans start at $14.99/month.
The MCP ecosystem has crossed 200 servers as of early 2026, and Anthropic has donated the protocol to the Agentic AI Foundation under the Linux Foundation. The June 2025 spec update deprecated SSE in favor of streamable HTTP, and the authorization specification now mandates OAuth 2.1 with PKCE. Production MCP hosting is no longer optional -- it is the standard. osModa provides the infrastructure to run MCP servers the way the spec intends: secure, observable, and always available.
Last updated: March 2026
TL;DR
- • Host MCP servers on dedicated infrastructure with the mcpd Rust daemon managing lifecycle, health, and restarts.
- • Native streamable HTTP transport (June 2025 spec) with backward SSE compatibility -- no manual proxy config needed.
- • OAuth 2.1 with mandatory PKCE on every request, plus scoped authorization and resource indicators.
- • Every tool call and connection is logged in a tamper-proof SHA-256 audit ledger for compliance.
- • Plans from $14.99/mo on dedicated Hetzner servers -- no per-request charges or credit limits.
Why MCP Servers Need Dedicated Hosting
The Model Context Protocol gives AI agents structured access to external tools and data sources. But running an MCP server in production is fundamentally different from running one locally during development. Local servers die when your machine sleeps. They cannot serve multiple clients. They have no authentication, no audit trail, no crash recovery. When your AI agent depends on an MCP server for database access, file operations, or API integrations, downtime means your agent is blind and unable to act.
The June 2025 MCP specification update introduced streamable HTTP as the production transport, replacing the deprecated SSE approach. Streamable HTTP brings proper request-response semantics, chunked transfer encoding for long-running operations, and compatibility with standard HTTP infrastructure like load balancers, CDNs, and API gateways. But deploying streamable HTTP endpoints correctly requires session management, connection pooling, security headers, and CORS configuration that most teams get wrong on the first attempt.
osModa eliminates this complexity. The mcpd daemon handles streamable HTTP endpoint configuration, OAuth 2.1 token validation, connection lifecycle management, and watchdog supervision out of the box. You bring your MCP server code. osModa handles everything between your server and the outside world.
| Capability | osModa mcpd | Local MCP | Cloud Run / Lambda |
|---|---|---|---|
| 24/7 uptime | Yes | No | Yes |
| Streamable HTTP | Native | stdio only | Manual config |
| OAuth 2.1 auth | Built-in | None | DIY |
| Auto crash recovery | 6-second watchdog | Manual restart | Cold start |
| Audit logging | SHA-256 tamper-proof | None | CloudWatch (mutable) |
| Atomic rollbacks | NixOS built-in | No | Redeploy only |
| Root SSH access | Yes | N/A | No |
For a deep comparison of remote and local MCP deployment models, see our Remote vs Local MCP Servers guide. For transport-specific deployment guidance, see SSE / HTTP Deployment.
The mcpd Daemon: MCP Server Lifecycle Management
At the core of osModa's MCP hosting is mcpd -- a Rust-based daemon that manages the entire lifecycle of your MCP servers. It is part of osModa's suite of 9 Rust daemons and is purpose-built for the Model Context Protocol.
Process Supervision
mcpd starts, monitors, and restarts MCP server processes. It tracks process health with configurable health checks, manages graceful shutdown during deployments, and provides a 6-second median recovery time when servers crash. Multiple MCP servers can run simultaneously, each supervised independently.
Streamable HTTP Gateway
mcpd exposes your MCP servers via streamable HTTP endpoints with proper session management, chunked transfer encoding, and connection pooling. It handles CORS headers, security headers (HSTS, CSP, X-Frame-Options), and TLS termination. No nginx or reverse proxy configuration needed.
OAuth 2.1 Authorization
Every incoming MCP request is validated against OAuth 2.1 tokens with mandatory PKCE. mcpd supports authorization server discovery via RFC 9728, scoped token validation, and resource indicators to prevent token misuse. Bring your own identity provider or use the built-in authorization server.
Audit Logging
Every tool call, every connection, every authentication event is recorded in osModa's SHA-256 hash-chained audit ledger. Entries are immutable once written. Critical for compliance requirements (SOC 2, HIPAA, 21 CFR Part 11) and for debugging tool behavior in production.
mcpd is open source. Inspect the implementation at github.com/bolivian-peru/os-moda. For hardening guidance, see the MCP Security Hardening guide.
Streamable HTTP: The Production MCP Transport
The MCP specification introduced streamable HTTP on March 26, 2025, and deprecated SSE in the June 18, 2025 spec update. Streamable HTTP replaces persistent SSE connections with a more scalable, bidirectional model that uses standard HTTP POST requests with chunked transfer encoding.
This transition matters for production hosting. SSE connections are persistent and stateful, making them difficult to load-balance and impossible to route through standard API gateways. Streamable HTTP uses the "sealed letter" model of standard HTTP requests, enabling traffic inspection, strict CORS enforcement, and session binding to verified user identities. It also works behind enterprise proxies and firewalls that terminate long-lived connections.
osModa's mcpd daemon implements streamable HTTP natively. When you deploy an MCP server, mcpd automatically configures the endpoint with proper chunked encoding, session management, and connection lifecycle handling. It also maintains backward compatibility with SSE for clients that have not yet migrated. Read the full deployment walkthrough in our SSE / HTTP Deployment guide.
mcpd.toml -- MCP server configuration
[server.my-database-tools] command = "node" args = ["./mcp-db-server/index.js"] transport = "streamable-http" port = 8080 health_check = "/health" restart_policy = "always" max_restart_delay = "10s" [server.my-database-tools.auth] provider = "oauth2" issuer = "https://auth.example.com" audience = "mcp://my-database-tools" scopes = ["tools:read", "tools:write"] [server.my-database-tools.audit] enabled = true log_tool_calls = true log_connections = true
Security: Zero Trust for MCP Servers
A 2025 research report analyzing 5,000 MCP servers found that 53% use insecure hard-coded credentials. By early 2026, over 8,000 MCP servers were found exposed without proper authentication. The MCP ecosystem is growing faster than teams can secure it.
osModa enforces zero trust by default. Every MCP server hosted on osModa gets OAuth 2.1 authentication with mandatory PKCE, scoped authorization for individual tools, trust boundary enforcement between servers, and tamper-proof audit logging of every tool call. The mcpd daemon validates every request before it reaches your MCP server code.
Each osModa server runs on dedicated Hetzner infrastructure with no multi-tenancy. MCP servers are isolated at the OS level with NixOS declarative security policies. Inter-server communication uses Noise_XX + ML-KEM-768 hybrid post-quantum encryption. For the full security implementation guide, see MCP Security Hardening.
Who Hosts MCP Servers on osModa
osModa serves teams that need MCP servers running reliably in production, not just on a developer's laptop during demos.
AI Agent Builders
Teams building LangGraph, CrewAI, or custom agents that depend on MCP servers for tool access. Need persistent endpoints that survive laptop sleep cycles, team-wide access, and production-grade monitoring.
Learn moreSaaS Automation
Product teams exposing internal APIs as MCP servers for AI-powered features. Need OAuth 2.1 authentication, audit logging for compliance, and predictable flat-rate pricing without per-request charges.
Learn moreDevOps Teams
Infrastructure teams deploying MCP servers alongside existing services. NixOS declarative configuration fits IaC workflows. Full SSH access integrates with monitoring, alerting, and log aggregation stacks.
Learn moreAI Agencies
Agencies managing MCP servers for multiple clients. Each client gets isolated infrastructure. The audit ledger provides compliance evidence. The mcpd daemon manages multiple servers from a single configuration.
Learn moreMCP Server Hosting Pricing
Every plan includes the full MCP hosting stack: mcpd daemon, streamable HTTP endpoints, OAuth 2.1 authorization, audit logging, watchdog auto-restart, NixOS atomic rollbacks, and dedicated Hetzner infrastructure. No per-request charges.
$14.99
/month
Starter
$34.99
/month
Standard
$69.99
/month
Pro
$125.99
/month
Enterprise
Frequently Asked Questions
What is MCP server hosting?
MCP server hosting is dedicated infrastructure designed to run Model Context Protocol servers in production. Unlike running MCP servers locally on a developer machine, hosted MCP servers provide persistent uptime, secure remote access via streamable HTTP endpoints, OAuth 2.1 authentication, audit logging, and automatic crash recovery. osModa provides all of this through a purpose-built mcpd daemon running on NixOS with self-healing capabilities.
Why host MCP servers remotely instead of running them locally?
Local MCP servers are ideal for development but fall short in production. They stop when your laptop sleeps, cannot be shared across team members, lack authentication, and provide no audit trail. Remote MCP servers on osModa run 24/7 on dedicated infrastructure with streamable HTTP endpoints that any authorized client can connect to. Team members share tools without duplicating configuration, and every tool call is logged in a tamper-proof audit ledger.
Does osModa support the new streamable HTTP transport?
Yes. The MCP specification deprecated SSE in favor of streamable HTTP in the June 2025 spec update. osModa's mcpd daemon natively supports streamable HTTP with chunked transfer encoding, progressive message delivery, and proper session management. The daemon also maintains backward compatibility with SSE for legacy clients during the transition period.
How does the mcpd daemon work?
The mcpd daemon is a Rust-based process manager purpose-built for MCP server lifecycle management. It handles server startup, health monitoring, watchdog auto-restart on crash (6-second median recovery), streamable HTTP endpoint configuration, OAuth 2.1 token validation, connection pooling, and audit logging. It runs as a systemd service on NixOS and supervises all MCP server processes on the host.
What authentication does osModa use for MCP servers?
osModa implements the MCP authorization specification based on OAuth 2.1 with mandatory PKCE (Proof Key for Code Exchange). MCP servers are configured as OAuth Resource Servers per RFC 9728, with support for authorization server discovery, scoped token validation, and resource indicators to prevent token misuse. You can bring your own identity provider or use osModa's built-in authorization server.
How much does MCP server hosting cost?
osModa plans start at $14.99/month for a dedicated server with the full MCP hosting stack included: mcpd daemon, streamable HTTP endpoints, OAuth 2.1 auth, audit logging, watchdog auto-restart, and NixOS atomic rollbacks. No per-request charges, no credit systems, no usage caps on the hosting itself. Plans scale up to $125.99/month for higher-resource servers.
Can I host multiple MCP servers on one osModa instance?
Yes. The mcpd daemon supports running multiple MCP servers on a single osModa instance, each with its own streamable HTTP endpoint, authentication scope, and resource allocation. The daemon manages lifecycle, health checks, and connection routing for all servers independently. Each server gets its own audit trail and can be restarted without affecting others.
Is osModa compatible with the MCP Registry?
Yes. The MCP Registry launched in September 2025 as an open catalog for indexing and discovery of MCP servers. osModa-hosted servers can be registered in the MCP Registry for discoverability, and the mcpd daemon supports automatic registration and metadata publishing to the registry API.
Explore the MCP Hosting Ecosystem
Remote vs Local MCP
When to go remote, when to stay local
Security Hardening
Authz/authn for production MCP
SSE / HTTP Deployment
Streamable HTTP endpoints done right
MCP on Frameworks
MCP servers with LangGraph, CrewAI
AI Agent Hosting
Self-healing dedicated servers
Audit & Compliance
SOC 2, HIPAA, 21 CFR Part 11