Cloudways MCP Server

A comprehensive Model Context Protocol (MCP) server for managing Cloudways infrastructure. This server provides a secure, modular, and scalable interface to the Cloudways API with 43+ tools covering all aspects of server and application management.

🚀 Features

Complete Cloudways API Coverage: 43+ tools organized into logical categories
Modular Architecture: Clean separation of concerns with dedicated modules for different functionalities
Enterprise Security: Multi-layered authentication, rate limiting, and audit logging
High Performance: Asynchronous design with Redis caching and HTTP connection pooling
Production Ready: Structured logging, error handling, and monitoring capabilities
MCP Compatible: Full Model Context Protocol support for AI assistant integration

📊 Tools Overview

Basic Operations (18 tools)

Authentication & Info: ping, customer_info, rate_limit_status
Server Management: list_servers, get_server_details
Application Management: get_app_details, get_app_credentials, get_app_settings, get_app_monitoring_summary
Project Management: list_projects, list_team_members, get_alerts
Infrastructure Discovery: get_ssh_keys, get_available_providers, get_available_regions, get_available_server_sizes, get_available_apps, get_available_packages

Server Operations (12 tools)

Power Management: start_server, stop_server, restart_server
Backup & Recovery: backup_server, get_server_settings
Storage Management: get_server_disk_usage, optimize_server_disk
Service Control: get_server_services_status, change_service_state
Caching: manage_server_varnish
Monitoring: get_server_monitoring_detail, get_server_analytics

Application Management (8 tools)

Deployment: clone_app, backup_app, restore_app, rollback_app_restore
Performance: clear_app_cache, get_app_varnish_settings, manage_app_varnish
Configuration: reset_app_file_permissions, enforce_app_https
Domain Management: update_app_cname, delete_app_cname
Analytics: get_app_analytics_traffic, get_app_analytics_php, get_app_analytics_mysql

Security & Access Control (5 tools)

IP Management: get_whitelisted_ips_ssh, get_whitelisted_ips_mysql, update_whitelisted_ips
Security Monitoring: check_ip_blacklisted
Tool Access: allow_ip_siab, allow_ip_adminer
SSL Management: install_ssl_certificate, remove_ssl_certificate, install_letsencrypt, renew_letsencrypt, set_letsencrypt_auto_renewal, revoke_letsencrypt
Git Deployment: generate_git_ssh_key, get_git_ssh_key, git_clone, git_pull, get_git_deployment_history, get_git_branch_names

🏗 Architecture

cw-mcp/
├── main.py                 # Application entry point
├── server.py              # FastMCP server instance
├── config.py              # Configuration management
├── requirements.txt       # Dependencies
│
├── auth/                  # Authentication & Security
│   ├── customer.py       # Customer session management
│   ├── tokens.py         # API token handling with auto-renewal
│   └── rate_limit.py     # Token bucket rate limiting
│
├── tools/                 # MCP Tools (43+ tools total)
│   ├── basic.py          # Core operations (18 tools)
│   ├── servers.py        # Server management (12 tools)
│   ├── apps.py           # Application management (8 tools)
│   └── security.py       # Security & access control (5 tools)
│
└── utils/                # Shared Utilities
    ├── api_client.py     # HTTP client with retry logic
    └── logging.py        # Structured logging setup

🔧 Installation & Setup

Prerequisites

Python 3.11+
Redis server (for caching and session management)
Cloudways API credentials

Configure environment variables:
# Generate encryption key for secure credential storage export ENCRYPTION_KEY=$(python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())') # Redis configuration export REDIS_URL="redis://localhost:6379/0" # Optional performance tuning export REDIS_POOL_SIZE="500" export HTTP_POOL_SIZE="500" export RATE_LIMIT_REQUESTS="90" export RATE_LIMIT_WINDOW="60"

Encryption Key Management

The server requires a Fernet encryption key for secure credential storage.

Generating a New Key

# Generate and set encryption key
export ENCRYPTION_KEY=$(python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())')

Exporting an Existing Key

# Save current key to file
echo $ENCRYPTION_KEY > encryption_key.txt

# Create environment file
echo "ENCRYPTION_KEY=$ENCRYPTION_KEY" > .env

# Load from environment file
export $(cat .env | xargs)

Key Validation

# validate_key.py
from cryptography.fernet import Fernet
import os

key = os.getenv('ENCRYPTION_KEY')
if not key:
    print("ENCRYPTION_KEY not set")
    exit(1)

try:
    fernet = Fernet(key.encode())
    test_data = b"test"
    encrypted = fernet.encrypt(test_data)
    decrypted = fernet.decrypt(encrypted)

    if decrypted == test_data:
        print("Encryption key is valid")
    else:
        print("Key validation failed")
except Exception as e:
    print(f"Invalid encryption key: {e}")

Important Notes

Key must be 44 characters long (base64-encoded)
Generated using Fernet.generate_key()
Do not commit keys to version control
Changing the key invalidates existing encrypted data in Redis

Start the server:
python main.py
Server will be available at: http://localhost:7000/mcp

🔐 Authentication

The server uses header-based authentication with encrypted credential storage:

x-cloudways-email: your-email@domain.com
x-cloudways-api-key: your-cloudways-api-key

Security Features

Credential Encryption: API keys encrypted with Fernet before Redis storage
Token Auto-Renewal: Proactive OAuth token refresh before expiration
Rate Limiting: Token bucket algorithm (90 requests/60 seconds by default)
Audit Logging: Comprehensive request/response logging with structured data

⚙️ Configuration Options

Variable	Default	Description
`ENCRYPTION_KEY`	Required	Fernet encryption key for credential storage
`REDIS_URL`	`redis://localhost:6379/0`	Redis connection string
`REDIS_POOL_SIZE`	`500`	Redis connection pool size
`HTTP_POOL_SIZE`	`500`	HTTP connection pool size
`RATE_LIMIT_REQUESTS`	`90`	Requests per time window
`RATE_LIMIT_WINDOW`	`60`	Rate limit window (seconds)
`LOG_LEVEL`	`INFO`	Logging verbosity
`LOG_FORMAT`	`console`	Log format (console/json)

📊 Monitoring & Observability

Structured Logging

Performance Metrics: Request timing and resource usage
Security Events: Authentication failures, rate limiting
API Interactions: Full request/response logging with sanitized credentials
Error Tracking: Comprehensive error context and stack traces

Health Checks

ping - Basic connectivity and authentication test
rate_limit_status - Current rate limit status
customer_info - Session and authentication status

🔄 Development & Extension

Adding New Tools

Choose appropriate module in tools/ directory
Follow existing patterns for error handling and authentication
Use type hints with Pydantic models for parameters
Include comprehensive docstrings
Test with various authentication scenarios

Tool Development Template

@mcp.tool
async def your_new_tool(ctx: Context, params: YourParamModel) -> Dict[str, Any]:
    """
    Tool description for MCP client

    Args:
        params: Parameter model with validation

    Returns:
        Standardized response dictionary
    """
    return await make_api_request(
        ctx, "/your/endpoint",
        params.dict(),
        redis_client, http_client, token_manager
    )

This server cannot be installed

security - not tested

license - not found

quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

A simple MCP server that provides read-only access to Cloudways hosting resources, including servers, applications, monitoring data, and team management features.

Related MCP Servers

Project Content Server
MaheshDoiphode
A
security
A
license
A
quality
An MCP server that provides access to project files and their contents, allowing users to retrieve file data from specified project directories with error handling and configuration options.
Last updated -
1
6
MIT License
Clever Cloud Documentation MCP Server
LostInBrittany
-
security
A
license
-
quality
The MCP server provides access to Clever Cloud's documentation, allowing users to query and interact with it through Model Context Protocol clients like Claude Desktop.
Last updated -
MIT License
Deskaid
ezyang
A
security
A
license
A
quality
An MCP server that provides tools for reading, writing, and editing files on the local filesystem.
Last updated -
1,552
Apache 2.0
Moonshot MCP Server Gateway
MarshallEriksen-shaomingyang
-
security
A
license
-
quality
A lightweight gateway server that provides a unified connection entry point for accessing multiple MCP servers, supporting various protocols including Network and Local Transports.
Last updated -
Apache 2.0

View all related MCP servers

Cloudways MCP Server