Elestio MCP Server

Connect any MCP-compatible AI to the full Elestio DevOps platform. Deploy services, manage billing, configure backups, monitor logs — all from natural language conversations with Claude, ChatGPT, Cursor, and other AI tools.

Server URL: https://mcp.elest.io/

# What is Elestio MCP?

The Elestio MCP server exposes 68 tools that map directly to the Elestio API. Once connected, your AI client can:

Deploy any of 400+ open-source templates across 9 cloud providers
List, restart, resize, lock or delete services
Read and explain your billing breakdown
Manage firewall rules, SSL domains, SSH keys, volumes
Trigger and monitor CI/CD pipelines
Create local + remote backups, take snapshots
Pull service logs and audit trails

The server is built on the Model Context Protocol (MCP) standard, with OAuth 2.1 + PKCE for secure authentication.

# Quick start

Open your AI client (Claude.ai, ChatGPT, Cursor, etc.)
Add a remote MCP server with the URL https://mcp.elest.io/
Click Authorize when the consent screen appears
Log in with your Elestio email + API token

Once authorized, the AI can call any of the 68 tools on your behalf.

# Connect to your AI client

# Claude.ai (web, Pro/Team plan)

Open Claude.ai → click your avatar → Settings → Connectors.
Click Add custom connector.
Paste the URL: https://mcp.elest.io/
Click Connect → the Elestio consent page opens in a new tab.
Enter your Elestio email + API token (get one from dash.elest.io → Account → API tokens).
Click Authorize.

The connector now appears in every conversation. Mention "Elestio" in your prompt and Claude will use the tools automatically.

# Claude Code (CLI)

claude mcp add elestio https://mcp.elest.io/

The CLI walks you through OAuth in your browser. After authorization, run claude normally — /mcp shows the registered server and tool count.

# ChatGPT (custom connector)

ChatGPT supports remote MCP servers via the Connectors feature (Plus/Pro/Team plans).

In ChatGPT → Settings → Connectors → Add a custom connector.
Name: Elestio
MCP server URL: https://mcp.elest.io/
Authorization: OAuth (default)
Click Save → ChatGPT opens the consent screen.
Authorize with your Elestio email + API token.

In any conversation, enable the Elestio connector from the connector menu before prompting.

# Cursor

Open ~/.cursor/mcp.json (create it if missing) and add:

{
  "mcpServers": {
    "elestio": {
      "url": "https://mcp.elest.io/"
    }
  }
}

Restart Cursor. The first call to an Elestio tool triggers the OAuth flow in your browser.

# Other clients (Windsurf, Continue, Zed, etc.)

Any MCP client supporting the Streamable HTTP transport with OAuth 2.1 + PKCE works out of the box. Point it at https://mcp.elest.io/ — the discovery endpoint at /.well-known/oauth-authorization-server advertises everything else.

# Authentication

# OAuth 2.1 + PKCE (recommended)

This is the default flow used by all modern MCP clients. You never paste your API token into the AI client — instead, you authorize the MCP server once via a browser, and the client receives short-lived tokens (1h access, 30-day refresh, rotated).

Discovery: https://mcp.elest.io/.well-known/oauth-authorization-server
JWT signing: RS256, rotated keypair, JWKS at /.well-known/jwks.json
Token lifetime: 1h access (refresh rotated, 30-day max lifetime)

# HTTP Basic auth (for scripts and headless clients)

If you're building a script or a server that doesn't have a browser, you can authenticate directly with an Elestio API token:

curl -X POST https://mcp.elest.io/ \
  -H "Authorization: Basic $(echo -n '[email protected]:YOUR_API_TOKEN' | base64)" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"tools/list","id":1}'

Use this for CI/CD jobs, monitoring scripts, or backend services where OAuth is impractical.

# Tools reference

The 68 tools are grouped into 12 categories. Click the category to jump to the tools list.

# Account & discovery (3)

whoami — Returns the authenticated user's email and account info.
search_templates — Search the catalog of 400+ open-source templates by keyword.
list_providers_and_sizes — List the 9 cloud providers, available regions, VM sizes, and current pricing.

# Projects (4)

list_projects — Returns all projects the user has access to.
list_project_members — List members and their roles for a given project.
create_project — Create a new project (workspace for grouping services).
delete_project — Delete a project. Fails if it still has active services.

# Services (19)

list_services — List all services across a project, with status and provider info.
get_service — Full details for a single service (ports, VM info, domains, status).
get_service_credentials — Get admin URL, username, and password for the deployed app.
deploy_template — Deploy an open-source template (WordPress, Postgres, n8n, etc.).
deploy_cicd_target — Deploy a CI/CD pipeline target (custom Git repo build).
wait_for_deployment — Poll until a deployment reaches a final state.
restart_service — Restart the application container.
restart_stack — Restart the full service stack (app + sidecars).
shutdown_service — Stop the service (keeps the VM running).
poweron_service — Resume a previously stopped service.
lock_service — Prevent accidental modifications (must unlock before any destructive action).
unlock_service — Remove the lock.
resize_service — Change VM size (some providers support downgrade, others only upgrade).
change_service_version — Switch to a different template version (e.g., Postgres 15 → 16).
move_service — Move a service to a different project.
delete_service — Permanently delete the service and its VM.
get_service_access — Get SSH access info and admin port mappings.
get_service_logs — Stream container logs (returns a tail URL).
get_service_audits — Return the audit log of recent actions on a service.

# Billing (2)

get_total_billing — Total spend across all projects (current cycle).
get_project_billing — Per-service spend breakdown for one project.

# Firewall (3)

get_firewall — Current firewall rules for a service.
update_firewall — Add/replace inbound rules (port, protocol, source CIDR).
disable_firewall — Disable the firewall (all ports open — use with caution).

# SSL & Custom Domains (3)

list_ssl_domains — Domains bound to a service with their SSL cert status.
add_ssl_domain — Add a custom domain (DNS must point to the service IP first).
remove_ssl_domain — Remove a domain from a service.

# SSH Keys (3)

list_ssh_keys — Public SSH keys authorized on a service.
add_ssh_key — Authorize a new public key.
remove_ssh_key — Revoke a public key.

# System & application updates (4)

enable_system_updates — Turn on automatic OS-level security updates.
disable_system_updates — Turn off automatic OS updates (rare, only for pinned environments).
enable_app_updates — Turn on automatic application image updates.
disable_app_updates — Pin the application version.

# Backups (8)

list_local_backups — Backups stored on the same VM.
create_local_backup — Trigger a local backup now.
restore_local_backup — Restore a service from a local backup.
list_remote_backups — Backups stored on Elestio remote storage.
create_remote_backup — Trigger a remote backup now.
restore_remote_backup — Restore from a remote backup.
enable_auto_backups — Turn on scheduled backups (daily by default).
disable_auto_backups — Turn off scheduled backups.

# Snapshots (4)

list_snapshots — VM-level snapshots (full disk image).
create_snapshot — Take a snapshot now.
restore_snapshot — Restore the VM from a snapshot.
delete_snapshot — Delete a snapshot.

# Volumes (5)

list_volumes — All block-storage volumes attached or available.
attach_volume — Attach a volume to a service.
resize_volume — Grow a volume (most providers do not support shrink).
detach_volume — Detach a volume without deleting it.
delete_volume — Permanently delete a volume.

# CI/CD pipelines (10)

list_cicd_targets — List build targets (Git-connected services).
list_pipelines — List pipelines for a service (Auto and Docker types).
get_pipeline — Full pipeline definition.
create_pipeline_auto — Create an Auto pipeline (Elestio detects the stack).
create_pipeline_docker — Create a Docker pipeline (user-provided Dockerfile).
restart_pipeline — Trigger a new build.
stop_pipeline — Cancel an in-progress build.
get_pipeline_logs — Stream build logs.
add_pipeline_domain — Bind a custom domain to a pipeline target.
remove_pipeline_domain — Unbind a domain.

# Troubleshooting

# "Session expired, restart authorization"

The OAuth consent page uses a signed session cookie. If you're authorizing from a browser where another tool (browser-automation, certain extensions) clears cookies between page loads, the session is lost.

Fix: Open the authorization link in a private/incognito window.

# "Invalid token" returned by the API

Two causes:

Your Elestio API token has been revoked or expired — generate a new one in the dashboard and re-authorize.
You're calling a tool with a wrong service or project ID. Elestio's API returns InvalidToken misleadingly when an ID doesn't belong to your account. Double-check the ID with list_services or list_projects.

# "Account not approved"

New Elestio accounts go through a quick approval step. Wait for the confirmation email, or contact [email protected].

# A tool call hangs or times out

For deployments: use wait_for_deployment — provisioning a new VM can take 1-3 minutes.
For backups: create_local_backup and create_remote_backup return immediately but the backup itself runs async. Use list_local_backups / list_remote_backups to confirm.

# The MCP server returns 401

Your access token expired (1h lifetime). Most MCP clients refresh automatically. If yours doesn't:

Re-trigger the OAuth flow from your client's connector settings
Or switch to HTTP Basic auth for scripts

# Resources

Status: https://mcp.elest.io/healthz
OAuth metadata: https://mcp.elest.io/.well-known/oauth-authorization-server
Elestio dashboard: https://dash.elest.io
Elestio API docs: https://docs.elest.io
Support: [email protected]

Last updated: 2026-05-12