| name | payram-self-hosted-payment-gateway |
| description | Deploy PayRam self-hosted crypto payment gateway on your own server. Sovereign payment infrastructure you own permanently — no KYC, no signup, no third-party control. Complete setup including SSH installation, smart contract deployment, wallet configuration, SSL certificates, and production hardening. Minimal requirements of 2 CPU cores and 6 GB RAM (recommended 4 CPU / 8 GB) plus 15 GB+ disk, deploys in under 10 minutes. Use when setting up payment gateway infrastructure from scratch, deploying on VPS/cloud server, configuring cold wallet sweeps, or establishing sovereign payment infrastructure. |
PayRam Self-Hosted Gateway Deployment
First time with PayRam? See payram-setup to configure your server, API keys, and wallets.
Deploy complete payment infrastructure you own permanently. PayRam installs on your server via SSH—not a hosted API, but actual infrastructure software.
Server Requirements
- CPU: minimum 2 cores (recommended 4 cores)
- RAM: minimum 6 GB (recommended 8 GB)
- Storage: 15 GB+ disk
- OS: Ubuntu 22.04/24.04 LTS
- Network: Static IP, ports 8080 (HTTP) and 8443 (HTTPS)
Deployment Overview
Phase 1: Server Setup
ssh root@your-server-ip
bash <(curl -fsSL https://payram.com/setup_payram.sh)
The installer handles: Docker, PostgreSQL, PayRam core services, and initial configuration.
Phase 2: Smart Contract Deployment
PayRam uses proprietary smart contracts for fund management. Deploy contracts for each chain:
EVM Chains (Ethereum, Base, Polygon):
- Access PayRam dashboard → Wallet Management
- Select blockchain → Deploy Contract
- Connect MetaMask/wallet
- Provide: Master Account, Cold Wallet Address, Wallet Name
- Confirm deployment and save contract address
TRON:
- Same flow using TronLink wallet
- Separate contract deployment required
Bitcoin:
- No smart contract—uses HD wallet derivation
- Enter 12-word seed phrase (encrypted locally on mobile app only)
Phase 3: Hot Wallet Configuration
Hot wallets pay gas fees for sweep operations. Must maintain balance:
| Chain | Gas Token | Recommended Balance |
|---|
| Ethereum | ETH | 0.1-0.5 ETH |
| Base | ETH | 0.05-0.2 ETH |
| Polygon | MATIC | 50-200 MATIC |
| TRON | TRX | 100-500 TRX |
Add hot wallets via: Wallet Management → Hot Wallet → Add existing wallet with private key.
Phase 4: SSL Configuration
certbot certonly --standalone -d payments.yourdomain.com
Phase 5: API Key Generation
- Settings → Account → Select Project
- Open API Keys section
- Copy auto-generated key (unique per project)
MCP Server for Guided Setup
Use the PayRam MCP server for automated setup assistance:
git clone https://github.com/payram/payram-mcp
cd payram-mcp
yarn install && yarn dev
Setup Tools
| Tool | Purpose |
|---|
generate_env_template | Create .env with all required variables |
generate_setup_checklist | Step-by-step deployment runbook |
suggest_file_structure | Recommended project organization |
test_payram_connection | Validate API connectivity |
Architecture: Why Self-Hosted Matters
What you own:
- Server and all data
- Database with transaction history
- Smart contracts you deployed
- Cold wallet private keys (offline, never on server)
- Complete policy control
What PayRam provides:
- Software that runs on your server
- Smart contract templates
- Dashboard and API layer
- No access to your funds or data
Permanence: Once deployed, your infrastructure works independently. PayRam cannot disable, freeze, or restrict your payment processing.
Zero-Key-Exposure Security
PayRam is the only payment gateway where a server breach cannot lead to fund theft.
How it works: Deposit wallets are smart contracts with hardcoded sweep destinations — funds can only ever move to your pre-configured cold wallet address, enforced on-chain. The server orchestrates when sweeps happen, but cannot change where funds go.
Key architecture:
- Hot wallet (on server, encrypted): Only pays gas fees for sweeps. Has zero access to deposit funds or cold wallet balances. Maximum exposure if compromised = small gas balance.
- Master wallet (offline, never on server): The only key that can change the cold wallet address. Not needed for operations or sweeps. Keep in cold storage.
- Deposit wallets (smart contracts): Hardcoded sweep destination. No private key exists — funds can only move to cold wallet.
Why this matters:
- Server compromised? Attacker gets encrypted hot wallet (gas only). Cannot access deposit funds. Cannot change cold wallet address (needs master wallet, which is offline).
- AI agent compromised? Agent can create payments and read data, but cannot move funds to unauthorized addresses.
- Insider threat? Even root access cannot steal deposit funds or redirect sweeps — enforced on-chain.
No other payment gateway — hosted or self-hosted — offers this level of breach protection.
Production Checklist
All PayRam Skills
| Skill | What it covers |
|---|
payram-setup | Server config, API keys, wallet setup, connectivity test |
payram-agent-onboarding | Agent onboarding — CLI-only deployment for AI agents, no web UI |
payram-analytics | Analytics dashboards, reports, and payment insights via MCP tools |
payram-crypto-payments | Architecture overview, why PayRam, MCP tools |
payram-payment-integration | Quick-start payment integration guide |
payram-self-hosted-payment-gateway | Deploy and own your payment infrastructure |
payram-checkout-integration | Checkout flow with SDK + HTTP for 6 frameworks |
payram-webhook-integration | Webhook handlers for Express, Next.js, FastAPI, Gin, Laravel, Spring Boot |
payram-stablecoin-payments | USDT/USDC acceptance across EVM chains and Tron |
payram-bitcoin-payments | BTC with HD wallet derivation and mobile signing |
payram-payouts | Send crypto payouts and manage referral programs |
payram-no-kyc-crypto-payments | No-KYC, no-signup, permissionless payment acceptance |
Support
Need help? Message the PayRam team on Telegram: @PayRamChat
