I’ve only ever used desktop Linux and don’t have server admin experience (unless you count hosting Minecraft servers on my personal machine lol). Currently using Artix and Void for my desktop computers as I’ve grown fond of runit.
I’m going to get a VPS for some personal projects and am at the point of deciding what distro I want to use. While I imagine that systemd is generally the best for servers due to the far more widespread support (therefore it’s better for the stability needs of a server), I have a somewhat high threat model compared to most people so I was wondering if maybe I should use something like runit instead which is much smaller and less vulnerable. Security needs are also the reason why I’m leaning away from using something like Debian, because how outdated the packages are would likely leave me open to vulnerabilities. Correct me if I’m misunderstanding any of that though.
Other than that I’m not sure what considerations there are to make for my server distro. Maybe a more mainstream distro would be more likely to have the software in its repos that I need to host my various projects. On the other hand, I don’t have any experience with, say, Fedora, and it’d probably be a lot easier for me to stick to something I know.
In terms of what I want to do with the VPS, it’ll be more general-purpose and hosting a few different projects. Currently thinking of hosting a Matrix instance, a Mastodon instance, a NextCloud instance, an SMTP server, and a light website, but I’m sure I’ll want to stick more miscellaneous stuff on there too.
So what distro do you use for your server hosting? What things should I consider when picking a distro?
Debian if you are new to Linux servers and self-hosting. Alpine if you get more advanced and just want something very light-weight and minimal.
debian proxmox
I use Alpine Linux. It’s exceptionally stable, great for pretty much any device and is best for small VPS with limited space/ram. Nice package manager too, but it is limited in packages.
It works great for me since I only use docker containers, but some things outside docker may require something like Debian instead.
Alpine Linux
Alpine is so great for so many reasons. I don’t like its packaging format, but its composition otherwise is just top-notch. I’m a huge fan when the one nit isn’t an issue. It also avoid cancers like systemd, and it makes it a joy to use.
Downvotes for recommending alpine? This is my baffled face.
I run NixOS. It (or something like it, with a central declarative configuration for basically everything on the system) is imo the ideal server distro.
Dietpi.. For no particular/proper reason other than its (extreme) focus on minimalism.
@GustavoM @communism I think Alpine is better for a lightweight distro. It’s also very minimalist, but without going too bespoke so it’s still easy to google a solution.
Debian
This is the way.
Add unattended-upgrades, and never worry about security updates.
I’m using cron to run daily “sudo apt update && sudo apt upgrade -y” LMAO, what’s the way to use unattended-upgrades?
Thx
Edit: I will stay with cron I believe it’s easier to configure.
sudo apt install cron sudo crontab -e @daily sudo apt update && sudo apt upgrade -y
Easy peasy…
sudo apt install cron sudo crontab -e @daily sudo apt update && sudo apt upgrade -y
I have 20 years of history with the RPM version of this workflow and up to EL6 it was solid like bedrock. Now it’s merely solid like a rock, but that’s nothing to do with the tools or formats but the payload. And as long as it stays acceptably good, this should do us for another 20 years.
Controlling the supply chain is important, though, but is far more scalable where effort is concerned.
It’s not conventional wisdom, but I’m happiest with arch.
- I’m familiar with it
- can install basically any package without difficulty
- also love that I never have a gigantic version upgrade to deal with. sure there might be some breaking change out of nowhere, but it’ll show up in my rss feeds and it hits all my computers at the same time so it’s not hard to deal with.
- Arch never really surprises me because there’s nothing installed that didn’t choose to put there.
- arch wiki
Tempted by nixos but I CBA to learn it.
I agree and use Arch as well, but of course I wouldn’t recommend it for everyone. For me, having the same distribution on both server and desktop makes it easier to maintain. I run almost everything using containers on the server and install minimal packages, minimizing my upgrade risk. I haven’t had an issue yet, but if I did I have btrfs snapshots and backups to resolve.
same exact setup, I’m running arch for years on both server and desktop, btrfs and containers. It’s beautiful and I click perfectly with it’s maintenance workflow
I have tons of experience with enterprise linux, so I tend to use Rocky linux. It’s similar to my Fedora daily driver, which is nice, and very close to the RHEL and Centos systems I used to own.
You are slightly mistaken with your assumption that debian is insecure because of the old packages. Old packages are fine, and not inherently insecure because of its age. I only become concerned about the security implications of a package if it is dual use/LOLBin, known to be vulnerable, or has been out of support for some time. The older packages Debian uses, at least things related to infrastructure and hosting, are the patched LTS release of a project.
My big concerns for picking a distro for hosting services would be reliability, level of support, and familiarity.
A more reliable distro is less likely to crash or break itself. Enterprise linux and Debian come to mind with this regard.
A distro that is well supported will mean quick access to security patches, updates, and more stable updates. It will have good, accurate documentation, and hopefully some good guides. Enterprise linux, Debian and Ubuntu have excellent support. Enterprise linux distros have incredible documentation, and often are similar enough that documentation for a different branch will work fine. Heck, I usually use rhel docs when troubleshooting my fedora install since it is close enough to get me to a point where the application docs will guide me through.
Familiarity is self explanatory. But it is important because you are more likely to accidentally compromise security in an unfamiliar environment, and it’s the driving force behind me sticking with enterprise linux over Nixos or a hardened OpenBSD.
As a fair word of warning, enterprise linux will be pretty different compared to any desktop distro, even fedora. It takes quite a bit of learning, to get comfortable (especially with SELinux), but once you do, things will go smoothly.
you can also use a pirated rhel certification guide to learn enterprise linuxIf anything, you can simply mess around in a local VM and try installing the tools and services needed before taking it to the cloud.
