I’ve only ever used desktop Linux and don’t have server admin experience (unless you count hosting Minecraft servers on my personal machine lol). Currently using Artix and Void for my desktop computers as I’ve grown fond of runit.
I’m going to get a VPS for some personal projects and am at the point of deciding what distro I want to use. While I imagine that systemd is generally the best for servers due to the far more widespread support (therefore it’s better for the stability needs of a server), I have a somewhat high threat model compared to most people so I was wondering if maybe I should use something like runit instead which is much smaller and less vulnerable. Security needs are also the reason why I’m leaning away from using something like Debian, because how outdated the packages are would likely leave me open to vulnerabilities. Correct me if I’m misunderstanding any of that though.
Other than that I’m not sure what considerations there are to make for my server distro. Maybe a more mainstream distro would be more likely to have the software in its repos that I need to host my various projects. On the other hand, I don’t have any experience with, say, Fedora, and it’d probably be a lot easier for me to stick to something I know.
In terms of what I want to do with the VPS, it’ll be more general-purpose and hosting a few different projects. Currently thinking of hosting a Matrix instance, a Mastodon instance, a NextCloud instance, an SMTP server, and a light website, but I’m sure I’ll want to stick more miscellaneous stuff on there too.
So what distro do you use for your server hosting? What things should I consider when picking a distro?
Debian if you are new to Linux servers and self-hosting. Alpine if you get more advanced and just want something very light-weight and minimal.
Rocky and now moving too OpenSuse leap micro to move into immutable OS deployments.
Its all RKE2 (a k8s distro) on top anyways, so its very minor mods underneath, and base updates so I really want to maximize reproducibility and minim8ze attack surface.
I’ve been running arch for like 3 years now. Why arch? Because it just works (and its the only one i have esperience with). Maybe ill try nixos one day.
debian proxmox
I use proxmox and run Debian containers and VMs
Debian and Ubuntu server which, barring some differences in versions, are basically the same thing
They’re both awesome
Always, always, always: Debian. It’s not even a debate. Ubuntu is a mess for using as a server with their snaps bullshit. Leave that trash on the desktop, it’s a mess on a server.
Snaps are meant for server applications but yeah
Snaps are meant for server applications
That’s a frightening statement. I don’t work in secret-squirrel shit these days, but I do private-squirrel stuff, and snaps are just everything our security guys wake up at night to, screaming. Back when I ran security for a company, the entire idea would have been an insta-fuckno . Please, carefully reconsider the choices that put you in a position where snaps are the best answer.
I tried them by standing up a snap based docker server and it was a nightmare. Never again.
I love Debian for servers. Super stable. No surprises. It just works. And millions of other people use it as well in case I need to look something up.
And even when I’m lazy and don’t update to the latest release oldstable will be supported for years and years.
Debian, with a Kubernetes cluster on top running a bunch of Debian & Alpine containers. Never ever Ubuntu.
Never ever Ubuntu
Why’s that?
Because Ubuntu is the worst of both worlds. Its packages are both old and unstable, offering zero benefit over always-up-to-date distros like Arch or the standard Debian.
Especially when you’re running a containerised environment, there’s just no reason to opt for anything other than a stable, boring base OS while your containers can be as bleeding edge, crazy, or even Ubuntu-based as you like.
I use nixos, due to the incredible state management. You know exactly what versions of packages are on your machine, can build all packages from source yourself or download from a binary cache. 100% reproducible. Steep ass learning curve but tbh it’s well worth it. Saves you configuration time and energy in the long run. I’ve stopped distro hopping the implementation is so good. If you are concerned about security you can definitely harden it. There’s a lot more to security then package version. And even then nixos gives you the choice.
I won’t say which one, but I’ll give you a hint as to why:
rpm -Vp https://...
It’s what got me off Slackware, and it’s true today. If the distro can’t support that kind of check, it’s dead to me.
uCore spin of Fedora CoreOS:
https://github.com/ublue-os/ucore
- SELinux
- Supports secure boot
- Immutable root partition (can’t be tampered with)
- Rootless Podman (significantly more secure than Docker)
- Everything runs in containers
- Smart and secure opinionated defaults
- Fedora base is very up-to-date, compared to something like Debian
How did you set up the intial system?
From what I’ve seen, FCOS needs an ignition file and has no Anaconda installer. I would like to set it up soon too, but it looked like a huge hazzle…
Debian has been rock solid for me.
It’s not insecure. Quite the contrary debian repositories only include packages that has been through extensive testing and had been found secure and stable. And of course it regularly introduce security updates.
I use Alpine Linux. It’s exceptionally stable, great for pretty much any device and is best for small VPS with limited space/ram. Nice package manager too, but it is limited in packages.
It works great for me since I only use docker containers, but some things outside docker may require something like Debian instead.
Alpine Linux
Alpine is so great for so many reasons. I don’t like its packaging format, but its composition otherwise is just top-notch. I’m a huge fan when the one nit isn’t an issue. It also avoid cancers like systemd, and it makes it a joy to use.
Downvotes for recommending alpine? This is my baffled face.
Dietpi.. For no particular/proper reason other than its (extreme) focus on minimalism.
@GustavoM @communism I think Alpine is better for a lightweight distro. It’s also very minimalist, but without going too bespoke so it’s still easy to google a solution.