I’ve only ever used desktop Linux and don’t have server admin experience (unless you count hosting Minecraft servers on my personal machine lol). Currently using Artix and Void for my desktop computers as I’ve grown fond of runit.
I’m going to get a VPS for some personal projects and am at the point of deciding what distro I want to use. While I imagine that systemd is generally the best for servers due to the far more widespread support (therefore it’s better for the stability needs of a server), I have a somewhat high threat model compared to most people so I was wondering if maybe I should use something like runit instead which is much smaller and less vulnerable. Security needs are also the reason why I’m leaning away from using something like Debian, because how outdated the packages are would likely leave me open to vulnerabilities. Correct me if I’m misunderstanding any of that though.
Other than that I’m not sure what considerations there are to make for my server distro. Maybe a more mainstream distro would be more likely to have the software in its repos that I need to host my various projects. On the other hand, I don’t have any experience with, say, Fedora, and it’d probably be a lot easier for me to stick to something I know.
In terms of what I want to do with the VPS, it’ll be more general-purpose and hosting a few different projects. Currently thinking of hosting a Matrix instance, a Mastodon instance, a NextCloud instance, an SMTP server, and a light website, but I’m sure I’ll want to stick more miscellaneous stuff on there too.
So what distro do you use for your server hosting? What things should I consider when picking a distro?
You must log in or register to comment.
Debian and Ubuntu server which, barring some differences in versions, are basically the same thing
They’re both awesome
uCore spin of Fedora CoreOS:
https://github.com/ublue-os/ucore
- SELinux
- Supports secure boot
- Immutable root partition (can’t be tampered with)
- Rootless Podman (significantly more secure than Docker)
- Everything runs in containers
- Smart and secure opinionated defaults
- Fedora base is very up-to-date, compared to something like Debian
How did you set up the intial system?
From what I’ve seen, FCOS needs an ignition file and has no Anaconda installer. I would like to set it up soon too, but it looked like a huge hazzle…If you want atomic Fedora but don’t want to deal with the ignition file stuff, check out Fedora IoT.
Thing is, uCore has some very neat things I want, and FIOT doesn’t provide me such a great OOTB experience compared to the uBlue variant.
I’m also not sure if I even should decide for Fedora Atomic as a server host OS.
I really love Atomic as desktop distro, because it is pretty close to upstream, while still being stable (as in how often things change).
For a desktop workstation, that’s great, because DEs for example get only better with each update, and I want to be as close to upstream as possible, without sacrificing reliability.
The two major releases each year cycle is great for that.But for a server, even with the more stable kernel, I think that’s maybe too unstable? I think Debian is less maintenance, because it doesn’t change as often, and also doesn’t require rebooting as often.
What’s your experience with it?
doesn’t require rebooting as often.
You have to reboot to upgrade to the latest image, so you’ll have to get rid of the ideal of uptime with years showing on the clock.
Rebooting is optional, and so far it’s been rock solid. Since your workload is all containerised everything just comes up perfectly after a reboot without any intervention.
I think Debian is less maintenance
Arguably that’s the best feature of an atomic server. I don’t need to perform any maintenance, and I don’t need to worry that I’ve configured it in some way that has reduced my security. That’s all handled for me upstream.
Yes you need an ignition file, but you just need to put it on any web accessible (local) host.
I used a docker one-liner on my laptop to host the server:
docker run -p 5080:80 --name quick-webserver -v "$PWD":/var/www/html php:7.2-apacheAnd put this Ignition file in the directory I ran the above command from: https://github.com/ublue-os/ucore/blob/main/examples/ucore-autorebase.butane
You could equally put the Ignition file on some other web host you have, or even Github.
That’s it, that’s the only steps.
Debian with Docker containers works well for my needs.
I mostly use Proxmox these days which runs on Debian be default.
If you are already familiar with one package manager, pick a distro that also uses that package manager.
When deciding on the release track, the harder it is to recover the system, the more stable the track should be. Stable does not imply secure.
As you move up through virtualization layers, the less stable the track needs to be, allowing access to more recent features.
Steer clear of distros that pride themselves on using musl. It’s historically slow and incomplete. Don’t buy into the marketing.
Think about IaC. Remote management is a lot more comfortable if you can consider your server ephemeral. You’ll appreciate the work on the day you need to upgrade to a new major release of the distro.
Rocky and now moving too OpenSuse leap micro to move into immutable OS deployments.
Its all RKE2 (a k8s distro) on top anyways, so its very minor mods underneath, and base updates so I really want to maximize reproducibility and minim8ze attack surface.
It’s not conventional wisdom, but I’m happiest with arch just because I’m familiar with it and everything is easy to install on it.
Tempted by nixos but I CBA to learn it.
I agree and use Arch as well, but of course I wouldn’t recommend it for everyone. For me, having the same distribution on both server and desktop makes it easier to maintain. I run almost everything using containers on the server and install minimal packages, minimizing my upgrade risk. I haven’t had an issue yet, but if I did I have btrfs snapshots and backups to resolve.
same exact setup, I’m running arch for years on both server and desktop, btrfs and containers. It’s beautiful and I click perfectly with it’s maintenance workflow
arch is great if you don’t really care about your server being reliable (eg home lab) but their ethos isn’t really great for a server that has to be reliable… the constant update churn causes issues a lot more than i’d personally like for a server environment
I could not disagree more. Arch is unstable in the meaning that it pushes breaking changes all the time, (as opposed to something like Ubuntu where you get hit with them all at once), but that’s a very different thing from reliability.
There are no backported patches, no major version upgrades for the whole system, and you get package updates as soon as they are released. Arch packages are minimally modified from upstream, which also generally minimizes problems.
The result has been in my experience outstandingly reliable over many years. The few problems I do encounter are almost always my own fault, and always easily recovered from by rolling back a snapshot.
disagreement is fine, but there was literally a thread about “linux disinformation” where the OP asked for examples of things people say about linux that are untrue
the top answers by FAR are that arch is stable
saying that arch is stable, or easy for newcomers is doing the linux ecosystem a disservice
you should never use arch for a server - arbitrary, rather than controlled and well-tested updates to the bleeding edge is literally everything you want to avoid in a server OS
I didn’t say it was stable, I specifically said it was unstable. Because it is. I said arch is reliable, which is a completely different thing.
Debian is stable because breaking changes are rare. Arch is unstable because breaking changes are common. In my personal experience, arch has been very reliable, because said breaking changes are manageable and unnecessary complexity is low.
@pupbiru @traches , I certainly second this. People don’t need to become experts in Linux Distros, but they need to know what they want and need from their OS.
If it’s browsing and writing word documents, maybe you don’t need a constant stream up updates and a stable LTS would suffice. Maybe even a regular 6 month release like Fedora will probably suffice. Even Debian would be great, if upgrading is annoying and newest software isn’t really important.
Gaming? There are distros for that.
@pupbiru @traches I have used Arch, I am definitely not new to the Linux scene. I have servers, all my workstations and laptops run it. I professionally write software. I didn’t like the Arch experience at all. I qould definitely never recommend it to anyone, that’s something they can one day decide for themselves.
I’m also not new to the Linux scene, I also run a variety of distros on a variety of machines including servers and I also write software professionally. Arch is fucking great.
@traches , I firmly believe that. It wouldn’t be what it is if it didn’t do it well. In my opinion, Arch has the best documentation and I use it for other distros. I don’t use Arch and wouldn’t recommend it to someone new to the scene.
Debian
This is the way.
Add unattended-upgrades, and never worry about security updates.
I’m using cron to run daily “sudo apt update && sudo apt upgrade -y” LMAO, what’s the way to use unattended-upgrades?
Thx
Edit: I will stay with cron I believe it’s easier to configure.
sudo apt install cron sudo crontab -e @daily sudo apt update && sudo apt upgrade -y
Easy peasy…
sudo apt install cron sudo crontab -e @daily sudo apt update && sudo apt upgrade -y
I have 20 years of history with the RPM version of this workflow and up to EL6 it was solid like bedrock. Now it’s merely solid like a rock, but that’s nothing to do with the tools or formats but the payload. And as long as it stays acceptably good, this should do us for another 20 years.
Controlling the supply chain is important, though, but is far more scalable where effort is concerned.
Debian if you are new to Linux servers and self-hosting. Alpine if you get more advanced and just want something very light-weight and minimal.
My server is running headless Debian. I run what I can in a Docker container. My experience has been rock solid.
From what I understand Debian isn’t less secure due to the late updates. If anything it’s the opposite.
I won’t say which one, but I’ll give you a hint as to why:
rpm -Vp https://...It’s what got me off Slackware, and it’s true today. If the distro can’t support that kind of check, it’s dead to me.
I switched mine to NixOS a while ago. It’s got a steep learning curve, but it’s really nice having the entire server config exist in a handful of files.
openSUSE worth a consideration. More frequent releases than debian, but still pretty conservative
I currently use Ubuntu for all my machines (desktops, laptops, and servers), but I used to use Void Linux on my machines for about 6 years, including on a couple of VPSes. Since you are familiar with Void Linux, you could stick with that and just use Docker/Podman for the individual services such as Matrix, Mastodon, etc.
In regards to Debian, while the packages somewhat frozen, they do get security updates and backports by the Debian security team:
https://www.debian.org/security/
There is even a LTS version of Debian that will continue backporting security updates:
Good luck!
NixOS for my homelab that I like to tinker with, Debian as Docker host for the server people actually rely on
