There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

What distro do you use for your servers?

I’ve only ever used desktop Linux and don’t have server admin experience (unless you count hosting Minecraft servers on my personal machine lol). Currently using Artix and Void for my desktop computers as I’ve grown fond of runit.

I’m going to get a VPS for some personal projects and am at the point of deciding what distro I want to use. While I imagine that systemd is generally the best for servers due to the far more widespread support (therefore it’s better for the stability needs of a server), I have a somewhat high threat model compared to most people so I was wondering if maybe I should use something like runit instead which is much smaller and less vulnerable. Security needs are also the reason why I’m leaning away from using something like Debian, because how outdated the packages are would likely leave me open to vulnerabilities. Correct me if I’m misunderstanding any of that though.

Other than that I’m not sure what considerations there are to make for my server distro. Maybe a more mainstream distro would be more likely to have the software in its repos that I need to host my various projects. On the other hand, I don’t have any experience with, say, Fedora, and it’d probably be a lot easier for me to stick to something I know.

In terms of what I want to do with the VPS, it’ll be more general-purpose and hosting a few different projects. Currently thinking of hosting a Matrix instance, a Mastodon instance, a NextCloud instance, an SMTP server, and a light website, but I’m sure I’ll want to stick more miscellaneous stuff on there too.

So what distro do you use for your server hosting? What things should I consider when picking a distro?

bjoern_tantau ,
@bjoern_tantau@swg-empire.de avatar

I love Debian for servers. Super stable. No surprises. It just works. And millions of other people use it as well in case I need to look something up.

And even when I’m lazy and don’t update to the latest release oldstable will be supported for years and years.

mdione ,
@mdione@en.osm.town avatar

@bjoern_tantau @communism That 'support for years and years' means security support. So even if the nominal versions stay stable, security fixes are backported. Security scans that only check versions usually give false positives: they think fixes in newer versions are not present when in fact they are.

Many others distros do exactly the same. I only chose Debian because the amount of software already packaged in the distro itself is bigger than any other, barring 3rd party repos.

TheBigBrother ,

Debian

ouch ,

This is the way.

Add unattended-upgrades, and never worry about security updates.

TheBigBrother ,

I’m using cron to run daily “sudo apt update && sudo apt upgrade -y” LMAO, what’s the way to use unattended-upgrades?

hagarashi8 ,
@hagarashi8@allthingstech.social avatar

@communism Debian is an easy pick, but sometimes I can do alpine. Generally, it's all in containers anyway, so doesn't really matters.

secret300 ,

I just use debian cause it’s rock solid and most of what I set up are in containers or VM’S anyways

asap , (edited )
@asap@lemmy.world avatar

uCore spin of Fedora CoreOS:

github.com/ublue-os/ucore

  • SELinux
  • Supports secure boot
  • Immutable root partition (can’t be tampered with)
  • Rootless Podman (significantly more secure than Docker)
  • Everything runs in containers
  • Smart and secure opinionated defaults
  • Fedora base is very up-to-date, compared to something like Debian
ginza ,

My server is running headless Debian. I run what I can in a Docker container. My experience has been rock solid.

From what I understand Debian isn’t less secure due to the late updates. If anything it’s the opposite.

savvywolf ,
@savvywolf@pawb.social avatar

I switched mine to NixOS a while ago. It’s got a steep learning curve, but it’s really nice having the entire server config exist in a handful of files.

itslilith ,
@itslilith@lemmy.blahaj.zone avatar

NixOS for my homelab that I like to tinker with, Debian as Docker host for the server people actually rely on

kuneho , (edited )
@kuneho@lemmy.world avatar

I used to use Ubuntu, but nowadays I just go with Debian for servers (as well), but you said you wish to choose something else, so I can’t give you any meaningful inputs…

I don’t know how real the outdated packages threat, but I would assume, a server never really wants the bleeding edge software and Debian usually gets the critical security updates and patches.

But I’m no expert.

It is true that Bookworm is kinda old now, though.

communism OP ,
@communism@lemmy.ml avatar

Yeah I agree I don’t want bleeding edge hence why I won’t be using anything Arch-based (despite the fact that Arch-based systems are the ones I’m most familiar with, I’m typing this on an Artix system rn). But there is definitely a middle ground between bleeding edge and outdated, and I imagine a server should want to be somewhere between the middle and outdated, depending on how they balance stability and security.

I’m also not categorically opposed to using Debian. Ubuntu was my first Linux distro so I’m at least more familiar with Debian-based distros than most other popular server distros. I was just thinking probably not Debian because of how old its packages are and that I’m fairly concerned with security.

nfsm ,

Debian runs on most cloud servers, it’s pretty secure. The outdated packages refer mostly to apps, which is the reason why Debian is so stable. No frills and boring. Documentation is plenty on the internet and for server space it’s probably the most compatible OS.
I’m running Debian 11, kernel 6.10 on Odroid. Arch on my desktop.

2xsaiko ,
@2xsaiko@discuss.tchncs.de avatar

I run NixOS. It (or something like it, with a central declarative configuration for basically everything on the system) is imo the ideal server distro.

gomp ,

I think I can sense your love/hate relationship with nixos from here :) you are not alone

2xsaiko ,
@2xsaiko@discuss.tchncs.de avatar

Very true haha. NixOS is great and the best I’ve got right now but I would lie if I said it has never been painful.

Especially for desktop use I want to build my own distro which takes a lot from NixOS, mostly in terms of the central configuration but not much else (I definitely want a more sane package installation situation where you don’t need stuff like wrapper scripts which are incredibly awful imo), but also other distros, and also with some unconventional things (such as building it around GNUstep). But who knows if that ever gets off the ground, I have way too many projects with enormous scale…

Deckweiss ,

I have one server running arch and 3 running debian.

So far they are equally stable after running for about half a year.

Autoupdates are turned on on all of them. Which I am aware is against the arch wiki recommendations, but the server is not critical, easy to migrate and has nightly offsite backups anyway.

traches , (edited )

It’s not conventional wisdom, but I’m happiest with arch.

  • I’m familiar with it
  • can install basically any package without difficulty
  • also love that I never have a gigantic version upgrade to deal with. sure there might be some breaking change out of nowhere, but it’ll show up in my rss feeds and it hits all my computers at the same time so it’s not hard to deal with.
  • Arch never really surprises me because there’s nothing installed that didn’t choose to put there.
  • arch wiki

Tempted by nixos but I CBA to learn it.

Olap ,

openSUSE worth a consideration. More frequent releases than debian, but still pretty conservative

meldrik ,

Mostly Ubuntu, but sometimes Debian.

robinj1995 ,

CentOS Stream 8. Which I regret. Because they ended support without upgrade path.

gomp ,

I thought you could still go Centos Stream 9?

Anyway, I’m pretty sure almalinux-deploy allows migration from Centos Stream 8… it’s your second chance to be done with fickle management decisions from RedHat/IBM: don’t miss it this time :)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •