The Self Hosting series are guides to setup bare minimum server software on a number of operating systems. In these articles I will go through the steps to choose a hosting provider, install and configure server software and best practices for security in your systems. In Part 2 of this series we will discuss choosing an operating system.
Word of Caution
There are many operating systems for servers and many are very similar but offer unique features it's impossible to cover all options in one article so there will be multiple articles in to cover different operating systems but even then I will only cover a few of the options available. Keep in mind the default installation will likely be different on different providers so some of the steps may need some searching. Since operating systems and software are constantly updated I will note specific versions in use in each article to avoid confusion but this means that some steps will not work and will require some searching. Consider these articles a baseline to learn and work from.
An attack vector is a path or means by which an attacker or hacker can gain access to a computer many times with malitious intent. Attack vectors enable hackers to exploit system vulnerabilities. We need to consider attack vectors when choosing an operating system and in our software configuration. The general rule is: less is better. The less software you have the less you have to worry about that software being compromised and the less you have to worry about maintaining it. This is why it's important to run servers for specific applications and run services where you can choose what software is running. When choosing an operating system it's best to choose a lightweight system that doesn't include a bunch of unnecessary tools that you won't use. This will also decrease the load on your server which means you will not need a huge amount of hardware resources which cost money. As such we can exclude Windows Server immediately. Unless you have a specific reason to use it, you should consider *nix based alternatives because they tend to be more lightweight with a focus on having only required tools included by default. Plus *nix based operating systems are open source and many only include open source software which means that the software that does come by default has been worked on by a community of contributors and is likely updated quickly when vulnerabilities are introduced.
Choosing an OS
With security precautions in mind we can choose an operating system that best fits our needs. If you're in to computers you will likely have used one of the common options before, and if so you should go with what's comfortable for you because it's much easier to work with what you're comfortable with.
If you want to experiment with something new or you haven't used anything before here are some good options
- Debian - A solid *nix based operating system that has been around for a very, very long time and is used in numerous web services around the world. Ubuntu and a number of other *nix distributions are based on Debian. Debian provides a good base operating system without the extra stuff included in it's variants that you may not need.
- Arch - Feeling bold? Arch is a rolling release *nix distribution it's typically advised to avoid Arch in public facing web services because of it's bleeding edge design but I personally like the idea of using a rolling release operating system on the web because you can be sure to have updates as soon as they are available. This is really better for personal deployments as it can be unstable and require heavy maintenance. Arch is a very basic system that doesn't include any unnecessary software by default which is the ultimate way to reduce potential attack vectors by default.
- CentOS - A free variant of Red Hat Enterprise Linux (RHEL), CentOS is known for its stability and support from their far-reaching community of enthusiasts. There will be less frequent updates with this which may create problems however it's considered especially stable for use with web services. CentOS also uses very basic software by default which is great for security as we can configure only what we need to reduce potential attack vectors.
Considerations when choosing an operating system outside of these suggestions
- Avoid bloated operating systems such as Windows Server
- Avoid operating systems that are not frequently updated
- Avoid operating systems that are uncommon and/or have minimal software support and documentation
- Avoid proprietary operating systems. Open source operating systems are free and contributed to by a wide variety of people which makes them more secure and avoids long standing security and performance issues
There are so many operating systems out there that it's hard to narrow down the options! Hopefully this article helped you form an idea of what to choose and why. In the next few articles we will discuss software installation and configuration for the suggested operating systems outlined in this article, stay tuned! If you have any questions or comments feel free to comment below!