Linux

I love Debian for servers. Super stable. No surprises. It just works. And millions of other people use it as well in case I need to look something up.

And even when I'm lazy and don't update to the latest release oldstable will be supported for years and years.

Debian. This is the way (for servers).

I run NixOS. It (or something like it, with a central declarative configuration for basically everything on the system) is imo the ideal server distro.

My server is running headless Debian. I run what I can in a Docker container. My experience has been rock solid.

From what I understand Debian isn't less secure due to the late updates. If anything it's the opposite.

I switched mine to NixOS a while ago. It's got a steep learning curve, but it's really nice having the entire server config exist in a handful of files.

Always Debian. I'm most comfortable in an environment with apt, and that's even more important on a server

Debian, with a Kubernetes cluster on top running a bunch of Debian & Alpine containers. Never ever Ubuntu.

@communism Debian is an easy pick, but sometimes I can do alpine. Generally, it's all in containers anyway, so doesn't really matters.

NixOS for my homelab that I like to tinker with, Debian as Docker host for the server people actually rely on

CentOS Stream 8. Which I regret. Because they ended support without upgrade path.

Debian has been rock solid for me.

It's not insecure. Quite the contrary debian repositories only include packages that has been through extensive testing and had been found secure and stable. And of course it regularly introduce security updates.

I just use debian cause it's rock solid and most of what I set up are in containers or VM'S anyways

Ubuntu LTS. Currently on 22.04.

Mostly Ubuntu, but sometimes Debian.

Debian and Ubuntu server which, barring some differences in versions, are basically the same thing

They're both awesome

I have tons of experience with enterprise linux, so I tend to use Rocky linux. It’s similar to my Fedora daily driver, which is nice, and very close to the RHEL and Centos systems I used to own.

You are slightly mistaken with your assumption that debian is insecure because of the old packages. Old packages are fine, and not inherently insecure because of its age. I only become concerned about the security implications of a package if it is dual use/LOLBin, known to be vulnerable, or has been out of support for some time. The older packages Debian uses, at least things related to infrastructure and hosting, are the patched LTS release of a project.

My big concerns for picking a distro for hosting services would be reliability, level of support, and familiarity.

A more reliable distro is less likely to crash or break itself. Enterprise linux and Debian come to mind with this regard.

A distro that is well supported will mean quick access to security patches, updates, and more stable updates. It will have good, accurate documentation, and hopefully some good guides. Enterprise linux, Debian and Ubuntu have excellent support. Enterprise linux distros have incredible documentation, and often are similar enough that documentation for a different branch will work fine. Heck, I usually use rhel docs when troubleshooting my fedora install since it is close enough to get me to a point where the application docs will guide me through.

Familiarity is self explanatory. But it is important because you are more likely to accidentally compromise security in an unfamiliar environment, and it’s the driving force behind me sticking with enterprise linux over Nixos or a hardened OpenBSD.

As a fair word of warning, enterprise linux will be pretty different compared to any desktop distro, even fedora. It takes quite a bit of learning, to get comfortable (especially with SELinux), but once you do, things will go smoothly. ~~you can also use a pirated rhel certification guide to learn enterprise linux~~

If anything, you can simply mess around in a local VM and try installing the tools and services needed before taking it to the cloud.

Debian backports security updates to most software, including popular server software. Stable also always uses an LTS kernel, which stays supported upstream. So long as you’re using latest Debian Stable (Bookworm as of this writing), run apt update often (in fact, ‘’’unattended-upgrades’’’ is probably not the worst idea in this case) and do common sense security practices like a firewall and (brain is not working), you should be good.

In brief, it’s totally fine to use Debian and in fact one of the best options in my opinion.

You don’t wanna use rolling release distros trust me, the whole point of server is automation and less maintenance. I got couple personal servers running, after things i need got setup and all of them running at a decent capacity, i just turn them on and never worry about them. Old package and software doesn’t necessarily mean less security, quite opposite actually, i suggest you take a look at how stable distros distribute their software, such as Debian. For a Debian package becomes stable, it has to go through several stages, experimental, unstable, testing, and finally stable, that’s why their packages are old, and because they are old, they are secure. It might be quite opposite than what you expect.

Mostly i use Debian for my personal servers, some of them are stable and some of them are testing, because of Podman’s new feature Quadlet. Honestly many features of Debian feel really old, like APT’s source list, preferences, and the way to deal with unattended upgrades. It’s kinda hard to get it at first and it’s easy to shoot yourself in the foot, especially many people tend to unintentionally mix and match packages from different suites for new software. But once you get comfortable with it things just work.

As my experience, no matter what distros i use, the worst distros are always those that i don’t understand and in a hurry to put them into production. Just pick one popular server distro and learn the ecosystem, you will find out what distros you like really soon.

Debian with Docker containers works well for my needs.

Debian but mostly Ubuntu LTS with the free Ubuntu Pro that gives 10-year support. If I get hit by a bus, chances are the self-hosted systems I've setup would continue to work for years till my family can get someone to support or migrate the data. 😅

I currently use Ubuntu for all my machines (desktops, laptops, and servers), but I used to use Void Linux on my machines for about 6 years, including on a couple of VPSes. Since you are familiar with Void Linux, you could stick with that and just use Docker/Podman for the individual services such as Matrix, Mastodon, etc.

In regards to Debian, while the packages are somewhat frozen, they do get security updates and backports by the Debian security team:

https://www.debian.org/security/

There is even a LTS version of Debian that will continue backporting security updates:

https://www.debian.org/lts/

Good luck!

Proxmox so I can run a bunch of other distros.

@communism
I use alpine, but void is a good option too, for me the host should be minimal and lightweight. At the end I have all on containers

I've been running arch for like 3 years now. Why arch? Because it just works (and its the only one i have esperience with). Maybe ill try nixos one day.

I always use Rocky Linux or Alma Linux, since I have extensive experience with enterprise Linux and RPM packages. I have Fedora on my main desktop computer. Both Rocky Linux and Alma Linux are rock-solid and are ideal for any kind of workload.

Also, Debian is a good choice if you know how to manage DEB packages and you feel comfortable with APT.

Fedora is a good choice if you want fresh packages and are willing to upgrade your server every 6 months (following the Fedora release cycle).

Rocky Linux and Alma Linux follow a similar slow release cycle of RHEL, wherein you can install your server and not have to worry for years (as long as the packages are updated with dnf update) Debian is also a slow release distribution, which makes it good for servers.

If you are already familiar with one package manager, pick a distro that also uses that package manager.

When deciding on the release track, the harder it is to recover the system, the more stable the track should be. Stable does not imply secure.

As you move up through virtualization layers, the less stable the track needs to be, allowing access to more recent features.

Steer clear of distros that pride themselves on using musl. It's historically slow and incomplete. Don't buy into the marketing.

Think about IaC. Remote management is a lot more comfortable if you can consider your server ephemeral. You'll appreciate the work on the day you need to upgrade to a new major release of the distro.

Personally, I use Rocky Linux on my servers. It’s stable, and has plenty of support since it’s RHEL-based. It’s supported until 2030 or so, and it doesn’t have any of the cloud-init or netplan stuff that Ubuntu Server has.

It’s also pretty simple to set up docker/podman containers, although you need the EPEL for podman-compose and for a lot of other packages, but once you get your setup the way you like it, it just keeps running and running.

Debian if you are new to Linux servers and self-hosting. Alpine if you get more advanced and just want something very light-weight and minimal.

Arch. With testing repos. And somehow, it also just works.

Used to be CentOS until the stream debacle. Now Debian.

I use arch on my servers. It is the distro I am most used too, because I use it also as my daily driver.

openSUSE Leap - YaST is the greatest thing since sliced bread, and works great on command line over SSH. Yes, sometimes installing some software is difficult, but generally most stuff you would want is there and a lot of stuff runs on Docker anyway now. Very stable too, have had nearly zero issues.

Been running Ubuntu LTS releases on all my server VMs for 8 years and haven't had a single problem. Absolutely solid as a rock. Fantastic support, loads of guides to do anything. Plus you can get 10years of support as a home user with a free Ubuntu Pro subscription.

I don't have a server but If I had one I would prob pick nixos or some arch distro

I won't say which one, but I'll give you a hint as to why:

rpm -Vp https://...

It's what got me off Slackware, and it's true today. If the distro can't support that kind of check, it's dead to me.

Red Hat, because it's free for developers and used by a lot of enterprises.