Ask HN: Tips to get started on my own server

Getting started environment

  • Many suggest starting cheap and disposable: a $5–10/month VPS or local VM, expect to break/reinstall multiple times.
  • Others recommend a home box (old laptop, mini PC, Raspberry Pi, NAS) for physical access and deep networking practice.
  • Some propose first mirroring services you already run on Windows in a Linux VM to reduce unknowns.
  • There’s a minority view that “real” bare-metal/colocation is more educational but higher effort.

Where to host: VPS vs home server

  • Popular VPS options mentioned: DigitalOcean, Vultr, Hetzner (praised as good value), Linode, OVH, BuyVM, Scaleway, lowendbox offers.
  • Cloud: AWS EC2/Lightsail and Azure burstable instances are suggested; some warn about IO and billing surprises.
  • Oracle Cloud “always free” gets both praise (great free box) and strong criticism (random bans, data/2FA concerns, idle-instance archiving).
  • Home hosting seen as cheap and empowering; critics warn about security, ISP limits, and uptime; proponents say it’s the best way to really learn.
  • Dynamic DNS and Cloudflare tunnels are suggested for exposing home services.

OS, tools, and automation

  • Beginner-friendly: Ubuntu or Debian server are most recommended due to documentation and community; Debian seen as “uncontroversial.”
  • Others suggest Arch, Gentoo, Slackware, NixOS, Alpine, FreeBSD, or Illumos for deeper understanding, but as second steps.
  • Use local hypervisors (VirtualBox, Orbstack, UTM) to spin up multiple test VMs.
  • Heavy emphasis on automation and reproducibility: shell scripts, Ansible, Terraform, cloud-init, Proxmox containers; “executable notes.”
  • Docker and higher-level platforms (CapRover, Yunohost) are proposed to quickly run apps, then inspect under the hood.

Security and reliability

  • Core practices: firewall (UFW/iptables or provider firewall), SSH keys only, disable root login, possibly move SSH off port 22, use strong passwords elsewhere.
  • Tools like fail2ban or CrowdSec to block brute-force attacks; VPNs (e.g., Tailscale) to reduce open ports.
  • Use snapshots/backups (Proxmox, provider snapshots, rsync, external disks) and learn to restore often.
  • Stick to LTS distros; consider CIS benchmarks and basic monitoring/perf tools as you advance.

Projects and learning approach

  • Start with one service at a time: simple website (nginx/Apache, Let’s Encrypt), then app stack (e.g., Django + gunicorn + nginx), then databases, DNS, mail, backup, monitoring.
  • Keep meticulous notes (or Obsidian/Zettelkasten-style docs); use shell history when you forget.
  • Philosophy: don’t chase the “perfect” stack; build something small, run it for months, fix issues permanently, then iterate.