Background: I am not a server admin, but just a programmer-turned-missionary who wrote a couple of online database services for a handful of churches/ministries and try to keep them maintained as only a small part of what I do. If I could just put them on a shared hoster to outsource the upkeep, I would, but there are two distinctive things that force me to have a VPS and maintain it myself:
- To generate PDFs with UTF-8 encoding and vertical Japanese text, I use a very particular version of TeX that doesn't come standard with texlive, plus Japanese fonts. (And it's possible that shared hosters strip down their servers to the point of not having texlive at all.)
- I have a single production codebase directory, but each "client" has its own subdomain, database, and files area outside the webroot, all controlled by my PHP code. Getting the different subdomains to point to the common codebase requires special dancing in nginx config files.
Even the code, not to mention the server, only gets part-time love from me (a very small part of my time, in fact), so I probably need to start thinking now about CentOS 7 end-of-life. Plus, there is a Wordpress website on the same server, and WP is complaining about my PHP version, and it appears that it won't be trivial to upgrade PHP (currently 7.3 - I should probably jump to 8.2 even though I'm sure I'll have to fix a lot in my code). The last time I even tried to do a simple "yum update", I got errors I don't understand, so I think I should start over with 2023 technology.
When I looked at the CentOS version landscape, I discovered that it has changed to "Stream", and CentOS and RHEL have traded places in the development stream. I'm not the "bleeding edge" type, and apparently RHEL would now be free for someone like me, but it's not in the list of Linode's supported distros, so I guess that's not an option. The internet seems to think that even headless servers are mostly using Ubuntu these days instead of the Fedora side of the Linux world, but I don't know if that's true or just where the noise is because it's so popular for desktops. (I have no plans to use a Linux desktop, so I don't care who has the best GUI.) And either way, I've never built a server from scratch.
So I know this is a very general question, but I'm looking for suggestions for my situation: how best to create a stable, secure LEMP stack with email (only my one address and almost zero actual mail - currently using Postfix+Dovecot for POP3) and other normal stuff, that could handle the quirks I described earlier and thrive on neglect. I'm the only user (logging in as root with private key authentication only; all password auth is disabled), and the amount of real web usage traffic is quite low, but my users do depend on the database services. Whatever I do, I'll probably first build it on a VM, then buy a second Linode to set up the production server, and when it's ready, move the databases, client files, and DNS.