I have a quite strong KVM guest (two E5-2620 Xeon Cores, 8GB RAM) and now want to install it.
I don't plan to share it with anyone else besides maybe good friends and relatives. Intended usage:
- mail server
- data storage (like other clouds)
- git repo
- web server primarily for development, but I want to host my own site and that should be stable - also I'm mixing Go and PHP apps
- multiple databases (Redis, MariaDB, PostgreSQL, CouchDB)
All of them should be rather stable. For example if the php-fpm for my development nginx runs in an infinite loop, my own site should still be accessible.
They should be rather secure. For example in addition to possible client-side encryption via gpg, I want all communication SSH/SSL-based and all data stored encrypted. I am currently trying out SELinux but I have the feeling that it would be overkill as I don't plan to share any shell access with anyone, and mail and storage services only with people I trust, so the only benefit SELinux would give me is slowing down attackers who already exploited a security whole. Nothing of what I do/have on this server is critical to any production environment anyway- I do backups and and have fallback possibilities for mails. Of course, I don't want my VPS to become a zombie on the other hand.
I am actually asking for recommendations:
- plain old all-around Debian/another distro as server with pretty much everything in one environment without SELinux/grsec/something like that
- CentOS/another hardened distro with SELinux or something like that, also everything in the same environment
- CoreOS/something with Docker (Docker images with or without hardening? How safe is this setup? Which images would you recommend as a base for generic web apps? Also, how would one develop using Docker?)
- Full virtualization. I don't know whether it is even possible to use a KVM guest as a host for more guests.
Thanks in advance!
[link][3 comments]