footer-logofooter-logo

Debian dedicated servers

Bare-metal Debian servers on our ASN 55285 network, provisioned in under a minute. A minimal, subscription-free base with full root — the whole machine is yours, no hypervisor and no noisy neighbours.

A Debian dedicated server is a physical, single-tenant machine that runs Debian directly on the hardware — no virtualisation layer between your workload and the CPU, memory, and NVMe. You get full root, every core, and predictable performance, rather than a slice of a shared host.

Debian is the distribution ops teams reach for when they want a machine that behaves the same in year three as it did on day one: a small, stable base with a fixed release cadence, no vendor subscription, and a change policy built around not surprising you. It is also the foundation a great deal of the Linux world is built on — including Proxmox VE, which is in our OS catalog alongside stock Debian.

Comparing distributions? Read our Linux dedicated server guide.

Loading...

Live in under a minute

Our unique provisioning stack images bare metal and hands you a Debian root shell in sub-minute time, so a fresh stable box is ready to configure almost immediately.

Always-on DDoS mitigation

Full inline, always-on DDoS protection with tuned application and game profiles is included on every server across our 2 Tbit/s+ network — nothing to enable, no traffic redirect.

Minimal, no strings

Stock Debian with the full apt ecosystem, no snap and no vendor subscription. A lean base you can build up exactly as you want — you own the machine end to end.

Our network is AS55285 — verify our routing and peering: PeeringDB · bgp.tools

Debian-ready bare metal

Every Serverside dedicated server runs Debian. Here are two configurations that suit its stability-first workloads. Browse the full dedicated server range.

AMD

AMD EPYC 7443P

24 Cores @ 2.85GHz / 4.0GHz

MEMORYSTORAGENETWORK
256 GB DDR4
2x 1.92 TB NVMe
100 TB @ 2x 10 Gbps
£412.50/mo
Intel

Intel Xeon E-2388G

8 Cores @ 3.2GHz / 5.1GHz

MEMORYSTORAGENETWORK
128 GB DDR4
1x 2 TB NVMe
50 TB @ 2x 10 Gbps
£150.00/mo

Stable, testing, unstable — and what "Debian stable" promises

Debian develops in three continuously flowing suites. Packages enter unstable (perpetually codenamed "sid"), migrate to testing once they have survived a probation period with no release-critical bugs, and testing is periodically frozen and blessed as the next stable. The current stable release is Debian 13, codename "trixie" — first cut as 13.0 on 9 August 2025, now at point release 13.5 (16 May 2026), with a new stable roughly every two years.

The long freeze is the whole point. During it the archive is locked down to bug-fixing only, so when a release ships as stable its package versions stop moving: you get security fixes and the occasional point release, but no feature churn, no surprise major-version bumps in your dependencies. "Debian stable" is a promise about change — the versions you qualified today are the versions you will still be running years from now. That is exactly what you want under long-lived infrastructure, and exactly why it is not the distro to choose if you always need the newest upstream release.

A minimal base with no vendor strings

A default Debian install is deliberately small: a base system and the packages you asked for, nothing bundled in to upsell you later. There is no snap layer, no telemetry, and no subscription gate — Debian is a volunteer project with a social contract, not a commercial distribution with a paid tier sitting behind its best security coverage.

That "no strings" posture is the practical difference many teams feel versus Ubuntu. There is no Pro token to attach to unlock the wider repository, no "this system is not registered" nag, and no vendor account in the loop. You get the whole archive under one consistent policy, and on a Serverside box you have full root to build up from that minimal base exactly as you see fit.

Running stable but getting newer packages safely

The usual objection to stable — "the packages are old" — has well-worn answers that do not compromise the base. The first is backports: newer versions of selected packages, rebuilt for the current stable, published in a separate repository you opt into per-package rather than wholesale. You keep the stable base and pull a fresher kernel, database, or runtime only where you actually need it.

The second is unattended-upgrades, which applies the security pocket automatically so patches land without a human in the loop. Between the two you get a machine that stays put where you want it and moves only where you tell it to.

  • Enable the backports repository and install newer builds explicitly with apt -t trixie-backports — nothing else moves
  • Turn on unattended-upgrades scoped to the security pocket for hands-off patching
  • Pin with apt preferences when you need a specific version to hold across upgrades
  • Use Docker or Podman for anything that genuinely needs a rolling upstream, keeping the host itself stable

Why ops teams standardise on Debian

The reasons are unglamorous and that is the appeal. Low churn means a config you write against trixie today keeps working; you are not chasing behavioural changes every six months. Predictability means the fleet is the same everywhere, which makes automation and troubleshooting simpler. And Debian supports in-place major upgrades — the documented path from one stable to the next is apt, not a reinstall — so a machine can live across multiple releases without being rebuilt.

For a bare-metal fleet that matters: you can standardise on the current stable, run it through its full support window, and then move to the next release on the same hardware when you are ready, on your schedule rather than the calendar’s.

How Debian handles security

Debian has a dedicated Security Team that tracks vulnerabilities and issues fixes through security.debian.org as Debian Security Advisories. The model is conservative by design: rather than jump to a new upstream version, fixes are typically backported into the package version already in stable, so you get the patch without the behavioural risk of a version bump.

Each stable release gets roughly three years of that standard security support, after which the community Debian LTS project extends coverage to a full five years, and a commercial ELTS option stretches selected packages further still. For Debian 13 that means standard support to August 2028 and LTS to June 2030. Debian’s default mandatory-access-control layer is AppArmor — the same framework the Ubuntu page covers in depth — and it ships enabled with profiles for common daemons; SELinux is available for teams that prefer it.

Our network layer sits in front of all of this: always-on, inline DDoS mitigation on ASN 55285 filters volumetric attacks before they reach the host, so the OS hardening you do is defence in depth rather than your only line.

  • Keep the security repository enabled and let unattended-upgrades apply advisories automatically
  • Lock down SSH: key-only auth, no root password login, with our network-level filtering in front
  • Expose only the ports your workload needs (nftables is the modern default on Debian)
  • Keep AppArmor in enforce mode; add profiles for anything custom

What teams run on Debian bare metal

Debian’s strengths point it at workloads that are meant to sit still and stay up. Where Ubuntu wins the "newest tutorial" race, Debian wins the "still running, untouched, four years later" one — which is precisely the profile of core infrastructure.

It is also the base of Proxmox VE, so a Debian box is a natural home for virtualisation and containers — and Proxmox is in our OS catalog if you want the appliance rather than rolling your own on top of stock Debian.

Once you run more than one box — a mail and web cluster, a self-hosted infrastructure stack, or a homelab pattern graduating to production — you can put virtual private networking between your servers so replication and cluster traffic stays on a private interface and never touches the public one.

  • Long-lived core infrastructure — mail (Postfix/Dovecot), DNS (BIND/Knot/Unbound), reverse proxies — that must not drift
  • Virtualisation and container hosts: Proxmox VE (Debian-based), or KVM/LXC/Podman straight on stable
  • Self-hosted databases and caches (PostgreSQL, MariaDB, Redis) on local NVMe where a stable base is a feature
  • Web and API tiers where the full uplink and included DDoS mitigation matter more than a rolling kernel
  • Fleet nodes managed by Ansible/Salt/Puppet, where Debian’s predictability keeps playbooks stable across upgrades

Boot your own Debian: custom iPXE and diskless deployments

Debian is the distro people reach for when they want to strip a machine down to exactly what they specify, and our custom iPXE support lets you carry that all the way to the boot chain. You can point a server at your own iPXE configuration and netboot a Debian build or custom kernel you control, rather than accepting a stock image.

That opens the classic Debian practitioner pattern of running the OS entirely in memory: a minimal, diskless Debian pulled over the network at boot, with the local NVMe left free for data rather than the root filesystem. It suits reproducible fleet nodes and immutable-style deployments where every box comes up identical from a single netboot definition.

Deploy your Debian server

Full root, the current stable, live in under a minute — with always-on DDoS mitigation included.

Frequently asked questions

The current Debian stable (Debian 13 "trixie") by default, with the previous stable available on request. Because you have full root you can also enable backports for newer builds of individual packages, or upgrade in place to the next stable when it ships.