I made the jump to a full server a few years ago and there’s some pretty high limits but you can get them spec’ed pretty low. Something like a dell r730 Single 8 core xenon 32gb ram and a couple tb of storage running 4-500$. They can be upgraded over time to be dual 16 core xenon 1tb ram and petabyte of storage.
I guess some perspective on some other comments here. I have a dell r720xd dual xenon’s 16 total cores 128gb ram it uses roughly 200watts per hour with the 11000w power supplies. it can get fairly loud when using lots processing power. I bought a 12u rack to mount it nicely in my office. It is also my guest bedroom, while everyone we have had doesn’t mind the noise not all guests would appreciate the white noise even with many of the cpu intensive stuff turned off and it as quiet as it goes. Fans full tilt would be obnoxious and hard to concentrate.
Having unit and automated integration tests backed by both requirements and high code coverage. As a lead I can verify that not only you made the change to support the requirements though these unit tests but also a really quick verification that other functionality may not have changed based on your large scale change. Helps a lot for significant refactoring too
I would reconsider docker because if a specific application leaks some sort of shell access or system file access you’ll be protected out side of container host escalation.
Unrelated to security, I prefer docker because it leaves the server very clean if you remove different apps. Can also save time configuring more complex applications or applications that conflict with system libraries.
Add fail2ban on your list of applications it watches logs for invalid logins and puts them on firewall block rules after so many failed attempts.