If you’re hosting a basic web 1.0 website you’re gonna be pretty safe. Just install Apache and call it a day. As long as there’s no exploits in apache and you only port forward for basic HTTP theres very little to go wrong. Plus realistically, whos gonna want to hack your site?