In no case do not install any ISP Manager / Vesta / CPanel, otherwise you will never learn what you want to learn. In addition, they eat resources. Even Vesta, which is the lightest, eats them decently, and I strongly doubt that you have a VPS with 8+ Gb of memory.
You need to study by lessons and articles, reading manuals and best practices for each package. The order, plus or minus, is as follows:
- deployed the axis
- made updates right away
- created and configured swap
- changed the root password to something super-mega-complex (we won’t use it anyway)
- created a regular user with a normal password complexity (it will be used for sudo)
- gave the user sudo rights
- tightened the screws on SSH - changed the port, denied root login and password login (only with ssh keys), allowed only one new login
to enter - set up UFW - a simple but effective firewall based on iptables - default deny, allow http, https, your custom ssh port. If you log in only from several places (office, home) - you can generally allow ssh only to these IPs.
- sudo dpkg-reconfigure tzdata to set your own time zone, so the logs are then easier to read and understand
- set up logrotate
- set up logwatch
- set up Postfix so that the server can send you letters (we set it to an external mailer, for example Mandrill, so that all letters are exactly did not fall into spam)
- set up fail2ban (then, after installing and configuring the web server and sites, you can write additions to fail2ban, for example, we monitor authorization attempts to the admin panel on WordPress sites and block with the same fail2ban)
- then we put everything you need - Git, Nginx, HHVM, PHP5-FPM, MariaDB, Memcached/Redis and so on.
Log into the server regularly, do apt-get update && apt-get dist-upgrade.
ps: this is for ubuntu/debian, for other systems everything is the same, but packages and commands may be slightly different

If you are a beginner, then it is best to install a control panel, such as Vesta or ISPmanager.

So maybe it was necessary to throw a list of questions to start =)

Well, first of all, security: change the standard port (ssh) and set up key authentication (prohibit password login).
Then install fail2ban.
This, in principle, is a minimum in terms of security, and then you can already think about goodies.

Maybe it makes sense to order a server administration service if it is supported by the provider?

I myself once started to administer my first server. And I will express the idea that it is necessary to put only the panel. Personally, I installed ISPmanager. I see no reason to use the console for full server administration. Everything flies, no resources are consumed to refuse it! I declare to you responsibly that you will not find sound manuals simply on the net. Something will always fall off. You will be nervous, etc. Delivered ISP and you sleep easy!