Bucket customization options. Nodes are needed only to expand the functionality of the tor network itself and are not needed for publishing sites. Well, as far as security is concerned, there is a wide field of activity here. From simply writing two lines in the torus config to the web server port, to paranoid mods:
- launching the torus in an isolated environment,
- disabling any logging functions on the server, so that when hacking from the logs, you won’t get any ip visits via ssh and other activity,
- cutting out various curl / wget libraries and applications that, when hacked (if the server looks at the tor only with a web face), will allow you to quickly deanonymize the user by making a request to the cybercriminals' controlled server and finding out the real IP address of the user on whose server the tor site is located .
And in general, it is better that the traffic goes to the machine with the tor site ALREADY through the tor and from another piece of iron / virtual machine.
There is a very long time to tell what and how. I've only listed the first things that came to mind here. On the net you can find recipes for all sorts of security settings, the main thing is to be able to search.

as you like
, the main thing is not to be surprised when they come