When it comes to managing a server, we have a few guides to cover the basics, though security is a very broad subject matter. Much like software, security is ever-changing and you would need to keep up with any updates/upgrades to the OS as well as the software you run.
It’s not impossible to run a server with limited experience. Even the most experienced sysadmins had to start somewhere :-).
This guide is one we normally recommend for initial server setup. It’s geared towards Ubuntu 16.04, though the overall details apply to most any OS (CentOS, Fedora, Debian, etc).
Initial Server Setup with Ubuntu 16.04
Other initial server setup guides can be found here.
When it comes to security, properly setting up a firewall is always a good idea and with our newest service, Cloud Firewalls (which are free of charge), setting up and managing a firewall is pretty easy.
1). An Introduction to Cloud Firewalls
2). How to Create Your First DigitalOcean Cloud Firewall
3). How to Troubleshoot DigitalOcean Cloud Firewalls
4). How to Organize DigitalOcean Cloud Firewalls
Beyond initial setup and using a firewall, application security is equally as important. Unfortunately, we don’t have specific guides that cover security for rails or discourse in general (at least not yet), though general security applies there. Use secure passwords (I always recommend 16-32 characters, and 64 when you can) and SSL.
How To Secure Nginx with Let’s Encrypt on Ubuntu 16.04
When it comes to fully managed service, as in server + application, the cost can be quite high as your normally paying someone to be available at any given time. I know when I take on sysadmin jobs, the average cost is anywhere from $50-$100/hour.
For a managed service, in most cases, managed only means the OS and core software and overall security – it doesn’t generally apply to the application level. Before paying for managed services, I’d make sure that managed actually means what you believe it does so you’re not left hanging in the event something does happen :-).
I can’t really comment on Heroku as I’ve not really used them (but I love their design!), though from what I can tell, they provide a general managed environment for the software and OS, but not specifically the application itself (unless they’ve changed that around).