So, what will happen here:
- Users and SSH
- Apache, PHP and MySQL
I also have to add that I'm not a server specialist, so there may be other and better ways to do certain things. It may be also possible that some of my suggestions are not secure enough to make your system secure enough to withstand every attack. As far as I'm concerned, every system with a interface isn't fully secure. The only thing one can do is to make is as secure as possible.
Here is a last suggestion: If you do this the first time, install a server into a virtual machine on your pc and play around a bit. You might lern a thing or two and if you break anything, nobody gets hurt. Tutorials on how to use a virtual machine (I suggest the VirtualBox-Software) can be found through Google.