I've been developing webapps for a while ... and I always had a sysadmin which made the environment perfect to run my apps with no worries.
But now I am starting a project on myself, and I need to set up a server, knowing near to nothing about it.
You need to hire a sysadmin. If nothing else, to teach you the basics and back you up where you have knowledge gaps.
What you're saying here is the equivalent of "I've always taken my car to the mechanic when it needed work, but now I'd like to replace my engine in my driveway" - We can give you the shop manual and some tools, but there's a better-than-50%-chance that you're going to wind up wrecking it.
Assuming you don't want to heed the sound advice I just gave you, keep reading…
I know how to install almost everything (need advice about SSL) with Ubuntu Server, but I am concerned about the security topic ... say: firewall, open/closed ports, php security, etc ... Where can I found a good guide covering this topics?
"Need advice about SSL" is way too broad to net you a good answer. What don't you understand about it? (Are you unclear on how to get a certificate? Your CA can walk you through that process. Are you not sure how to install the certificate so Apache can use it? Most CAs have a quick guide, and the Apache manual (SSL section) is also something you should be familiar with.
The broader topic of security is generally unanswerable, but based on your "I'm not a bank" comment I can tell that you have the wrong general attitude about security.
Security is not something you get from a guide, and it's not something you hand-wave away -- It's a way of looking at systems (and configuring them, and maintaining them) to reduce the risk of a compromise to the lowest practical level, and a commitment to keep your systems up to date in order to maintain that low risk level.
Any decent security guide will take an inexperienced user starting from zero more than a day to work through, and probably another day or two to turn into a server configuration (expect to break things and have to start over at least once).
An experienced sysadmin can blast through the process of securing a server more quickly because they've done it before. Also the benefit of experience is they'll probably know to do things that don't show up in Joe Random's Security Tutorial.
Everything else in the server... I don't need it, and I wanna know how to remove it, to avoid resources consumption.
Things that are not running do not consume resources (except disk space, which is practically infinite unless you're doing data warehousing), and generally pose only limited security threats. With the exclusion of paranoia-level security (down to removing compilers from your production hosts) a generic Linux box with unnecessary stuff turned off is a pretty secure starting point.
That said if you want to take a machete to your system and start hacking away at installed software you really need someone who has done it before to guide your hand. Debian/Ubuntu is generally a very newbie-friendly system, but if you tell it you want to uninstall half the system it will do what you ask - possibly leaving you with an unusable machine in the process.
An experienced admin will know what you must keep, what you should keep, and what needs to be removed or disabled. Developing that list is environment-specific, and beyond what we can do on a simple Q&A site.
