Install LAMP on Ubuntu Server 24.04

This guide walks developers through a practical, production-minded installation of the LAMP stack (Linux, Apache, MySQL / MariaDB, PHP) on Ubuntu Server 24.04. Whether you’re deploying a small app for a client in Toronto, a high-traffic site in Vancouver, or setting up a dev server in Halifax, these steps will get you from zero to a secure, maintainable LAMP server.

Why this guide matters for developers

Many tutorials are dated or assume defaults that aren’t safe for production. This article includes hardening tips, virtual host setup, common troubleshooting, and sample commands you can copy-paste. If you’d prefer SFWeb to handle setup and hardening for you, check our IT Services and Web Development offerings for managed deployments across Canada.

Prerequisites

• Ubuntu Server 24.04 installed (cloud or bare metal)
• Non-root sudo user configured
• Basic familiarity with SSH and command line
• A domain name if you plan to serve public sites (optional for local testing)

Overview of steps

1. Update the system
2. Install and configure Apache
3. Install and secure MySQL (or MariaDB)
4. Install PHP and necessary extensions
5. Create a virtual host & test a PHP app
6. Harden firewall and permissions

Step 1 — Update your server

sudo apt update && sudo apt upgrade -y

Always start with the latest packages. This reduces the chance of hitting known vulnerabilities or package conflicts.

Step 2 — Install Apache and configure the firewall

sudo apt install apache2 -y
sudo systemctl enable --now apache2
sudo ufw allow 'Apache Full'
sudo ufw enable

Confirm Apache is running:

sudo systemctl status apache2 --no-pager

On a local VM or a server with a public IP, visit http://your-server-ip to see the default Apache page. For example, when deploying consumer-facing apps from Montreal to Calgary, ensure your DNS A records point to the server IP.

Step 3 — Install and secure MySQL

Ubuntu often installs MySQL with the auth_socket plugin for root access. Use sudo mysql to enter the administrative shell without a password.

sudo apt install mysql-server -y
sudo systemctl enable --now mysql
sudo mysql --verbose

Run the interactive secure script to remove anonymous users, disallow remote root login, and set a root password (recommended for production):

sudo mysql_secure_installation

To create a database and a dedicated application user (replace names and passwords):

sudo mysql -u root -p

# inside MySQL shell
CREATE DATABASE myapp_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'myapp_user'@'localhost' IDENTIFIED BY 'StrongP@ssw0rd!';
GRANT ALL PRIVILEGES ON myapp_db.* TO 'myapp_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

If you manage multiple deployments across Ottawa, Edmonton, and Winnipeg, create different DB users for each application and keep credentials out of your repo (use environment variables or a secrets manager).

Need help designing a scalable DB layout for production workloads in Vancouver or Toronto? We (Contact) can help.

Step 4 — Install PHP and extensions

Ubuntu 24.04 may provide PHP 8.x. Install PHP plus common extensions used by modern frameworks (Laravel, Symfony, Wordpress):

sudo apt install php libapache2-mod-php php-mysql php-cli php-fpm php-xml php-mbstring php-curl php-zip -y
sudo systemctl restart apache2

Prefer PHP-FPM for better process control under heavy load, especially for high-traffic sites in Calgary or Toronto. If using PHP-FPM, enable the proxy and set up Apache to use it instead of libapache2-mod-php.

Example PHP info test

<?php
phpinfo();
?>

Create a test file to confirm PHP is served:

echo '<?php phpinfo(); ?>' | sudo tee /var/www/html/info.php
curl -s http://localhost/info.php | grep -i php

Step 5 — Virtual host setup (recommended per site)

Using virtual hosts keeps multiple sites isolated. Example for example.com served from /var/www/example.com/public_html:

sudo mkdir -p /var/www/example.com/public_html
sudo chown -R $USER:www-data /var/www/example.com
sudo chmod -R 750 /var/www/example.com

sudo tee /etc/apache2/sites-available/example.com.conf <<'EOF'
<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
    CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
</VirtualHost>
EOF

sudo a2ensite example.com.conf
sudo a2dissite 000-default.conf
sudo a2enmod rewrite
sudo systemctl reload apache2

For production in Montreal or Winnipeg, enable HTTPS using Let’s Encrypt certbot after the DNS is set up:

sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache -d example.com -d www.example.com

Step 6 — Permissions and security hardening

• Keep /var/www owned by a deploy user and group www-data.
• Disable directory listings: ensure Options -Indexes in your virtual host or a global config.
• Limit file uploads and max execution time in php.ini.
• Use UFW to limit open ports; only allow SSH (22), HTTP (80) and HTTPS (443).

For enterprise deployments in Vancouver or Calgary, consider additional layers like a WAF, centralized logging, and automated backups. SFWeb’s Automation Solutions and IT Services can automate patching and backups for multi-region deployments.

Checklist: Quick validation before going live

• Apache: running and enabled (systemctl status apache2)
• PHP: phpinfo shows expected version and extensions
• MySQL: application database and user created
• Virtual host: DNS points to server and site responds via domain
• HTTPS: certificate issued and auto-renewal enabled
• Firewall: only necessary ports open
• Permissions: web files owned by deploy user with group www-data

Common Mistakes

1. Using the root MySQL account in your app

Never hard-code or use the MySQL root user in production apps. Create least-privileged users per database.

2. Wrong file permissions

Setting 777 on web folders is common but dangerous. Use ownership and restrictive modes (eg. 750/640) and avoid giving web user excessive rights.

3. Forgetting to enable mod_rewrite or PHP-FPM mismatch

Frameworks rely on mod_rewrite. If using PHP-FPM, don’t leave libapache2-mod-php misconfigured; pick one approach and test.

4. Not using HTTPS or auto-renewal

Serving login forms or APIs without TLS is a high-risk mistake. Use Let’s Encrypt and verify cron/systemd renew timers.

5. Leaving debug or development config enabled

Disable verbose error display and enable logging instead. Debug banners leak stack traces that attackers can use.

Troubleshooting quick tips

• Apache logs: /var/log/apache2/error.log
• MySQL logs: /var/log/mysql/error.log or journalctl -u mysql
• PHP-FPM: check pool logs in /var/log/php*

If you’re migrating many sites across Canadian regions (Toronto, Montreal, Vancouver, Calgary, Halifax, Winnipeg), a consistent automation and deployment strategy reduces risk and maintenance. Explore our Automation Solutions for CI/CD and rollout orchestration.

FAQ

Which PHP version should I install on Ubuntu 24.04?

Install the default PHP version shipped with 24.04 (usually PHP 8.x). For stability, use the distribution packages unless you need a specific newer version; in that case, use a vetted PPA or containerized PHP-FPM.

Should I use MySQL or MariaDB?

Both are compatible for most apps. MariaDB often offers performance features and is community-driven. MySQL is stable and widely supported. Choose based on your app’s compatibility and your operational preference.

Can I use Nginx instead of Apache?

Yes. Nginx + PHP-FPM is a common alternative that may perform better at scale. This guide uses Apache for its simplicity and .htaccess compatibility, which can be useful for quick migrations in cities like Ottawa and Edmonton.

How do I back up MySQL databases reliably?

Use logical backups (mysqldump) for small DBs and physical snapshots or Percona XtraBackup for large datasets. Automate backups and store copies offsite. SFWeb’s IT Services can help scaffold backup and restore playbooks.

How do I secure SSH for production servers?

Disable password authentication, use key pairs, change the SSH port if desired, and enable Fail2Ban. Always keep at least one emergency access method and test your access after changes (avoid locking yourself out).

Can you automate repetitive server setups across multiple Canadian locations?

Yes. Use configuration management tools (Ansible, Terraform) to codify environment differences (region-specific DNS, IPs). If you prefer a managed approach, SFWeb offers setup and automation services to deploy standardized LAMP stacks across Toronto, Vancouver, Montreal, Calgary, Halifax, and Winnipeg.

Next steps and managed options

Once the stack is installed and validated, plan for monitoring, backups, and patching. If you want SFWeb to build, secure, and manage your LAMP servers (including multi-site deployments and CI/CD), see our Web Development and IT Services pages. For API-driven apps, we also provide API Development and Small Business Solutions to help launch fast.

Prefer an end-to-end setup handled for you? Contact SFWeb for a production-ready LAMP deployment tailored to your needs in Toronto, Vancouver, Montreal, Calgary, Halifax, or Winnipeg.

Ready to get hands-off deployment and ongoing maintenance? Reach out to SFWeb to schedule a server setup and security review today.