This guide walks you through every essential step after launching a fresh Ubuntu 24.04 LTS Cloud VPS — from system updates and user creation through installing a complete LEMP or LAMP web server stack. Where dedicated documentation already exists for a topic, we link directly to it so you can dive deeper without duplicated information.
What You'll Set Up
Prerequisites
- • A RamNode Cloud VPS running Ubuntu 24.04 LTS
- • Root SSH access to the server (see SSH Keys)
- • A domain name pointed at your server's IP (optional, but required for SSL)
1. System Updates
After your first SSH login, update the package index and upgrade all installed packages to their latest versions:
apt update && apt upgrade -yIf a kernel update was installed, reboot to load it:
reboot2. Hostname & Timezone
Setting a proper hostname and timezone is important for logging, scheduled tasks, and SSL certificates. We have a dedicated guide covering both topics in detail:
Configure hostnames (simple or FQDN), update /etc/hosts, set the timezone with timedatectl, and enable NTP synchronization.
As a quick reference, here are the most common commands:
# Set the hostname
hostnamectl set-hostname your-server.example.com
# Set timezone to UTC (recommended for servers)
timedatectl set-timezone UTC
# Verify
hostnamectl
timedatectl3. Create a Sudo User
Running everything as root is a security risk. Create a regular user with sudo privileges:
# Create a new user (replace 'deploy' with your preferred username)
adduser deploy
# Add the user to the sudo group
usermod -aG sudo deployCopy your SSH key to the new user so you can log in without a password:
# As root, copy the authorized_keys file
rsync --archive --chown=deploy:deploy ~/.ssh /home/deployTest the new user before proceeding — open a new terminal and connect:
ssh deploy@YOUR_SERVER_IP⚠️ Important: Do not close your root session until you've confirmed the new user can log in and run sudo commands successfully.
4. SSH Hardening
Once your sudo user is working, harden SSH by disabling root login and password authentication:
sudo nano /etc/ssh/sshd_configFind and update these settings:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yessudo systemctl restart sshRelated Documentation
- SSH Keys — Managing SSH key pairs for secure authentication
- SSH 2FA Setup — Add two-factor authentication for an extra layer of protection
- Fail2Ban Guide — Automatically ban IPs after failed login attempts
- Lost SSH Access Recovery — Steps to recover if you get locked out
5. Firewall Setup (UFW)
Ubuntu 24.04 ships with UFW (Uncomplicated Firewall). Enable it and allow only the ports you need:
# Allow SSH (always do this first!)
sudo ufw allow OpenSSH
# Allow HTTP and HTTPS for web traffic
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable the firewall
sudo ufw enable
# Verify status
sudo ufw status verboseRate limiting, application profiles, port ranges, subnet rules, logging, and more.
⚠️ Warning: Always allow SSH before enabling UFW. If you're using Security Groups in the Cloud Control Panel, note that UFW and Security Groups work independently — both must allow traffic for it to reach your server.
6. Swap Space
Adding swap space provides a safety net when your applications temporarily exceed available RAM. This is especially useful on smaller instances.
Detailed instructions for creating swap files, tuning swappiness, and sizing recommendations per VPS plan.
Quick setup for a 2 GB swap file:
# Create a 2G swap file
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
# Make it permanent
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
# Verify
free -h7. Automatic Security Updates
Keeping your server patched against known vulnerabilities is critical. Ubuntu 24.04 can be configured to install security updates automatically using unattended-upgrades.
Complete walkthrough for Ubuntu/Debian, RHEL/AlmaLinux/Rocky, openSUSE, and Arch Linux — including email notifications and automatic reboots.
Quick-start for Ubuntu 24.04:
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure -plow unattended-upgrades8. LEMP Stack (Nginx + MySQL + PHP)
The LEMP stack uses Nginx as the web server, MySQL as the database, and PHP for server-side processing. It's the most popular stack for WordPress, Laravel, and other PHP applications due to Nginx's efficient handling of concurrent connections.
8a. Install Nginx
sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginxVerify Nginx is running by visiting http://YOUR_SERVER_IP — you should see the default Nginx welcome page.
8b. Install MySQL
sudo apt install mysql-server -y
sudo systemctl enable mysqlRun the security script to set a root password and remove insecure defaults:
sudo mysql_secure_installationRecommended answers: set a strong root password, remove anonymous users (Y), disallow remote root login (Y), remove test database (Y), and reload privilege tables (Y).
Database Deployment Guides
For more advanced database setups, see our dedicated guides:
- MySQL Deployment Guide — Replication, backups, performance tuning
- MariaDB Deployment Guide — Drop-in MySQL replacement with extra features
- PostgreSQL Deployment Guide — Advanced relational database
8c. Install PHP
sudo apt install php-fpm php-mysql php-cli php-curl php-gd php-mbstring php-xml php-zip -yVerify the PHP version and check that php-fpm is running:
php -v
sudo systemctl status php8.3-fpm8d. Configure an Nginx Virtual Host
Create a server block for your domain. Replace example.com with your actual domain:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}# Create the web root
sudo mkdir -p /var/www/example.com/html
sudo chown -R www-data:www-data /var/www/example.com
# Save the config above to:
sudo nano /etc/nginx/sites-available/example.com
# Enable it
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
# Test and reload
sudo nginx -t
sudo systemctl reload nginx8e. Test PHP Processing
echo '<?php phpinfo(); ?>' | sudo tee /var/www/example.com/html/info.phpVisit http://example.com/info.php. If you see the PHP info page, your LEMP stack is working. Delete this file afterward — it exposes sensitive configuration details:
sudo rm /var/www/example.com/html/info.php9. LAMP Stack (Apache + MySQL + PHP)
The LAMP stack uses Apache instead of Nginx. Choose LAMP if your application relies on .htaccess files or Apache-specific modules. If you already installed Nginx in Step 8, skip this section — running both web servers on the same ports will cause conflicts.
⚠️ Choose one: Install either the LEMP stack (Step 8) or the LAMP stack (Step 9), not both. They serve the same purpose with different web servers.
9a. Install Apache
sudo apt install apache2 -y
sudo systemctl enable apache2
sudo systemctl start apache2Verify Apache is running by visiting http://YOUR_SERVER_IP.
9b. Install MySQL
The MySQL installation is the same as in the LEMP stack above (Step 8b).
sudo apt install mysql-server -y
sudo systemctl enable mysql
sudo mysql_secure_installation9c. Install PHP for Apache
Apache uses libapache2-mod-php instead of php-fpm:
sudo apt install php libapache2-mod-php php-mysql php-cli php-curl php-gd php-mbstring php-xml php-zip -y9d. Configure an Apache Virtual Host
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/html
<Directory /var/www/example.com/html>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
</VirtualHost># Create web root
sudo mkdir -p /var/www/example.com/html
sudo chown -R www-data:www-data /var/www/example.com
# Save the config above to:
sudo nano /etc/apache2/sites-available/example.com.conf
# Enable site and mod_rewrite
sudo a2ensite example.com.conf
sudo a2enmod rewrite
sudo a2dissite 000-default.conf
# Test and reload
sudo apache2ctl configtest
sudo systemctl reload apache29e. Test PHP Processing
echo '<?php phpinfo(); ?>' | sudo tee /var/www/example.com/html/info.php
# Visit http://example.com/info.php, then remove:
sudo rm /var/www/example.com/html/info.php10. SSL Certificates
Once you have a domain pointed at your server and a web server running, add free SSL/TLS certificates from Let's Encrypt using Certbot. Our dedicated guide covers everything in detail:
Install Certbot, obtain certificates for Nginx or Apache, configure auto-renewal, and troubleshoot common issues.
Quick-start:
# For Nginx
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d example.com -d www.example.com
# For Apache
sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache -d example.com -d www.example.com
# Verify auto-renewal
sudo certbot renew --dry-runNext Steps
Your Ubuntu 24.04 server is now secured, updated, and running a full web server stack. Here are some recommended next steps depending on what you plan to deploy:
Deploy an Application
Harden Security
Use Docker Instead
If you prefer containerized deployments over bare-metal stacks:
→ Docker Basics Guide→ Docker Compose Guide