Ubuntu 18.04 Initial Server Setup

Ubuntu 18.04 / 19.10 Initial Server Setup

Last updated on | 13 replies

In this guide we will configure your new Ubuntu 18.04 / 19.10 server and implement some best practices.


If you are accessing Ubuntu Server 18.04 / 19.10 remotely and don’t know how to access terminal via SSH, please see one of the following guides:

1. Create User with Superuser Privileges

If you already set up a superuser account during installation under your own name, you may skip this step.

The default root user is the administrative user in a Linux environment that has superuser privileges and you are discouraged from using it on a regular basis. For that reason, it is highly recommended that you set up an alternative account under your own name and assign it superuser privileges.

If you are logged in as root, you should see something like root@servername:~$  . The $ sign here indicates an account with superuser privileges.

In this example we are going to use the adduser command to add a new user called john. The sudo command at the beginning means  “superuser do!” and tells Linux to run the ensuing command with elevated superuser privileges, otherwise you may get an access denied error.

sudo adduser john

You will be prompted to enter a new password. Generate a password and keep it safe. Note that as you enter passwords in Linux, there are no * stars or dots and it will appear that nothing is being typed.

Once you’ve entered your new password, you will also be asked to enter contact details. You don’t have to fill these in, just press ENTER for defaults.

Once the new user is created, give it superuser privileges using the usermod command. The -aG parameter means append to Group, and the name of the superuser group is sudo.

sudo usermod -aG sudo john

Once you run the command, you won’t get any feedback. Linux often works like this, if there’s no error returned, you can assume it worked.

We can now switch to our new account john using the su command (substitute user).

sudo su - john

Enter the password you created previously if prompted.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.


Great, we are now logged in as john. From now on, you should only log into Ubuntu 18.04 / 19.10 using this new user.

2. Set up SSH Key-Based Authentication (optional)

You may skip this step but it is recommend for added security.

As well as offering additional security, SSH key authentication can be more convenient than the more traditional password authentication.

3. Set Up Firewall

It’s always a good idea to set up a firewall to make sure only connections to certain services are allowed. The default firewall configuration tool for Ubuntu 18.04 / 19.10 is ufw. It provides a user friendly way to create an IPv4 or IPv6 host-based firewall.

If you are connected via SSH, allow OpenSSH as a firewall rule first so you don’t get locked out.

sudo ufw allow OpenSSH

If successful, you will see “Rules updated”.

Now enable the firewall and press y and ENTER if prompted with a warning “Command may disrupt existing ssh connections.”.

sudo ufw enable

To check the status of the firewall, run:

sudo ufw status

Here we can see the OpenSSH rule we just added.

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

4. Check the Timezone

To check if the server time and timezone are correct for your region, run:


If the date, time or timezone are incorrect, please see article:

5. Update Ubuntu 18.04 / 19.10

Run the following string of commands to download and install the latest packages. Commands are separated with && and will run in succession. If prompted to install packages, press y and ENTER .

sudo apt update && sudo apt upgrade && sudo apt dist-upgrade

Once updated, you may need to reboot the server:

sudo reboot

For more information on how packages are updated in Ubuntu, see:

6. Create Swap Space

Why would you need swap space? If your server ever runs out of physical memory during heavy load, some critical services such as MySQL can crash. It’s important to have some swap space where memory can expand to if really necessary.

7. Remote Desktop with VNC

If you would like to remotely manage your Ubuntu Server with a desktop environment, see:

Xfce default Desktop via VNC

8. Configure a Web Server

Now that you’ve completed the Ubuntu 18.04 / 19.10 Initial Server Setup, you may wish to set up a web server next.

You should decide whether you want to run a LAMP Stack (Linux/Apache/MySQL/PHP) or a LEMP Stack (Linux/Nginx/MySQL/PHP).

Apache is the most popular web server and has been around the longest whereas Nginx is newer but is catching up. As of 2018, Apache is used on 47% of web servers and Nginx is not far behind with 37%. By 2020 if trends continue, Nginx will be the most popular.

Bear in mind that if you go with Nginx there are quite a few differences in how Virtual Hosts are set up compared to Apache. Also, Nginx does not interpret .htaccess files the way Apache does. If you’re used to working with Apache-based servers, go with that. Otherwise, why not give Nginx a try and learn something new?

Apache Guides

We have one single guide for installing a LAMP stack or if you prefer you can do them separately for Apache, MySQL and PHP.

You may also want to install phpMyAdmin for administering your MySQL databases.

To set up a free SSL cert for your domain:

You may want to install and configure an FTP server or configure SFTP.

Nginx Guides

We also have one single guide for installing a LEMP stack or separate guides for Apache, MySQL and PHP.

You may also want to install phpMyAdmin for administering your MySQL database.

To set up a free SSL cert for your domain:

9. Backups

If you’re planning on running a web server, it’s important to make frequent automated backups of your web document root and databases should you ever accidentally alter data or suffer a hack. We have two articles here to help you configure automated backups.

Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.

13 replies

Leave a reply

Your email address will not be published. Required fields are marked *

  1. In the past, usually the steps include disabling root ssh login once you have set up your main admin user (helps prevent brute force attacks on root), ie

    setting PermitRootLogin to no in /etc/ssh/sshd_config
    restart ssh with sudo service ssh restart

    Most of the recent guides I have read don’t do this anymore – has this gone out of fashion?

  2. great clear tutorials/instructions, and security tips, however I had issues creating composer projects in /var/www/ folders, and had to do some hacks, which am sure are not secure, would like to read about your thoughts on composer and projects in /var/www/. Greatful

  3. Hallo,
    ich kann mich Champi nur anschließen:
    eines der besten Tutorials hier im Netz. Alles funktioniert wie es soll und ist verständlich erklärt. Einfach nur Superklasse…! Würde mich ebenfalls freuen wenn du weitere Tutorials für uns hättest…!

  4. one of the best tutorials i found on the net for setting up an ubuntu server from scratch!

    everything works exactly as descriped! with the help of your guides i set up my superuser, firewall, apache, mysql, phpadmin, sftp etc.

    please keep on your good work!

    can you please also make a short guide to set up a mailserver and a cloud (owncloud or anything else)?

    greets from germany

    1. Glad they helped! 😉

      I don’t think I’ll be doing a mail server or cloud guide. I mainly only do guides for myself so I can refer to them later and I haven’t needed to set up a mail server yet. I use Mailgun and Gmail to handle all my mail, I might do a guide on that soon.

  5. Thank You So much for these guides man, they’ve helped me out with my development environment 😀

  6. The second step seems to be missing?
    1. Create User with Superuser Privileges
    3. Set up SSH Key-Based Authentication (optional)

    I suppose this second step is “install OpenSSH Server” because until this is done, ufw will not have a profile for OpenSSH.

    1. That's fixed now, thanks. There was no step missing there, it was just numbered incorrectly.

      On Ubuntu Server, OpenSSH Server is installed and enabled by default and a ufw profile is already present. This is not the case for Ubuntu Desktop.