Ubuntu 24.04 LTS Server Setup: Complete Best Practices Guide (2026)

Why Ubuntu 24.04 LTS Is the Right Choice for Your Server

If you’re planning an Ubuntu 24.04 LTS server setup, you’ve made a smart decision. Ubuntu 24.04 LTS — codenamed “Noble Numbat” — is Canonical’s latest long-term support release, offering security patches and maintenance until April 2029. For production servers, this stability is invaluable: you get up-to-date packages, improved hardware support, and enhanced security features without the risk of a short-lived release cycle.

This guide walks you through a complete, hardened Ubuntu 24.04 LTS server setup — from initial installation to a production-ready state. Whether you’re running a web server, database backend, or application host, these steps apply universally.

Prerequisites and Requirements

Before you begin your Ubuntu 24.04 LTS server setup, make sure you have the following:

• Hardware or VPS: Minimum 1 vCPU, 1 GB RAM, 20 GB disk (2+ GB RAM recommended for production)
• Ubuntu 24.04 LTS ISO: Download from ubuntu.com/download/server
• SSH client: Terminal on Linux/macOS, or PuTTY/Windows Terminal on Windows
• A non-root user plan: You should never run production services as root

Step 1: Initial System Update

The very first thing to do after booting into your freshly installed Ubuntu 24.04 LTS server is update all packages. Even a freshly installed ISO can be weeks behind on patches:

1
2
3
4
sudo apt update && sudo apt upgrade -y

sudo apt dist-upgrade -y

sudo apt autoremove -y

sudo reboot

After the reboot, verify your kernel and OS version:

1
2
uname -r

lsb_release -a

You should see

and the latest available kernel version.

Step 2: Create a Non-Root Admin User

Running everything as root is a serious security risk. Create a dedicated admin user early in your Ubuntu 24.04 LTS server setup:

1
2
3
# Replace "adminuser" with your preferred username

sudo adduser adminuser

sudo usermod -aG sudo adminuser

Switch to the new user and verify sudo access:

1
2
3
su - adminuser

sudo whoami

# Expected output: root

Step 3: Configure SSH for Secure Remote Access

SSH is your primary access method — hardening it is non-negotiable. Edit the SSH daemon configuration:

1
sudo nano /etc/ssh/sshd_config

Apply these key changes:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Disable root login

PermitRootLogin no



# Use SSH key authentication only (disable passwords)

PasswordAuthentication no

PubkeyAuthentication yes



# Change default port (optional but recommended)

Port 2222



# Limit login attempts

MaxAuthTries 3



# Idle timeout (300 seconds = 5 minutes)

ClientAliveInterval 300

ClientAliveCountMax 2

Before restarting SSH, copy your SSH public key to the server:

1
2
# Run this on your LOCAL machine

ssh-copy-id -i ~/.ssh/id_rsa.pub adminuser@YOUR_SERVER_IP

Then restart the SSH service:

1
2
sudo systemctl restart sshd

sudo systemctl status sshd

Open a new terminal window to test the new SSH configuration before closing your existing session — this prevents locking yourself out.

Step 4: Configure UFW Firewall

Ubuntu 24.04 LTS ships with UFW (Uncomplicated Firewall). A proper firewall configuration is a core part of every Ubuntu 24.04 LTS server setup:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Set default policies

sudo ufw default deny incoming

sudo ufw default allow outgoing



# Allow SSH (adjust port if you changed it)

sudo ufw allow 2222/tcp



# Allow HTTP and HTTPS if running a web server

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp



# Enable the firewall

sudo ufw enable

sudo ufw status verbose

Only open ports you actively need. Every open port is a potential attack surface.

Step 5: Set Up Automatic Security Updates

Manually patching a server is error-prone. Ubuntu’s

package handles security patches automatically:

1
2
sudo apt install unattended-upgrades -y

sudo dpkg-reconfigure --priority=low unattended-upgrades

Verify the configuration:

1
sudo cat /etc/apt/apt.conf.d/20auto-upgrades

You should see:

1
2
APT::Periodic::Update-Package-Lists "1";

APT::Periodic::Unattended-Upgrade "1";

For email notifications on upgrades, install

and configure

with your admin email address.

Step 6: Configure the Hostname and Timezone

A proper hostname makes log analysis and multi-server setups much cleaner:

1
2
3
4
5
6
# Set hostname

sudo hostnamectl set-hostname your-server-name



# Update /etc/hosts

sudo nano /etc/hosts

# Add: 127.0.1.1   your-server-name

Set the correct timezone for accurate log timestamps:

1
2
3
4
5
6
7
8
# List available timezones

timedatectl list-timezones | grep Europe



# Set timezone

sudo timedatectl set-timezone Europe/Berlin



# Verify

timedatectl status

Step 7: Install Essential Server Tools

A minimal Ubuntu 24.04 LTS server installation is lean by design. These tools are commonly needed on any production server:

1
2
3
4
5
6
7
8
sudo apt install -y \

  curl wget git vim htop \

  net-tools nmap \

  fail2ban \

  logwatch \

  rsync \

  zip unzip \

  build-essential

Configure Fail2ban

Fail2ban automatically bans IPs with too many failed login attempts — critical for any internet-facing server:

1
2
3
4
5
6
sudo systemctl enable fail2ban

sudo systemctl start fail2ban



# Create a local jail config (never edit the main jail.conf)

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

sudo nano /etc/fail2ban/jail.local

In

, ensure SSH protection is active:

1
2
3
4
5
6
7
8
[sshd]

enabled = true

port = 2222

filter = sshd

logpath = /var/log/auth.log

maxretry = 3

bantime = 3600

findtime = 600

1
2
sudo systemctl restart fail2ban

sudo fail2ban-client status sshd

Step 8: Enable and Configure Swap (If Needed)

On servers with limited RAM (under 4 GB), a swap file acts as emergency overflow memory. This can prevent out-of-memory crashes:

1
2
3
4
5
6
7
8
9
10
11
12
# Create a 2 GB swap file

sudo fallocate -l 2G /swapfile

sudo chmod 600 /swapfile

sudo mkswap /swapfile

sudo swapon /swapfile



# Make permanent across reboots

echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab



# Adjust swappiness (10 = only use swap when RAM is 90% full)

echo 'vm.swappiness=10' | sudo tee -a /etc/sysctl.conf

sudo sysctl -p

Step 9: Set Up Log Rotation and Monitoring

Server logs grow fast. Ubuntu 24.04 LTS includes

by default, but you should verify it’s active and optionally configure

for daily log summaries:

1
2
3
4
5
6
7
8
# Check logrotate status

sudo logrotate --debug /etc/logrotate.conf



# Configure logwatch for daily reports

sudo nano /etc/logwatch/conf/logwatch.conf

# Set: Output = mail

# Set: MailTo = [email protected]

# Set: Detail = Med

For more advanced monitoring, consider installing Netdata or Prometheus + Grafana — both have excellent Ubuntu 24.04 support.

Step 10: Final Verification Checklist

Before declaring your Ubuntu 24.04 LTS server setup complete, run through this checklist:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# Check all active services

sudo systemctl list-units --type=service --state=running



# Verify firewall rules

sudo ufw status verbose



# Check SSH config

sudo sshd -T | grep -E "permitrootlogin|passwordauth|port"



# Review open ports

sudo ss -tlnp



# Verify fail2ban

sudo fail2ban-client status



# Check disk usage

df -h



# Check memory

free -h

Common Mistakes to Avoid in Your Ubuntu 24.04 LTS Server Setup

Even experienced sysadmins make these mistakes — knowing them in advance saves hours of troubleshooting:

• Disabling password auth before testing key auth — Always test SSH key login in a separate terminal before disabling password authentication
• Not enabling UFW before exposing the server to the internet — Set up the firewall first, then configure services
• Running web services as root — Use dedicated service users (www-data, postgres, etc.) with minimal permissions
• Ignoring automatic updates — Security patches are critical; automate them or schedule weekly manual updates
• Skipping swap on low-RAM VPS — Without swap, a memory spike can crash your server completely

Next Steps After Your Ubuntu 24.04 LTS Server Setup

With your base Ubuntu 24.04 LTS server setup complete, you’re ready to deploy your actual workloads. Common next steps include:

• Web server: Install Nginx or Apache2 with

  1	sudo apt install nginx

• Database: Set up PostgreSQL 16 or MariaDB 10.11 (both available in Ubuntu 24.04 repos)
• Docker: Install Docker Engine for containerized application deployments
• SSL certificates: Use Certbot (Let’s Encrypt) for free HTTPS certificates
• Backups: Configure automated backups with rsync or Bacula

A properly configured Ubuntu 24.04 LTS server is secure, maintainable, and ready for production workloads from day one. The 10 steps above give you a solid foundation — from there, every additional service you add builds on this hardened base.

Choosing the Right Ubuntu 24.04 LTS Server Edition

Before starting your Ubuntu 24.04 LTS server setup, it’s worth understanding which edition fits your use case. Canonical offers two main options:

• Ubuntu Server 24.04 LTS (minimal ISO): No GUI, command-line only. Best for headless servers, VPS, and cloud deployments. Smallest footprint, fastest boot time.
• Ubuntu Server 24.04 LTS (live server installer): Uses the Subiquity installer with a guided TUI. Supports LVM, software RAID, and cloud-init out of the box.

For cloud VPS deployments (AWS, Hetzner, DigitalOcean, OVH), providers typically offer pre-built Ubuntu 24.04 LTS images — no manual installation required. Simply select the image in your provider’s control panel and your server boots directly into Ubuntu 24.04 LTS.

Understanding Ubuntu 24.04 LTS System Services

Ubuntu 24.04 LTS uses

as its init system. Understanding a few key commands will make managing your server much easier throughout the lifetime of your Ubuntu 24.04 LTS server setup:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Check service status

sudo systemctl status nginx



# Start / stop / restart a service

sudo systemctl start nginx

sudo systemctl stop nginx

sudo systemctl restart nginx



# Enable service at boot

sudo systemctl enable nginx



# Disable service at boot

sudo systemctl disable nginx



# View recent logs for a service

sudo journalctl -u nginx -n 50 --no-pager



# Follow logs in real time

sudo journalctl -u nginx -f

The

command is invaluable for troubleshooting. Unlike traditional log files, systemd journals are binary and searchable, making it easy to filter by time, service, or severity level.

Network Configuration in Ubuntu 24.04 LTS

Ubuntu 24.04 LTS uses Netplan for network configuration — a YAML-based abstraction layer over NetworkManager or systemd-networkd. For static IP configuration:

1
sudo nano /etc/netplan/00-installer-config.yaml

Example static configuration:

1
2
3
4
5
6
7
8
9
10
11
12
network:

  version: 2

  ethernets:

    ens3:

      dhcp4: no

      addresses:

        - 192.168.1.100/24

      routes:

        - to: default

          via: 192.168.1.1

      nameservers:

        addresses: [8.8.8.8, 1.1.1.1]

Apply the new network configuration:

1
sudo netplan apply

Always verify connectivity after applying changes — especially when working on remote servers where a misconfiguration could lock you out.

Performance Tuning for Production Servers

Once your basic Ubuntu 24.04 LTS server setup is complete, consider these performance optimizations for production workloads:

Kernel Parameter Tuning (sysctl)

1
sudo nano /etc/sysctl.d/99-custom.conf

Add these settings for improved network and memory performance:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Increase TCP buffer sizes for high-throughput

net.core.rmem_max = 16777216

net.core.wmem_max = 16777216

net.ipv4.tcp_rmem = 4096 87380 16777216

net.ipv4.tcp_wmem = 4096 65536 16777216



# Reduce TIME_WAIT connections

net.ipv4.tcp_fin_timeout = 15

net.ipv4.tcp_tw_reuse = 1



# Enable SYN flood protection

net.ipv4.tcp_syncookies = 1



# Reduce swappiness for application servers

vm.swappiness = 10

vm.dirty_ratio = 15

vm.dirty_background_ratio = 5

1
2
# Apply immediately (without reboot)

sudo sysctl -p /etc/sysctl.d/99-custom.conf

Disk I/O Scheduler

For SSDs (common in VPS environments), the

scheduler removes the I/O queue overhead since SSDs handle parallelism natively:

1
2
3
4
5
# Check current scheduler

cat /sys/block/sda/queue/scheduler



# Set for SSD (temporary)

echo none | sudo tee /sys/block/sda/queue/scheduler

Backup Strategy for Ubuntu 24.04 LTS Servers

No Ubuntu 24.04 LTS server setup is complete without a backup strategy. Data loss is a matter of when, not if. Here are the most practical options:

• rsync + cron: Simple, reliable, no additional software. Syncs files to a remote server or NAS on a schedule.
• BorgBackup: Deduplicating, encrypted backups. Excellent for large servers with lots of data.
• Restic: Modern, cross-platform backup tool with S3/Backblaze support. Good choice for cloud storage backends.
• VPS Provider Snapshots: Most cloud providers (Hetzner, Contabo, DigitalOcean) offer one-click server snapshots. Easy to restore but less granular than file-level backups.

A minimal rsync backup to a remote server looks like this:

1
2
# Backup /var/www and /etc to remote server

rsync -avz --delete   /var/www/   /etc/   backup-user@backup-server:/backups/$(hostname)/

Automate with a daily cron job:

1
2
sudo crontab -e

# Add: 0 2 * * * rsync -avz /var/www/ backup@backup-server:/backups/www/

Conclusion

Setting up an Ubuntu 24.04 LTS server correctly from the start saves you from costly security incidents and painful troubleshooting later. The key pillars are always the same: keep the system updated, lock down SSH, configure a firewall, automate security patches, and monitor your logs. Follow this guide and you’ll have a production-ready Ubuntu 24.04 LTS server setup that’s both secure and maintainable for the years ahead.

• About the Author
• Latest Posts

Mark

Mark is a senior content editor at Text-Center.com and has more than 20 years of experience with linux and windows operating systems. He also writes for Biteno.com

• OpenClaw AI Agent Setup: Self-Hosted Automation Guide (2026)
• Ubuntu 24.04 LTS Server Setup: Complete Best Practices Guide (2026)
• Understanding What is VBA (Visual Basic for Applications)