If you are accessing Ubuntu Server 18.04 / 19.10 remotely and don’t know how to access terminal via SSH, please see one of the following guides:
- How to Log into Linux from Windows using PuTTY
- How to Log into Linux from Mac
- How to Log into Linux from DigitalOcean control panel
1. Create User with Superuser Privileges
If you already set up a superuser account during installation under your own name, you may skip this step.
The default root user is the administrative user in a Linux environment that has superuser privileges and you are discouraged from using it on a regular basis. For that reason, it is highly recommended that you set up an alternative account under your own name and assign it superuser privileges.
If you are logged in as root, you should see something like
root@servername:~$ . The
$ sign here indicates an account with superuser privileges.
In this example we are going to use the
adduser command to add a new user called john. The
sudo command at the beginning means “superuser do!” and tells Linux to run the ensuing command with elevated superuser privileges, otherwise you may get an access denied error.
sudo adduser john
You will be prompted to enter a new password. Generate a password and keep it safe. Note that as you enter passwords in Linux, there are no
* stars or dots and it will appear that nothing is being typed.
Once you’ve entered your new password, you will also be asked to enter contact details. You don’t have to fill these in, just press
ENTER for defaults.
Once the new user is created, give it superuser privileges using the
usermod command. The
-aG parameter means append to Group, and the name of the superuser group is
sudo usermod -aG sudo john
Once you run the command, you won’t get any feedback. Linux often works like this, if there’s no error returned, you can assume it worked.
We can now switch to our new account john using the
su command (substitute user).
sudo su - john
Enter the password you created previously if prompted.
Password: To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. john@servername:~$
Great, we are now logged in as john. From now on, you should only log into Ubuntu 18.04 / 19.10 using this new user.
2. Set up SSH Key-Based Authentication (optional)
You may skip this step but it is recommend for added security.
As well as offering additional security, SSH key authentication can be more convenient than the more traditional password authentication.
3. Set Up Firewall
It’s always a good idea to set up a firewall to make sure only connections to certain services are allowed. The default firewall configuration tool for Ubuntu 18.04 / 19.10 is
ufw. It provides a user friendly way to create an IPv4 or IPv6 host-based firewall.
If you are connected via SSH, allow OpenSSH as a firewall rule first so you don’t get locked out.
sudo ufw allow OpenSSH
If successful, you will see “Rules updated”.
Now enable the firewall and press
ENTER if prompted with a warning “Command may disrupt existing ssh connections.”.
sudo ufw enable
To check the status of the firewall, run:
sudo ufw status
Here we can see the OpenSSH rule we just added.
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)
4. Check the Timezone
To check if the server time and timezone are correct for your region, run:
If the date, time or timezone are incorrect, please see article:
5. Update Ubuntu 18.04 / 19.10
Run the following string of commands to download and install the latest packages. Commands are separated with
&& and will run in succession. If prompted to install packages, press
sudo apt update && sudo apt upgrade && sudo apt dist-upgrade
Once updated, you may need to reboot the server:
For more information on how packages are updated in Ubuntu, see:
6. Create Swap Space
Why would you need swap space? If your server ever runs out of physical memory during heavy load, some critical services such as MySQL can crash. It’s important to have some swap space where memory can expand to if really necessary.
7. Remote Desktop with VNC
If you would like to remotely manage your Ubuntu Server with a desktop environment, see:
8. Configure a Web Server
Now that you’ve completed the Ubuntu 18.04 / 19.10 Initial Server Setup, you may wish to set up a web server next.
You should decide whether you want to run a LAMP Stack (Linux/Apache/MySQL/PHP) or a LEMP Stack (Linux/Nginx/MySQL/PHP).
Apache is the most popular web server and has been around the longest whereas Nginx is newer but is catching up. As of 2018, Apache is used on 47% of web servers and Nginx is not far behind with 37%. By 2020 if trends continue, Nginx will be the most popular.
Bear in mind that if you go with Nginx there are quite a few differences in how Virtual Hosts are set up compared to Apache. Also, Nginx does not interpret
.htaccess files the way Apache does. If you’re used to working with Apache-based servers, go with that. Otherwise, why not give Nginx a try and learn something new?
We have one single guide for installing a LAMP stack or if you prefer you can do them separately for Apache, MySQL and PHP.
- Installing Apache, MySQL and PHP (LAMP Stack) on Ubuntu 18.04 / 19.10
You may also want to install phpMyAdmin for administering your MySQL databases.
To set up a free SSL cert for your domain:
You may want to install and configure an FTP server or configure SFTP.
- Installing an FTP server with vsftpd (Ubuntu 18.04 / 19.10)
- How to configure SFTP for a web server document root
We also have one single guide for installing a LEMP stack or separate guides for Apache, MySQL and PHP.
- Installing Nginx, MySQL, PHP (LEMP Stack) on Ubuntu 18.04 / 19.10
You may also want to install phpMyAdmin for administering your MySQL database.
To set up a free SSL cert for your domain:
- You may want to install and configure an FTP server or configure SFTP.
If you’re planning on running a web server, it’s important to make frequent automated backups of your web document root and databases should you ever accidentally alter data or suffer a hack. We have two articles here to help you configure automated backups.
- Automatically Back Up Your Web Server Doc Root with Tar and Cron
- How to Back Up MySQL Databases with Linux Command Line and Automate with Cron
Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.
p.s. I increased my AdSense revenue by 200% using AI 🤖. Read my Ezoic review to find out how.
In the past, usually the steps include disabling root ssh login once you have set up your main admin user (helps prevent brute force attacks on root), ie
setting PermitRootLogin to no in /etc/ssh/sshd_config
restart ssh with sudo service ssh restart
Most of the recent guides I have read don’t do this anymore – has this gone out of fashion?
You can do that, but a lot of people now run Linux on Cloud hosting these days and need shell access. Use Fail2ban to block brute force attacks and switch to Key-based authentication.
great clear tutorials/instructions, and security tips, however I had issues creating composer projects in /var/www/ folders, and had to do some hacks, which am sure are not secure, would like to read about your thoughts on composer and projects in /var/www/. Greatful
ich kann mich Champi nur anschließen:
eines der besten Tutorials hier im Netz. Alles funktioniert wie es soll und ist verständlich erklärt. Einfach nur Superklasse…! Würde mich ebenfalls freuen wenn du weitere Tutorials für uns hättest…!
one of the best tutorials i found on the net for setting up an ubuntu server from scratch!
everything works exactly as descriped! with the help of your guides i set up my superuser, firewall, apache, mysql, phpadmin, sftp etc.
please keep on your good work!
can you please also make a short guide to set up a mailserver and a cloud (owncloud or anything else)?
greets from germany
Glad they helped! 😉
I don’t think I’ll be doing a mail server or cloud guide. I mainly only do guides for myself so I can refer to them later and I haven’t needed to set up a mail server yet. I use Mailgun and Gmail to handle all my mail, I might do a guide on that soon.
is an onscreen keyboard installed by default? is it possible to avoid using it?
I’m not aware of any onscreen keyboard in Ubuntu Server 🤔
Thank You So much for these guides man, they’ve helped me out with my development environment 😀
No probs, man! 🙂
The second step seems to be missing?
1. Create User with Superuser Privileges
3. Set up SSH Key-Based Authentication (optional)
I suppose this second step is “install OpenSSH Server” because until this is done, ufw will not have a profile for OpenSSH.
That's fixed now, thanks. There was no step missing there, it was just numbered incorrectly.
On Ubuntu Server, OpenSSH Server is installed and enabled by default and a
ufwprofile is already present. This is not the case for Ubuntu Desktop.
OK, thanks for the clarification!