Learn how to install and configure a secure, high-performance LAMP stack (Linux, Apache, MariaDB, PHP 8.3) on Ubuntu 25.04 server. This up-to-date 2025 tutorial covers both basic setup and advanced configurations like SSL, PHP tuning, and Apache hardening — perfect for web hosting and developers.
Prerequisites
Before starting, make sure our new Ubuntu server is ready. The following components should be installed and configured:
- A Ubuntu 25.04 installed dedicated server or KVM VPS.
- A root user or normal user with administrative privileges.
- A domain name with pointing A record to server.
Step 1: Update Your System
Start by refreshing your package index and upgrading all installed packages:
sudo apt update && sudo apt upgrade -y
Ubuntu 25.04 comes with Linux Kernel 6.8 and newer security models, so keeping the system up-to-date is essential before software installation.
Step 2: Install Apache Web Server
Apache remains the most flexible and widely supported web server. To install it:
sudo apt install apache2 -y
Enable Apache to start on boot:
sudo systemctl enable apache2
Verify Apache is running:
sudo systemctl status apache2
Now open your browser and visit your server IP (e.g., http://your_server_ip). You should see the Apache2 Ubuntu Default Page.
Step 3: Install MySQL (MariaDB) Database Server
Ubuntu 25.04 uses MariaDB as the default MySQL fork in official repositories. To install:
sudo apt install mariadb-server mariadb-client -y
Secure your installation:
sudo mysql_secure_installation
Follow prompts:
- Set a root password
- Remove anonymous users
- Disallow remote root login
- Remove test database
- Reload privilege tables
To check if MariaDB is running:
sudo systemctl status mariadb
Step 4: Install PHP and Required Modules
Ubuntu 25.04 ships with PHP 8.3 (as of release), which is optimal for modern applications.
Install PHP and extensions:
sudo apt install php libapache2-mod-php php-mysql php-cli php-curl php-gd php-mbstring php-xml php-zip -y
Check the installed PHP version:
php -v
To test PHP with Apache, create a test file:
echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php
- Visit: http://your_server_ip/info.php
- You should see the PHP info page. Once confirmed, remove the file for security:
sudo rm /var/www/html/info.php
Step 5: Adjust Firewall (If UFW Is Active)
If UFW firewall is enabled, allow Apache traffic:
sudo ufw allow in "Apache Full"
Then verify:
sudo ufw status
Step 6. Secure Apache (Disable Directory Listing & Hide Version Info)
Disable directory listing:
Edit Apache config:
sudo nano /etc/apache2/apache2.conf
Find this block:
<Directory /var/www/>
Options Indexes FollowSymLinks
Change it to:
<Directory /var/www/>
Options -Indexes +FollowSymLinks
Hide Apache version:
Edit:
sudo nano /etc/apache2/conf-available/security.conf
Set:
ServerTokens Prod
ServerSignature Off
Apply changes:
sudo systemctl restart apache2
Step 7. Enable Apache Modules for Speed and Security
sudo a2enmod rewrite headers ssl http2
sudo systemctl restart apache2
- rewrite: Enables clean URLs (used by most CMS platforms)
- headers: Required for setting secure HTTP headers
- ssl: Required for HTTPS
- http2: Enables faster, modern page loading
Step 8. Enable HTTPS with Free SSL (Let’s Encrypt)
Install Certbot for Apache:
sudo apt install certbot python3-certbot-apache -y
Issue SSL certificate:
sudo certbot --apache
It will:
- Install SSL
- Redirect HTTP → HTTPS
- Auto-renew certificate via systemd timer
Check renewal timer:
sudo systemctl list-timers | grep certbot
Step 9. Set Strong Apache Security Headers
Edit your virtual host or .htaccess file:
<IfModule mod_headers.c>
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Content-Security-Policy "default-src https: data: 'self'; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'"
</IfModule>
Step 10. Harden MariaDB Security Further
Disable remote root login (if not done):
sudo mysql -u root -p
Then run:
USE mysql;
UPDATE user SET Host='localhost' WHERE User='root';
FLUSH PRIVILEGES;
EXIT;
Step 11. Tune PHP for Performance
Edit php.ini:
sudo nano /etc/php/8.3/apache2/php.ini
Suggested changes:
memory_limit = 256M
upload_max_filesize = 64M
post_max_size = 64M
max_execution_time = 300
display_errors = Off
expose_php = Off
Restart Apache:
sudo systemctl restart apache2
Step 12. Enable OPCache (Boosts PHP Speed)
Ensure opcache is installed and enabled (comes with PHP 8.3):
php -i | grep opcache.enable
To configure it:
sudo nano /etc/php/8.3/apache2/php.ini
Add or uncomment:
[opcache]
opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=2
opcache.validate_timestamps=1
Then:
sudo systemctl restart apache2
Step 13. Set Up Virtual Hosts (If Hosting Multiple Sites)
Create a config file:
sudo nano /etc/apache2/sites-available/yourdomain.com.conf
Example:
<VirtualHost *:80>
ServerAdmin admin@yourdomain.com
ServerName yourdomain.com
ServerAlias www.yourdomain.com
DocumentRoot /var/www/yourdomain.com/public_html
<Directory /var/www/yourdomain.com/public_html>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/yourdomain_error.log
CustomLog ${APACHE_LOG_DIR}/yourdomain_access.log combined
</VirtualHost>
Enable and reload:
sudo a2ensite yourdomain.com.conf
sudo systemctl reload apache2
Step 14. Enable Gzip Compression
Edit:
sudo nano /etc/apache2/mods-enabled/deflate.conf
Ensure the following block is included:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/json
</IfModule>
Restart Apache:
sudo systemctl restart apache2
Step 15. Enable Logs Rotation for Apache & MariaDB
Ensure logrotate is installed:
sudo apt install logrotate -y
Default config for Apache:
cat /etc/logrotate.d/apache2
Custom rules can be added to /etc/logrotate.d/ for fine-tuning frequency and retention.
Step 16. Test Everything
- Apache Status: systemctl status apache2
- PHP Check: php -v
- MariaDB: sudo mysql -u root -p
- HTTPS Test: Visit https://yourdomain.com
- Logs: sudo tail -f /var/log/apache2/access.log
Final Notes
Congratulations — your Ubuntu 25.04 server now runs a complete LAMP stack, ready to host websites, CMS platforms (like WordPress), and custom web applications.
Ubuntu 25.04’s system improvements bring better memory handling and updated software versions, making your stack more secure and high-performing than ever.
Whether you’re hosting client sites, launching a side project, or scaling a production environment, this LAMP setup provides a solid, industry-standard foundation.
