Quick take: Install Apache, MySQL, and PHP on Ubuntu 24.04, configure a virtual host, test PHP safely, and harden the server for production.

Install Apache, MySQL, and PHP

sudo apt update
sudo apt upgrade
sudo apt install apache2 mysql-server php libapache2-mod-php php-mysql

Ubuntu packages receive security maintenance through APT. Confirm every component before deploying an application.

Start Apache and configure the firewall

sudo systemctl enable --now apache2
sudo ufw allow 'Apache Full'
curl -I http://127.0.0.1

If UFW is active, allow SSH before enabling it. Production sites should use HTTPS with a valid certificate.

Prepare MySQL safely

sudo systemctl enable --now mysql
sudo mysql
CREATE DATABASE appdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'use-a-long-random-password';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';

Create a least-privilege user for each application. Never place administrative database credentials in web code.

Create an Apache virtual host

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public
    ErrorLog ${APACHE_LOG_DIR}/example-error.log
    CustomLog ${APACHE_LOG_DIR}/example-access.log combined
</VirtualHost>
sudo a2ensite example.com
sudo a2dissite 000-default
sudo apache2ctl configtest
sudo systemctl reload apache2

Verify PHP and harden production

php --version
echo '<?php echo "PHP is working"; ?>' | sudo tee /var/www/example.com/public/index.php

Remove diagnostic pages such as phpinfo() after testing. Enable TLS, configure backups and monitoring, restrict ownership, automate security updates, validate application input, and protect secrets.

Production implementation workflow

A reliable implementation of an Ubuntu 24.04 LAMP stack requires more than copying commands. Treat Apache, MySQL, PHP, systemd, UFW, and TLS as an operated service with ownership, validation, monitoring, and rollback. The objective is to protect web applications and their databases while avoiding public database exposure, weak file permissions, missing TLS, and failed deployments. The following workflow turns a lab configuration into a repeatable production practice.

Plan the change before touching production

Record the owner, affected hosts, maintenance window, rollback trigger, and expected user impact. A short written plan prevents an urgent technical change from becoming an untraceable operational event. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Establish a clean baseline

Capture the current version, configuration, service state, resource usage, and recent errors. Without a baseline, a later difference may be blamed on the change even when it existed beforehand. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Use a canary first

Apply the procedure to one representative non-critical host before a fleet rollout. The canary should use the same repositories, network path, data shape, and startup behavior as production. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Keep configuration reviewable

Store local policy in a clearly named file, document why each non-default value exists, and protect secrets separately. Reviewable configuration is easier to audit, reproduce, and roll back. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Validate syntax before reload

Use the product's validation command before restarting or reloading a service. Syntax checks catch common quoting, indentation, path, and option errors without creating avoidable downtime. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Separate availability from correctness

A process that exists is not proof that the service performs useful work. Test the behavior users depend on and distinguish startup, readiness, liveness, and dependency failures. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Observe the rollout

Watch logs, service state, resource graphs, and application responses during the change. Continue observing after the first success because delayed failures often appear under traffic or scheduled work. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Define a rollback trigger

Choose measurable conditions that stop the rollout, such as repeated failures, rising latency, missing data, or an unexpected restart. Decide the rollback action before pressure makes the decision harder. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Automate cautiously

Automation should be idempotent, produce an audit trail, and fail safely. Test both the successful path and the partial-failure path, including what happens when a host is offline or a dependency is unavailable. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Document the final state

Record the effective configuration, commands used, validation evidence, exceptions, and follow-up work. Good documentation shortens the next maintenance window and supports incident response. For an Ubuntu 24.04 LAMP stack, collect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Run sudo apache2ctl configtest && curl -I http://127.0.0.1 where appropriate and compare the result with the recorded baseline. Do not continue merely because the command exited successfully; confirm the expected behavior from the perspective of the workload.

Make the decision visible to the next engineer. Note how the Apache virtual host, PHP configuration, and application environment affects apache2.service and mysql.service, which assumption was tested, and what result proves success. This extra context is especially important when addressing public database exposure, weak file permissions, missing TLS, and failed deployments, because the safest response depends on service design rather than a universal command.

Security and reliability checklist

Use this checklist before declaring an Ubuntu 24.04 LAMP stack complete:

  • Limit administrative access and apply least privilege.
  • Keep secrets out of HTML, shell history, logs, metrics labels, and source control.
  • Use supported packages and verify downloads or repository signatures.
  • Restrict network listeners to the hosts that genuinely require access.
  • Back up state and test restoration, not only backup creation.
  • Log configuration changes and retain enough history for investigation.
  • Monitor HTTP error rate, latency, worker utilization, database connections, disk space, and certificate expiry.
  • Patch dependencies and review release notes before major upgrades.
  • Test failure behavior, restart behavior, and the rollback procedure.
  • Assign an owner for alerts and maintenance rather than assuming someone will notice.

A disciplined troubleshooting method

When an Ubuntu 24.04 LAMP stack fails, begin with scope: one host, one application, one network segment, or the full fleet. Confirm time synchronization, because incorrect clocks make logs and certificates misleading. Check apache2.service and mysql.service, then inspect Apache configuration tests, HTTP responses, service journals, PHP logs, and database access. Work from the user-visible symptom toward the underlying component instead of changing several settings at once.

Form one hypothesis, collect evidence, make one reversible change, and test again. Preserve the original error and command output in the incident record. If rollback restores service, keep investigating in a safe environment; a successful rollback identifies the change boundary but does not automatically explain the root cause.

Ongoing maintenance

Review an Ubuntu 24.04 LAMP stack at least quarterly and after operating-system, container-engine, application, or monitoring upgrades. Remove obsolete exceptions, verify that alerts still reach an accountable person, and rehearse recovery. Capacity and traffic patterns change, so thresholds that were sensible during installation may later become noisy or dangerously permissive.

The strongest operational signal is not the existence of a configuration file. It is consistent evidence that the service works, failures are detected promptly, responders know what to do, and changes can be reproduced across web applications and their databases.

Official reference

Commands and defaults were checked against the official documentation. Confirm release-specific details before changing production systems.

Frequently asked questions

What does LAMP stand for?+

Linux, Apache, MySQL, and PHP.

Should MySQL be public?+

Usually no. Keep it local or on a restricted private network.

What comes after installation?+

Enable HTTPS, remove diagnostics, and configure backups, monitoring, and updates.

Need Linux or DevOps help?

Get practical support for servers, containers, monitoring, and automation.

Hire Me for Your Project