If you run PHP apps, WordPress, or a custom web project, you need a stack that is stable and simple to maintain. This tutorial shows you how to Install LAMP Stack on Ubuntu 26.04 LTS with Apache, MariaDB, and PHP, then configure it the right way so it is ready for real use.
I wrote this from the point of view of a sysadmin who wants the setup to work the first time and stay maintainable later. You will not just copy commands, because every step explains what it does and why it matters. That matters a lot when you are trying to build a setup that is safe, fast enough, and easy to debug.
Ubuntu 26.04 ships with current package versions in its default repositories, including Apache 2.4.66, MariaDB 11.8.6, and PHP 8.5.4. That means you can build a production-ready stack without extra repositories or guesswork. You also get a setup that fits well with common PHP apps and most beginner-to-intermediate Linux workflows.
This article is written as a practical Linux server tutorial for people who want a real server, not a toy example. You will see how to install each part, connect them, test them, and harden the stack for the web. By the end, you will know how to configure LAMP Stack on Ubuntu 26.04 in a way that makes sense in production.
Prerequisites
- Ubuntu 26.04 LTS installed on a server or VM.
- A user with
sudoaccess, or root access. - An active internet connection for package installation.
- At least 1 GB RAM and 10 GB disk space.
- A domain name if you plan to enable HTTPS later.
- SSH access to the server.
You also need a basic comfort level with the terminal. If you can run commands, edit config files, and restart services, you are ready to continue. The rest of this guide keeps the workflow simple and direct.
Step 1: Update Your System
Refresh package data
Start with a package update so your server knows about the latest available software.
sudo apt updateThis command refreshes the package list from Ubuntu repositories. You do this first because old package data can cause installation errors or pull in outdated dependencies.
Upgrade installed packages
Next, apply available updates.
sudo apt upgrade -yThis updates installed software to the latest versions available for your release. It matters because security fixes and dependency fixes often arrive before you install the LAMP packages.
Check whether a reboot is needed
If the update changed the kernel or core system libraries, reboot the server.
sudo rebootAfter the reboot, continue with the rest of the setup. I recommend this because it keeps your running kernel and installed packages in sync, which avoids strange service issues later.
Step 2: Install Apache
Install the web server
Apache is the web server layer in the stack.
sudo apt install -y apache2This installs Apache from Ubuntu’s default repository. That is useful because you get a package that matches the rest of the system instead of mixing in third-party builds.
Verify the service
Check that Apache is running.
sudo systemctl status apache2Expected output should include active (running).
apache2 -vExpected version output should show Apache 2.4.66 on Ubuntu 26.04. This step matters because you want to confirm the service started correctly before moving on to the database and PHP layers.
Open the firewall for web traffic
If UFW is enabled, allow Apache and SSH.
sudo ufw allow 'Apache Full'
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status verboseApache Full opens both HTTP and HTTPS, which saves time when you add SSL later. Opening SSH at the same time is important because you do not want to lock yourself out of the server.
Step 3: Install MariaDB
Install the database server
MariaDB handles the database layer.
sudo apt install -y mariadb-server mariadb-clientUbuntu 26.04 includes MariaDB 11.8.6 in its default repos, so this install stays simple and clean. I prefer this approach because it avoids extra repository setup and keeps maintenance easier.
Confirm MariaDB is active
Check the service status.
sudo systemctl status mariadbExpected output should show active (running) and MariaDB 11.8.6. You should always verify the service before moving on because a failed database service can look like a PHP problem later.
Secure the database
Run the built-in hardening script.
sudo mariadb-secure-installationThis script asks you to set a root password, remove anonymous users, disable remote root login, remove the test database, and reload privilege tables. You do these things because default database settings are designed for convenience, not for exposed servers.
Create a dedicated app user
Log into MariaDB and create a database user for your app.
sudo mariadbCREATE DATABASE appdb;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'StrongPass123!';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;This matters because your web app should never use the database root account. A limited user reduces damage if the application is ever compromised.
Step 4: Install PHP
Install PHP and common extensions
Now install PHP and the modules most PHP apps need.
sudo apt install -y php php-fpm php-mysql php-cli php-curl php-gd php-mbstring php-xml php-zip libapache2-mod-phpUbuntu 26.04 ships PHP 8.5 by default, and current sources show PHP 8.5.4 in this release line. That is useful because it means you can keep the stack current without extra PPAs.
Check the installed version
php -vExpected output should show PHP 8.5.4.
Why these extensions matter
php-mysqllets PHP talk to MariaDB.php-curlsupports API calls and remote requests.php-gdhelps with image processing.php-mbstringhandles multibyte text safely.php-xmlsupports XML parsing.php-ziphelps with archive handling.
You install them now because adding missing extensions later often means another restart and another short downtime window.
Step 5: Configure PHP-FPM with Apache
Enable the Apache proxy modules
Apache needs a bridge to send PHP requests to PHP-FPM.
sudo a2enmod proxy_fcgi setenvifThese modules let Apache forward PHP files to the PHP-FPM service instead of running PHP inside Apache workers. That gives you better process isolation and usually better memory use on busy servers.
Enable PHP-FPM support
sudo a2enconf php8.5-fpmThen restart the services.
sudo systemctl restart apache2
sudo systemctl enable --now php8.5-fpmCheck that PHP-FPM is running.
sudo systemctl status php8.5-fpmExpected output should show active (running) and a PHP 8.5 FPM master process. This step matters because it confirms Apache and PHP are working together through the correct handler.
Why PHP-FPM is better here
PHP-FPM keeps PHP separate from Apache. That is useful because Apache can focus on serving HTTP traffic while FPM manages PHP execution in its own pool. In practice, that gives you better control and a cleaner setup for future tuning.
Step 6: Test the Full Stack
Create a PHP test file
Make a simple test page.
echo '<?php phpinfo(); ?>' | sudo tee /var/www/html/info.phpThis file confirms that Apache can serve PHP content. It also helps you verify that PHP is being handled by FPM instead of a different module.
Open it in a browser
Visit your server IP address:
http://YOUR_SERVER_IP/info.phpYou should see the PHP info page. Look for FPM/FastCGI in the Server API field, because that confirms the PHP-FPM setup is active.
Remove the test file
After the test, delete it.
sudo rm /var/www/html/info.phpThat matters because phpinfo() exposes too much server detail. Leaving it online is a basic security mistake.
Test database connectivity
Create a second test that checks PHP and MariaDB together. This proves the full stack works end to end.
sudo nano /var/www/html/dbtest.php<?php
$conn = new mysqli("localhost", "appuser", "StrongPass123!", "appdb");
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected to MariaDB successfully.";
?>Open it in the browser and confirm the success message. This step is important because PHP working alone does not prove database access is correct.
Step 7: Configure LAMP Stack on Ubuntu 26.04 for a Site
Create a web root
For a real project, use a separate folder for your site.
sudo mkdir -p /var/www/example.com/public_html
sudo chown -R $USER:$USER /var/www/example.com/public_htmlThis gives your site its own document root. That is better than dumping everything into /var/www/html, because it keeps sites isolated and easier to manage.
Add a virtual host
Create a new Apache config file.
sudo nano /etc/apache2/sites-available/example.com.confUse a simple virtual host definition with your real domain and document root. Then enable it.
sudo a2ensite example.com.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2The default site is fine for a test, but not for a proper server. Turning it off helps avoid confusion and removes the stock Apache landing page.
Why this step matters
A virtual host gives each site its own settings, logs, and root path. That makes troubleshooting much easier, especially once you host more than one project.
Step 8: Harden the Server
Hide Apache version details
Edit Apache security settings.
sudo nano /etc/apache2/conf-enabled/security.confSet these values:
ServerTokens Prod
ServerSignature OffThis reduces the amount of version data exposed in headers and error pages. I always do this because version leakage helps attackers fingerprint a server.
Disable directory listing
Edit the Apache main config.
sudo nano /etc/apache2/apache2.confMake sure the relevant directory block does not include Indexes in the options line.
This prevents Apache from showing file lists if no index file exists. It is a small setting, but it closes an easy information leak.
Harden PHP settings
Edit the FPM PHP config.
sudo nano /etc/php/8.5/fpm/php.iniAdjust these lines:
expose_php = Off
display_errors = Off
log_errors = Onexpose_php removes the PHP version header. display_errors prevents sensitive stack traces from reaching the browser, which is important on any public server.
Restart services
Apply the changes.
sudo systemctl restart apache2 php8.5-fpmThis step matters because config edits do nothing until the services reload the new settings.
Step 9: Secure Apache with HTTPS
Install Certbot
For a real public site, HTTPS is not optional.
sudo apt install -y certbot python3-certbot-apacheThis installs the tools that let Apache request and renew Let’s Encrypt certificates automatically. That saves you from handling certificate files manually.
Request a certificate
Run Certbot against your domain.
sudo certbot --apache -d yourdomain.com -d www.yourdomain.comCertbot can edit Apache for you and set up the HTTPS redirect. That is useful because it keeps the SSL setup fast and reduces the chance of config mistakes.
Test renewal
sudo certbot renew --dry-runThis is important because Let’s Encrypt certificates expire, and renewal must work before the expiry date. A dry run tells you early whether the automation is healthy.
Troubleshooting
Apache will not start
Check whether port 80 is already in use.
sudo ss -tulpn | grep :80If another service is using the port, stop it or change its config. Apache cannot bind to a port that is already occupied.
PHP page downloads instead of opening
This usually means Apache is not passing .php files to PHP-FPM.
sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php8.5-fpm
sudo systemctl restart apache2This fixes the bridge between Apache and PHP-FPM. I see this mistake often when people install PHP but skip the Apache config step.
MariaDB login fails
Check whether the password is correct and whether root auth is local-only.
sudo mariadb-secure-installationIf needed, create a new app user instead of using root. That is cleaner and safer.
Firewall blocks the site
Open the Apache profile again.
sudo ufw allow 'Apache Full'
sudo ufw reloadThis usually fixes blocked web traffic. If SSH is also blocked, confirm the OpenSSH rule is still present before testing from a remote session.
PHP extension missing
Check installed modules.
php -mIf one is missing, install the matching package and restart PHP-FPM. Extension problems are common when people forget one dependency during the first install.
