When you start a Python project on Ubuntu 26.04, you already have a Python interpreter available. The usual setup work is installing pip, adding the venv module, or installing a separate Python version for a project that needs something other than Ubuntu’s default Python.

This guide explains how to install Python tooling on Ubuntu 26.04, how to use the deadsnakes PPA for alternate Python versions, and how to build Python from source when you need a specific upstream release.

Ubuntu 26.04 Default Python Version #

Ubuntu 26.04 ships with Python 3.14 as the default Python 3 interpreter. To check the version on your system, run:

python3 --version

Python 3.14.1

The exact patch version may change as Ubuntu publishes updates, but the default interpreter remains Python 3.14. Most users should keep this interpreter in place and use virtual environments for project packages.

Do not replace the /usr/bin/python3 interpreter. Ubuntu tools expect the distribution-provided Python version. If a project needs a different Python release, install it alongside the default interpreter and call it by its versioned command, such as python3.13 or python3.15.

Quick Reference #

Installing pip and venv for the Default Python #

If Ubuntu’s default Python 3.14 is enough for your work, install pip and the virtual environment module from the Ubuntu repositories.

First, update the package index:

sudo apt update

Install pip and the virtual environment module:

sudo apt install python3-pip python3-venv

Verify the installed commands:

python3 --version
pip3 --version

On Ubuntu 26.04, python3 points to Python 3.14. Use a virtual environment for project dependencies instead of installing packages into the system Python environment.

Create a virtual environment with the default Python:

python3 -m venv myproject

Activate it:

source myproject/bin/activate

Inside the environment, python and pip point to the isolated project environment:

python --version
python -m pip --version

When you are done working in the project, deactivate the environment:

deactivate

Installing Python from the Deadsnakes PPA #

The deadsnakes PPA provides alternate Python versions packaged for Ubuntu. It now supports Ubuntu 26.04, including packages for Python versions that Ubuntu does not provide as the default interpreter.

Deadsnakes does not provide Python 3.14 for Ubuntu 26.04 because Ubuntu already includes Python 3.14. Use the PPA when you need another interpreter, such as Python 3.13 or the Python 3.15 preview builds.

1. Install the prerequisites and add the PPA:

   Terminal

   sudo apt update
   sudo apt install software-properties-common
   sudo add-apt-repository ppa:deadsnakes/ppa

   Press Enter when prompted to confirm.

2. Install Python 3.13:

   Terminal

   sudo apt update
   sudo apt install python3.13

   To install the Python 3.15 preview package instead, replace python3.13 with python3.15:

   Terminal

   sudo apt install python3.15

   Python 3.15 is still a preview release, so use it for testing rather than production workloads.

3. Verify the installation:

   Terminal

   python3.13 --version

   The command prints the installed Python 3.13 patch release. You can also confirm the binary location:

   Terminal

   which python3.13

4. Install the venv module for the same interpreter:

   Terminal

   sudo apt install python3.13-venv

   If you installed Python 3.15, use:

   Terminal

   sudo apt install python3.15-venv

5. Create a virtual environment and use pip inside it:

   Terminal

   python3.13 -m venv myproject
   source myproject/bin/activate
   python -m pip install --upgrade pip

Installing Python from Source #

Compiling Python from source allows you to install any version and customize the build options. However, you will not be able to manage the installation through the apt package manager.

The following steps show how to compile Python 3.14.4. If you are installing a different version, replace the version number in the commands below.

1. Install the libraries and dependencies required to build Python:

   Terminal

   sudo apt update
   sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev liblzma-dev

2. Download the source code from the Python download page using wget :

   Terminal

   wget https://www.python.org/ftp/python/3.14.4/Python-3.14.4.tgz

3. Extract the archive :

   Terminal

   tar -xf Python-3.14.4.tgz

4. Navigate to the source directory and run the configure script:

   Terminal

   cd Python-3.14.4
   ./configure --enable-optimizations

   The --enable-optimizations flag runs profile-guided optimization tests, which makes the build slower but produces a faster Python binary.

5. Start the build process:

   Terminal

   make -j $(nproc)

   The -j $(nproc) option uses all available CPU cores for a faster build.

6. Install the Python binaries using altinstall. Do not use install, as it overwrites the system python3 binary and can break system tools that depend on it:

   Terminal

   sudo make altinstall

7. Verify the installation:

   Terminal

   python3.14 --version

   output

   Python 3.14.4

Setting Up a Virtual Environment #

After installing a new Python version, create a virtual environment for your project to keep dependencies isolated:

python3.13 -m venv myproject

Activate the virtual environment:

source myproject/bin/activate

Your shell prompt will change to show the environment name. Inside the virtual environment, python and pip point to the version you used to create it.

For a source-built Python 3.14 installation, use the versioned command:

python3.14 -m venv myproject

To deactivate the virtual environment:

deactivate

For more details, see our guide on how to create Python virtual environments .

Optional: Uninstalling the PPA Version #

To remove the PPA version:

sudo apt remove python3.13 python3.13-venv

To remove the PPA itself:

sudo add-apt-repository --remove ppa:deadsnakes/ppa

Troubleshooting #

python3 already exists after installation
This is expected. Ubuntu 26.04 includes Python 3.14 by default, so the default setup usually adds missing tools such as pip3 or venv.

pip reports an externally managed environment
Ubuntu protects system-managed Python packages. Create a virtual environment with python3 -m venv myproject, activate it, and install packages with python -m pip install package-name inside the environment.

No module named venv
Install the matching venv package. For Ubuntu’s default Python, run sudo apt install python3-venv. For Python 3.13 from the PPA, run sudo apt install python3.13-venv.

Unable to locate package python3.13 or python3.15
Run sudo apt update after adding the deadsnakes PPA. If the package is still unavailable, check that the PPA supports your Ubuntu release and CPU architecture.

python3 still shows Python 3.14
The python3 command should continue to use Ubuntu’s default interpreter. Run the alternate version with its versioned command, such as python3.13 or python3.15.

Python 3.15 shows an alpha version
Python 3.15 is still a preview release. Use it for testing compatibility, and use Python 3.14 or another stable release for production projects.

FAQ #

Should I use the PPA or build from source?
Use the Ubuntu packages if Python 3.14 is enough. Use the deadsnakes PPA when you need an alternate packaged interpreter such as Python 3.13 or a Python 3.15 preview. Build from source only if you need a specific upstream patch release or a custom build configuration.

Will installing a new Python version break my system?
No. Both methods install the new version alongside the system Python 3.14. The system python3 command is not affected. You access the alternate version with python3.13, python3.15, or another explicit version command.

How do I make the new Python version the default?
You can use update-alternatives to configure it, but this is not recommended. Many Ubuntu system tools depend on the default python3 being the version that shipped with the OS. Use virtual environments instead.

How do I install pip for the new Python version?
The recommended approach is to use a virtual environment. Install the matching venv package, create a venv, activate it, and use python -m pip inside the environment.

What is the difference between install and altinstall when building from source?
altinstall installs a versioned binary such as python3.14 without creating a python3 symlink. install creates the symlink, which overwrites the system Python and can break Ubuntu system tools.

Does Ubuntu 26.04 include pip by default?
Ubuntu 26.04 includes Python 3.14 but does not include pip in the base installation. Install it with sudo apt install python3-pip. For alternate Python versions, use python -m pip inside a virtual environment.

Conclusion #

Stick with Ubuntu’s Python 3.14 plus python3-pip and python3-venv for most projects. Reach for the deadsnakes PPA when a project pins to 3.13 or wants to test the 3.15 preview, and build from source only for a specific upstream patch.

For more on Python package management, see our guide on how to use pip .

A fresh Ubuntu 26.04 server ships with root SSH access, no regular user, and no firewall rules. That works for the first login, but it is not a safe state to leave running on a public VPS.

This guide walks through the first tasks to perform on a new Ubuntu 26.04 server: creating a sudo user, enabling SSH key authentication, locking down SSH, configuring UFW, setting the hostname and timezone, and applying package updates.

Quick Reference #

Prerequisites #

Before starting, make sure you have:

• A new Ubuntu 26.04 server with a public IP address.
• Root access over SSH, either with a password or a provider-supplied key.
• A local SSH key pair on your workstation. If you do not have one yet, see how to generate SSH keys on Linux .
• Access to the provider web console as a backup path in case SSH access stops working.

Keep your original root SSH session open until you have tested the new user login and the hardened SSH configuration.

Log In as Root #

Open a terminal on your local machine and connect to the server using the public IP address from your hosting provider:

ssh root@server_ip_address

Accept the host key when prompted and enter the root password if password authentication is still enabled. If your provider created the server with an SSH key, the connection should use that key automatically.

Create a New Sudo User #

Working as root for daily administration is risky because every command runs with full privileges. Create a regular user account and give it administrative access through the sudo group.

Replace username with the account name you want to use:

adduser username

The command prompts for a password and optional user details. Enter a strong password, then press Enter to skip any fields you do not need.

Add the new user to the sudo group:

usermod -aG sudo username

The account can now run administrative commands with sudo.

Set Up SSH Key Authentication #

SSH keys are safer than password logins and are easier to use once configured. The exact command depends on where your public key is currently stored.

If your public key is already present under the root account, copy the root SSH directory to the new user:

rsync --archive --chown=username:username /root/.ssh /home/username

If you need to copy a key from your local workstation, run this command from the local machine:

ssh-copy-id username@server_ip_address

Open a new terminal window and test the login before changing the SSH server configuration:

ssh username@server_ip_address

The connection should succeed as the new user. Keep both the root session and the new user session open while you continue.

Disable Root Login and Password Authentication #

After key-based login works, configure OpenSSH to reject direct root logins and password authentication. Ubuntu includes files from /etc/ssh/sshd_config.d/, which keeps local changes separate from the main SSH configuration file.

Create a hardening snippet:

sudo nano /etc/ssh/sshd_config.d/99-hardening.conf

Add the following lines:

PermitRootLogin no
PasswordAuthentication no

Save the file and test the SSH configuration syntax:

sudo sshd -t

If the command prints no output, the configuration is valid. Reload SSH to apply the change:

sudo systemctl reload ssh

Open another terminal and confirm that you can still log in as the regular user:

ssh username@server_ip_address

Do not close your existing sessions until this test succeeds.

Set Up the Firewall with UFW #

Ubuntu uses UFW (Uncomplicated Firewall) as a simple front-end for managing host firewall rules. Start by allowing SSH so the firewall does not block your current access:

sudo ufw allow OpenSSH

Enable the firewall:

sudo ufw enable

Confirm the prompt with y, then check the active rules:

sudo ufw status

The output should show that OpenSSH is allowed:

Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)

When you install services such as Nginx or Apache, open their profiles before expecting traffic to reach them. For example, an Nginx server that should accept HTTP and HTTPS traffic needs:

sudo ufw allow 'Nginx Full'

For more examples, see how to set up a firewall with UFW .

Set the Hostname #

A descriptive hostname makes logs, shell prompts, monitoring alerts, and dashboards easier to read. Set the hostname with hostnamectl:

sudo hostnamectl set-hostname server-name

Replace server-name with a short name that matches the server role, such as web-01 or db-01.

Check the result:

hostnamectl

You can update DNS records or your local SSH config separately if you want to connect by name instead of IP address.

Set the Timezone #

Set the server timezone so logs, cron jobs, and timestamps match the region you use for operations:

sudo timedatectl set-timezone Europe/Berlin

List available zones if you are unsure of the exact name:

timedatectl list-timezones

See how to set or change the timezone on Ubuntu for a deeper explanation.

Update the System #

Refresh the package index and install pending updates:

sudo apt update
sudo apt upgrade

If the upgrade installed a new kernel or core system libraries, reboot the server:

sudo reboot

After the reboot, reconnect as the regular sudo user:

ssh username@server_ip_address

Troubleshooting #

Locked out after disabling password authentication
Use your provider web console or recovery mode to log in. Edit /etc/ssh/sshd_config.d/99-hardening.conf, temporarily set PasswordAuthentication yes, run sudo sshd -t, reload SSH, and test key login again before disabling passwords.

usermod: group 'sudo' does not exist
Some minimal images may not include the sudo package. Install it with apt install sudo, then rerun usermod -aG sudo username.

sshd -t reports an error
Read the line number in the error message, fix the snippet in /etc/ssh/sshd_config.d/99-hardening.conf, and run sudo sshd -t again. Do not reload SSH until the syntax test passes.

UFW blocks an expected service
Check the active rules with sudo ufw status. Allow the needed service profile or port, such as sudo ufw allow 'Nginx Full' for Nginx web traffic, then test the connection again.

Conclusion #

You now have an Ubuntu 26.04 server with a sudo user, key-based SSH access, direct root logins disabled, a basic firewall, and current packages. A good next step is to enable automatic security updates before installing the rest of your stack.

After installing Ubuntu 26.04, the desktop is ready to use, but a few setup steps make the system easier to work with day to day. Updating packages, checking drivers, installing media codecs, setting up backups, and reviewing privacy settings are good first tasks on a new installation.

This guide explains what to do after installing Ubuntu 26.04. The checklist is aimed at desktop users who want a clean, practical setup without adding unnecessary tools.

If you have not installed the system yet, start with our guide on how to install Ubuntu 26.04 . If you moved from an older release, see how to upgrade to Ubuntu 26.04 .

Quick Reference #

Update Ubuntu #

Start by updating the package index and installing available updates. This pulls in security fixes, bug fixes, and package updates released after the installation image was created.

Open a terminal and run:

sudo apt update
sudo apt upgrade

Enter your password when prompted and confirm the upgrade. If the update installs a new kernel or graphics driver, reboot before continuing:

sudo reboot

You can also update from the desktop by opening Software Updater from the application menu.

Install Available Drivers #

Ubuntu detects most hardware automatically, but some systems need proprietary drivers for graphics cards, Wi-Fi adapters, or other devices. This is common on laptops and systems with NVIDIA graphics.

Open Software & Updates, go to the Additional Drivers tab, and wait while Ubuntu checks available drivers. If Ubuntu recommends a proprietary driver, select it and apply the change. Reboot after installing graphics or Wi-Fi drivers.

If you selected the third-party software option during installation, your system may already have the correct driver installed. It is still worth checking this screen once on a new system.

Install Media Codecs #

Ubuntu does not include every media codec by default. If you want better support for common audio and video files, Microsoft fonts, and some archive formats, install the restricted extras package:

sudo apt install ubuntu-restricted-extras

During installation, you may be asked to accept the Microsoft font license. Use the keyboard to select OK, press Enter, then select Yes and press Enter again.

After the package is installed, try playing the video or audio file again. For most desktop users, this package is enough for everyday media playback.

Enable Flatpak and Flathub #

Ubuntu includes Snap support by default, and many applications are available from the Ubuntu App Center. Flatpak is another popular desktop app format, and Flathub provides current builds of many Linux desktop applications.

Install Flatpak and the GNOME Software plugin:

sudo apt install flatpak gnome-software-plugin-flatpak

Add the Flathub repository:

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Log out and log back in, or reboot, so desktop app integration is fully available:

sudo reboot

After that, you can install Flatpak applications from Flathub or from GNOME Software if the plugin is active.

Install Common Desktop Apps #

A fresh Ubuntu installation includes a browser, file manager, terminal, text editor, and basic utilities. Most users still add a few daily-use applications.

Common choices include:

• A web browser such as Google Chrome , Chromium, Microsoft Edge, or Firefox.
• A media player such as VLC.
• Development tools such as Node.js , Git, Python, Docker, or Visual Studio Code.
• Communication apps such as Slack, Discord, Zoom, or Teams.
• Desktop apps from Flathub when the Ubuntu repositories or Snap packages do not provide the version you want.

Use the Ubuntu App Center for simple desktop installs. Use apt when a package is available in Ubuntu repositories, and use the vendor’s official package only when you need the current upstream version.

Set Up Backups #

Set up backups before you spend too much time customizing the system. Backups are easier to trust when they are configured early and tested before you need them.

Open Settings > System > Backup and choose where to store your backups. An external drive is the simplest option for a single desktop or laptop. If you already use a cloud storage provider or network storage, configure that target instead.

At minimum, back up your home directory, which contains documents, downloads, browser profiles, SSH keys, and most application settings. If you keep important files outside your home directory, include those paths too.

After the first backup finishes, restore one small test file to confirm that the backup is usable.

Review Privacy and Security Settings #

Open Settings > Privacy & Security and review the options that match how you use the computer. On a laptop, pay special attention to location services, screen lock, automatic suspend, and notifications on the lock screen.

Good defaults for most systems are:

• Disable location services unless you use apps that need location access.
• Keep the screen lock enabled.
• Use a short automatic blank-screen delay on laptops.
• Hide notification details on the lock screen if the computer is used in public places.
• Review diagnostics and error reporting options.

If the computer is shared, create separate user accounts instead of sharing one login. Use an administrator account only when needed, and keep daily users separate when possible.

Enable the Firewall #

Ubuntu includes UFW, a simple firewall tool for managing incoming connections. On a typical desktop system, enabling UFW blocks unsolicited inbound traffic while allowing normal outbound connections.

Enable the firewall:

sudo ufw enable

Check the status:

sudo ufw status

Status: active

If you use SSH, file sharing, development servers, or remote desktop tools, allow those services before relying on the firewall rules. For a full command reference, see our UFW firewall guide .

Customize the Desktop #

Ubuntu 26.04 uses the GNOME desktop with Ubuntu’s dock and appearance settings. You can adjust the most common options from Settings > Appearance.

Useful settings to review include:

• Light or dark style.
• Accent color.
• Dock position and auto-hide behavior.
• Desktop icons.
• Default applications.
• Keyboard shortcuts.
• Display scaling for high-resolution screens.

Do not change every option at once. Make a few changes, use the desktop for a day, then adjust anything that still feels awkward.

Install GNOME Tweaks #

GNOME Tweaks exposes settings that are not shown in the default Settings app. It is useful for changing window behavior, fonts, startup applications, and a few interface details.

Install it with:

sudo apt install gnome-tweaks

Open Tweaks from the application menu. If you also use GNOME Shell extensions, install only the extensions you need and remove ones you no longer use. Too many extensions can make desktop upgrades harder to troubleshoot.

Improve Laptop Battery Life #

On laptops, start with the built-in power settings. Open Settings > Power and choose the profile that matches your current use:

• Power Saver for longer battery life.
• Balanced for normal use.
• Performance when you need maximum speed and the laptop is plugged in.

Also review screen brightness, automatic suspend, Bluetooth, and keyboard backlight settings. Small changes here often matter more than installing extra tools.

If you need more control, you can install TLP:

sudo apt install tlp

Start and enable the service:

sudo systemctl enable --now tlp

Use TLP only if you are comfortable troubleshooting power behavior. On many newer laptops, Ubuntu’s built-in power profiles are enough.

Remove Unused Packages #

After installing updates and applications, remove packages that were installed as dependencies but are no longer needed:

sudo apt autoremove

Review the package list before confirming. autoremove is usually safe, but it is still a good habit to read what will be removed.

You can also clear downloaded package files from the local cache:

sudo apt clean

This frees disk space, but it means packages will need to be downloaded again if you reinstall them later.

Check the Ubuntu Version #

After updates and any reboot, confirm that the system is running Ubuntu 26.04:

lsb_release -a

Distributor ID: Ubuntu
Description: Ubuntu 26.04 LTS
Release: 26.04
Codename: resolute

If lsb_release is not installed, you can check /etc/os-release:

cat /etc/os-release

For more options, see how to check your Ubuntu version .

Next Steps #

Once the desktop basics are in place, install the tools you need for your work. Developers may want Docker , Node.js, Git, Python, or Visual Studio Code. Desktop users may want Chrome, VLC, Flatpak apps, printer support, or cloud sync tools.

If you plan to use the machine as a server, create a separate setup plan. Desktop post-install tasks are different from server hardening, SSH access, service configuration, and firewall rules for hosted applications.

Conclusion #

Ubuntu 26.04 works well after a clean installation, but updates, drivers, codecs, backups, firewall settings, and desktop preferences make the system more practical for daily use. Start with the essentials, then add only the applications and customizations you actually need.

Installing Ubuntu 26.04 gives you a fresh long-term support desktop with the current Ubuntu installer, GNOME desktop, and updated system packages. A clean installation is the right choice when you are setting up a new computer, replacing another operating system, or starting over with a known-good system.

This guide explains how to install Ubuntu 26.04 from a bootable USB drive. We will download the ISO, create the installer USB, boot from it, walk through the installer screens, and review the first steps after the system starts.

Prerequisites #

Before you start, make sure you have:

• A computer where you want to install Ubuntu 26.04.
• A USB flash drive with at least 12 GB of storage.
• A reliable internet connection.
• A backup of any files you want to keep from the target computer.

Installing Ubuntu can erase the selected disk. If the computer already contains another operating system or personal files, back up your data before continuing.

If you already run an older Ubuntu release and want to keep your existing setup, see how to upgrade to Ubuntu 26.04 instead of doing a clean install.

Download the Ubuntu 26.04 ISO #

Download the Ubuntu 26.04 Desktop ISO from the official Ubuntu downloads page . Choose the 64-bit desktop image and save it to your computer. The file name should look similar to ubuntu-26.04-desktop-amd64.iso.

If Ubuntu publishes checksum files for the release, verify the ISO before writing it to the USB drive. This step confirms that the file downloaded correctly and was not corrupted.

Create a Bootable Ubuntu USB Drive #

Write the ISO file to a USB flash drive with a tool such as Rufus, balenaEtcher, GNOME Disks, or Startup Disk Creator. The exact steps depend on your current operating system, but the process is the same:

1. Select the Ubuntu 26.04 ISO file.
2. Select the USB flash drive.
3. Start the write process.
4. Wait until the tool finishes and safely ejects the drive.

Boot From the USB Drive #

Insert the USB drive into the computer where you want to install Ubuntu and restart the machine. Open the boot menu during startup and select the USB drive.

The key used to open the boot menu depends on the computer manufacturer. Common keys include F12, F10, F9, Esc, and Del. If the computer starts the existing operating system instead, restart and try the boot-menu key again.

When the Ubuntu boot menu appears, choose Try or Install Ubuntu.

Choose Language and Accessibility Options #

The installer starts with the language screen. Select your preferred language and click Next.

The next screen lets you configure accessibility options before installation. Most users can leave these settings unchanged and continue.

Select Keyboard Layout and Network #

Choose your keyboard layout. If you are unsure, use the text field on the screen to test keys such as quotes, symbols, and special characters.

Next, connect to the internet if the installer asks for network access. A wired Ethernet connection is usually detected automatically. For Wi-Fi, select your network and enter the password.

You can install Ubuntu without internet access, but connecting during installation allows the installer to download updates and third-party packages when those options are selected.

Choose the Installation Type #

When asked what you want to do, select Install Ubuntu.

The Try Ubuntu option starts a live desktop without changing the disk. Use it if you want to test hardware support before installing.

Choose Interactive Installation #

On the next screen, choose Interactive installation. This is the standard installer path for a single desktop computer.

The automated installation option is for advanced deployments where you provide an installation configuration file. Most desktop users should leave it unselected.

Select Apps and Third-Party Software #

Choose the application set you want to install. The default selection is a good fit for most desktop systems. The extended selection installs more applications during setup.

Ubuntu 26.04 uses Default selection for a smaller desktop setup and Extended selection for additional tools such as office utilities. Choose the default option if you want a clean desktop and plan to add applications later. Choose the extended option if you want more applications installed immediately.

The next screen offers proprietary software for graphics and Wi-Fi hardware, along with support for additional media formats.

Enable these options when you have a working internet connection. They can help with NVIDIA graphics, some Wi-Fi adapters, and common media playback.

Choose Disk Setup #

The disk setup screen is the most important part of the installation.

For a clean install on a dedicated computer or virtual machine, choose the option to erase the disk and install Ubuntu. This creates the required partitions automatically.

If you are installing Ubuntu next to another operating system, read the installer options carefully before continuing. Do not erase the disk unless you want to remove the existing operating system and all files on that disk.

Advanced users can choose manual partitioning to control mount points, file systems, and encryption. For most desktop installs, the automatic disk setup is simpler and less error-prone.

Choose Encryption and File System Options #

After choosing the disk setup, select the encryption and file system options. For a basic desktop installation, leave No encryption selected.

If you are installing Ubuntu on a laptop or a computer that stores private data, disk encryption is worth considering. Make sure you can store the recovery key safely, because encrypted data is difficult or impossible to recover without the correct passphrase or recovery key.

Create Your User Account #

Enter your name, computer name, username, and password. Choose a strong password because this account will be used for desktop login and administrative tasks with sudo .

You can choose automatic login if the computer is for personal use in a trusted location. For laptops, shared machines, and work systems, require a password at login.

Select Time Zone #

Select your time zone on the map or search for your city. The installer uses this setting to configure the system clock.

If you are connected to the internet, Ubuntu can usually detect the correct time zone automatically.

Review and Start the Installation #

Before copying files, the installer shows a summary of the selected options. Review the disk, keyboard layout, time zone, and account details.

When everything looks correct, start the installation. Ubuntu will copy files to the disk, install packages, configure the boot loader, and prepare the system for first boot.

The installation can take several minutes depending on your hardware and USB drive speed.

Restart Into Ubuntu 26.04 #

When the installer finishes, restart the computer and remove the USB drive when prompted.

After the reboot, the computer should start from the internal disk and show the Ubuntu login screen or desktop.

Ubuntu may show a short welcome wizard after the first login. Use it to review location services, privacy reporting, appearance, and application suggestions, or skip the options you do not need.

First Steps After Installing Ubuntu 26.04 #

After logging in, open a terminal and update the package index:

sudo apt update

Install available updates:

sudo apt upgrade

You can check your Ubuntu version with:

lsb_release -a

If this is a server or a machine you will access remotely, consider setting up SSH and a firewall. See our guides on enabling SSH on Ubuntu and setting up UFW on Ubuntu .

You may also want to install extra .deb packages for applications that are not available from the Ubuntu repositories. For details, see how to install deb files on Ubuntu .

For a typical desktop setup, you can install Google Chrome on Ubuntu 26.04 and, if you do development work, Docker on Ubuntu 26.04 .

Troubleshooting #

The computer does not boot from the USB drive
Open the boot menu and choose the USB device manually. If the USB drive is not listed, recreate it with another tool or try a different USB port.

The installer freezes or shows a blank screen
Restart and choose the safe graphics option from the Ubuntu boot menu. This can help on systems with graphics drivers that do not work well during installation.

The disk you want to use is not listed
Check the computer firmware settings for storage mode and disk controller options. On some systems, switching from RAID or Intel RST mode to AHCI is required before Linux installers can detect the disk. Back up data before changing storage settings.

Wi-Fi does not work during installation
Install without network access and connect after the first boot. If the Wi-Fi adapter needs third-party drivers, connect with Ethernet or USB tethering, then install updates and additional drivers from Ubuntu.

The system boots back into the installer after installation
Remove the USB drive and reboot. If it still opens the installer, check the boot order in the firmware settings and move the internal disk above the USB device.

FAQ #

Can I install Ubuntu 26.04 without internet access?
Yes. You can install Ubuntu without an internet connection. Updates, language packs, and some third-party packages can be installed after the first boot.

Will installing Ubuntu erase Windows?
It depends on the disk option you choose. Erasing the disk removes Windows and all files on that disk. If you want to keep Windows, choose the install-alongside option when available or use manual partitioning.

How much disk space does Ubuntu 26.04 need?
Ubuntu can install on a modest disk, but a desktop system is more comfortable with at least 25 GB of free space. Use more if you plan to install many applications, keep large files, or run development tools.

Should I choose default or extended installation?
Choose the default selection if you want a smaller desktop setup and plan to install applications as needed. Choose the extended selection if you want more desktop tools installed immediately.

Conclusion #

You now have Ubuntu 26.04 installed and ready to use. After the first login, install updates, confirm that your hardware works, and add only the applications and services you need for your setup.

VirtualBox is a desktop virtualization application that lets you run Linux, Windows, BSD, and other guest operating systems in virtual machines. It is useful for testing software, running lab environments, and keeping experiments separate from your main system.

This guide explains how to install VirtualBox on Ubuntu 26.04 from the Ubuntu multiverse repository.

At publication time, Ubuntu 26.04 packages VirtualBox 7.2 in the Ubuntu repositories. The Oracle VirtualBox APT repository does not yet provide a dedicated resolute repository suite, so the Ubuntu package is the safer install path for this release.

Quick Reference #

Prerequisites #

You need to be logged in as root or as a user with sudo privileges .

If Secure Boot is enabled, Ubuntu may ask you to enroll a Machine Owner Key (MOK) so the VirtualBox kernel modules can load. Follow the on-screen prompts and reboot when asked.

Installing VirtualBox from Ubuntu Repositories #

First, update the package index:

sudo apt update

Enable the multiverse repository if it is not already enabled:

sudo add-apt-repository multiverse

Refresh the package index again:

sudo apt update

Install VirtualBox:

sudo apt install virtualbox

After the installation finishes, check the installed version:

VBoxManage --version

The output prints the installed VirtualBox version:

7.2.6_Ubuntur172322

Installing the VirtualBox Extension Pack #

The VirtualBox Extension Pack adds support for features such as USB 2.0 and USB 3.0 devices, webcam passthrough, disk encryption, and remote display access.

Install the Ubuntu package:

sudo apt install virtualbox-ext-pack

The installer downloads the matching Oracle Extension Pack and asks you to accept the license terms. Read the prompt, then select the confirmation option if you agree.

Verify that the Extension Pack is installed:

VBoxManage list extpacks

Starting VirtualBox #

Open the Activities overview, search for “VirtualBox”, and start it from the application menu.

You can also start VirtualBox from the terminal:

virtualbox

When VirtualBox opens, click “New” to create your first virtual machine:

Uninstalling VirtualBox #

To remove VirtualBox and the Extension Pack:

sudo apt remove virtualbox virtualbox-ext-pack

Remove packages that are no longer needed:

sudo apt autoremove

If you want to remove saved virtual machines, delete them from the VirtualBox interface first or remove the files manually from your home directory. Do this only after you have backed up any virtual machines you still need.

Troubleshooting #

VirtualBox kernel modules do not load
Install the headers for your running kernel and reconfigure VirtualBox:

sudo apt install linux-headers-$(uname -r)
sudo dpkg-reconfigure virtualbox-dkms

Secure Boot blocks VirtualBox modules
Enroll the MOK key when Ubuntu prompts you, then reboot. If you skipped the enrollment screen, reinstall or reconfigure the VirtualBox DKMS package so Ubuntu shows the prompt again.

The virtualbox-ext-pack install stops at a license prompt
Use the keyboard to select the confirmation option in the terminal dialog. If the terminal dialog is hard to read, expand the terminal window and run the install command again.

USB devices do not appear in guest machines
Install the Extension Pack, add your user to the vboxusers group, and log out and back in:

sudo usermod -aG vboxusers $USER

FAQ #

Should I install VirtualBox from Oracle or Ubuntu repositories?
For Ubuntu 26.04, the Ubuntu repository package is the best default choice because it matches the release and kernel packaging. Use the Oracle repository only after Oracle publishes a repository suite for Ubuntu 26.04.

Do I need the Extension Pack?
You only need it for extra features such as USB 2.0/3.0 passthrough and remote display support. Basic virtual machines work without it.

Where are VirtualBox virtual machines stored?
By default, VirtualBox stores virtual machines under ~/VirtualBox VMs/.

Conclusion #

VirtualBox is available on Ubuntu 26.04 from the multiverse repository. After installation, add the Extension Pack only if you need its extra device and remote display features.

TeamViewer is a remote access and support application that lets you connect to another computer over the internet. It supports remote control, file transfer, screen sharing, and unattended access across Linux, Windows, and macOS.

This guide explains how to install TeamViewer on Ubuntu 26.04 using the official .deb package.

Quick Reference #

Prerequisites #

You need to be logged in as root or as a user with sudo privileges .

The command below downloads the x86-64 package. If you are using an ARM device, choose the correct Ubuntu/Debian package from the TeamViewer Linux download page .

Installing TeamViewer on Ubuntu 26.04 #

TeamViewer is proprietary software and is not available in the standard Ubuntu repositories. Download the official package with wget :

wget https://download.teamviewer.com/download/linux/teamviewer_amd64.deb

Install the package with apt:

sudo apt install ./teamviewer_amd64.deb

When prompted, type Y and press Enter.

During installation, the TeamViewer APT repository is added to your system. This allows TeamViewer to update through the same package manager you use for other Ubuntu packages.

Starting TeamViewer #

Open the Activities overview, search for “TeamViewer”, and click the application icon.

You can also start TeamViewer from the command line:

teamviewer

The first time TeamViewer starts, accept the license agreement. After that, the main TeamViewer window displays your ID and password. Share those values only with someone you trust, or enter a remote computer’s ID to start an outgoing connection.

Updating TeamViewer #

Check the repository file with cat :

cat /etc/apt/sources.list.d/teamviewer.list

The file should contain the TeamViewer stable repository:

deb https://linux.teamviewer.com/deb stable main

Update TeamViewer with the package manager:

sudo apt update
sudo apt upgrade teamviewer

You can also install updates through Ubuntu’s graphical Software Updater.

Uninstalling TeamViewer #

To remove TeamViewer while keeping its configuration files:

sudo apt remove teamviewer

To remove TeamViewer and its configuration files:

sudo apt purge teamviewer

If you also want to remove the TeamViewer repository:

sudo rm /etc/apt/sources.list.d/teamviewer.list
sudo apt update

Troubleshooting #

teamviewer: command not found after installation
Close and reopen your terminal, then try again. If the command is still missing, verify the package installation:

dpkg -l teamviewer

The installation fails because of missing dependencies
Ask apt to repair broken dependencies and retry the package install:

sudo apt --fix-broken install
sudo apt install ./teamviewer_amd64.deb

TeamViewer shows “Not ready. Please check your connection.”
Restart the TeamViewer daemon:

sudo systemctl restart teamviewerd

Check that the service is running:

systemctl status teamviewerd

You are using an ARM system
Do not install the teamviewer_amd64.deb package on ARM. Download the ARM package from TeamViewer’s Linux download page instead.

FAQ #

Is TeamViewer free on Ubuntu?
TeamViewer is free for personal, non-commercial use. Commercial use requires a paid license.

Can I install TeamViewer Host instead?
Yes. TeamViewer Host is meant for unattended access. Download the Host package from TeamViewer’s Linux download page and install it with apt the same way.

How do I connect to another computer?
Open TeamViewer, enter the remote computer’s ID in the partner ID field, and start the connection. Enter the remote password when prompted.

Conclusion #

TeamViewer installs on Ubuntu 26.04 from the official .deb package. The package also configures the TeamViewer repository so future updates are handled through Ubuntu’s package manager.

Google Chrome is a fast web browser with built-in Google account sync, automatic updates, password management, and support for modern web applications. It is not included in the standard Ubuntu repositories because it is proprietary software.

This guide explains how to install Google Chrome on Ubuntu 26.04 using the official Google .deb package.

Quick Reference #

Installing Google Chrome on Ubuntu #

The official Chrome package installs the browser and configures the Google APT repository so future updates arrive through the normal Ubuntu update process.

Download Google Chrome #

Open a terminal and use wget to download the latest stable package:

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

Install Google Chrome #

Install the package with apt. This command requires sudo privileges :

sudo apt install ./google-chrome-stable_current_amd64.deb

When prompted, enter your password and confirm the installation.

Starting Google Chrome #

Open the Activities overview, search for “Google Chrome”, and launch it:

You can also start Chrome from the terminal:

google-chrome

When Chrome starts for the first time, it asks whether you want to set it as the default browser and send crash reports:

Chrome then opens the welcome page:

From here, you can sign in with your Google account and sync bookmarks, history, passwords, and extensions.

Set Chrome as Default Browser #

To set Chrome as the default browser from the command line, run:

xdg-settings set default-web-browser google-chrome.desktop

Verify the current default browser:

xdg-settings get default-web-browser

google-chrome.desktop

Updating Google Chrome #

The Chrome package adds the Google repository to your system. Check the repository file with cat :

cat /etc/apt/sources.list.d/google-chrome.list

The file should contain a Google Chrome repository entry for the stable channel.

Chrome updates are installed through the standard Ubuntu update workflow:

sudo apt update
sudo apt upgrade

Uninstalling Google Chrome #

To remove Google Chrome, run:

sudo apt remove google-chrome-stable

Remove packages that are no longer needed:

sudo apt autoremove

If you also want to remove the Google Chrome repository file, delete it and update the package index:

sudo rm /etc/apt/sources.list.d/google-chrome.list
sudo apt update

Troubleshooting #

The installation fails with dependency errors
Fix broken dependencies and repeat the installation:

sudo apt --fix-broken install
sudo apt install ./google-chrome-stable_current_amd64.deb

Chrome does not start after installation
Close any running Chrome processes and start it again:

pkill -f chrome
google-chrome

The repository file is missing
Reinstall the downloaded package so the Chrome repository is recreated:

sudo apt install ./google-chrome-stable_current_amd64.deb

FAQ #

What is the difference between Chrome and Chromium?
Chromium is the open-source browser project that Chrome is based on. Chrome adds proprietary media codecs, Google account integration, and Google-managed update packaging.

Can I install Chrome Beta or Dev on Ubuntu?
Yes. Download the Beta or Dev .deb package from Google and install it with apt in the same way as the stable package.

Does Chrome update automatically on Ubuntu?
Chrome is updated by Ubuntu’s package manager after the Google repository is added. Run sudo apt update && sudo apt upgrade to install available updates.

Conclusion #

Google Chrome installs on Ubuntu 26.04 through the official .deb package. After installation, Chrome receives updates from the Google repository along with your other system packages.

Apache is one of the most popular web servers in the world. It is an open-source and cross-platform HTTP server that powers a large percentage of the Internet’s websites. Apache provides many powerful features that can be further extended through the use of additional modules, making it a good option for those looking for a customizable and flexible web server.

This tutorial will guide you through the process of installing and managing the Apache web server on Ubuntu 26.04. You will learn how to install Apache, open HTTP and HTTPS ports in the firewall, and set up virtual hosts.

Installing Apache #

On Ubuntu and Debian systems, the Apache package and the service are called apache2.

Apache is included in the default Ubuntu repositories, and the installation is pretty straightforward.

Run the following commands to refresh the local package index and install Apache:

sudo apt update
sudo apt install apache2

After the installation process is finished, the Apache service will start automatically.

You can verify that Apache is running by typing:

sudo systemctl status apache2

The output should tell you that the service is running and enabled to start on system boot:

● apache2.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Sat 2026-04-25 18:28:47 UTC; 5min ago
Invocation: d7369f2830cc4e29b4d03d6f2c0968ba
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 9429 (apache2)
Status: "Total requests: 2; Idle/Busy workers 100/0;Requests/sec: 0.00608; Bytes served/>
Tasks: 7 (limit: 375)
Memory: 12.4M (peak: 12.7M)
CPU: 168ms
CGroup: /system.slice/apache2.service
├─9429 /usr/sbin/apache2 -k start -DFOREGROUND
├─9432 /usr/sbin/apache2 -k start -DFOREGROUND
├─9433 /usr/sbin/apache2 -k start -DFOREGROUND
...

Apache has been successfully installed on your Ubuntu 26.04 server. You can now start using it.

Opening HTTP and HTTPS Ports #

Apache listens on port 80 (HTTP) and 443 (HTTPS). You need to open the necessary firewall ports to allow access to the web server from the Internet.

Assuming you are using UFW , you can do that by enabling the ‘Apache Full’ profile, which includes rules for both ports:

sudo ufw allow 'Apache Full'

Verify the change:

sudo ufw status

The output should look something like this:

Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
Apache Full ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)

Verifying the Apache Installation #

To verify that everything works correctly, open your browser, type your server IP address http://YOUR_IP_OR_DOMAIN/, and you will see the default Ubuntu 26.04 Apache welcome page as shown below:

The page provides basic information about Apache configuration files, relevant helper scripts, and directory locations.

Setting up a Virtual Host #

A virtual host allows Apache to serve more than one website from the same server. Each virtual host defines the settings for a specific domain.

Apache ships with one default virtual host. If you are hosting a single website, you can place the site files in /var/www/html and edit /etc/apache2/sites-enabled/000-default.conf. If you want to host multiple sites, create a separate virtual host file for each domain.

In this example, we will configure a site for example.com. Replace example.com with your own domain name.

First, create the document root directory:

Run the following command to create the directory :

sudo mkdir -p /var/www/example.com

Create a simple index.html file inside the document root so you can test the configuration:

<!DOCTYPE html>
<html lang="en" dir="ltr">
 <head>
 <meta charset="utf-8">
 <title>Welcome to example.com</title>
 </head>
 <body>
 <h1>Success! example.com home page!</h1>
 </body>
</html>

Set the ownership to the Apache user:

sudo chown -R www-data:www-data /var/www/example.com

Next, create the virtual host file:

<VirtualHost *:80>
 ServerName example.com
 ServerAlias www.example.com
 ServerAdmin webmaster@example.com
 DocumentRoot /var/www/example.com

 <Directory /var/www/example.com>
 Options -Indexes +FollowSymLinks
 AllowOverride All
 Require all granted
 </Directory>

 ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
 CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
</VirtualHost>

Enable the site:

sudo a2ensite example.com.conf

Test the configuration:

sudo apachectl configtest

If the syntax check passes, you will see the following output:

Syntax OK

Restart Apache:

sudo systemctl restart apache2

Now open http://example.com in your browser. If everything is configured correctly, you should see the test page.

Conclusion #

We have shown you how to install Apache on Ubuntu 26.04, open the required firewall ports, and configure a virtual host. From here, you can deploy your site content or continue with SSL and PHP setup.

Java is a popular programming language used for building applications and software solutions. It runs on all major operating systems and devices.

This guide covers installing OpenJDK and Oracle JDK on Ubuntu 26.04.

Quick Reference #

Before You Begin #

There are several Java implementations available. OpenJDK and Oracle JDK are the two most common choices. OpenJDK is the default option in Ubuntu and the best fit for most systems.

Ubuntu 26.04 includes OpenJDK packages for both the Java Runtime Environment (JRE) and the Java Development Kit (JDK). The JRE includes the Java virtual machine (JVM) and the libraries needed to run Java programs. The JDK includes the JRE plus the tools needed to build Java applications.

If you are not sure which package to install, start with the default OpenJDK version. Some applications require a specific Java release, so check the application documentation before you install it.

Installing OpenJDK in Ubuntu #

Check if Java is already installed:

java -version

If Java is not installed, the output will tell you the command is not found. Otherwise, it shows the installed version.

Update the package index:

sudo apt update

The current long-term supported (LTS) versions of Java are: 11, 17, 21, and 25. The default Java in Ubuntu 26.04 is Java 25, which you get by installing the default-jdk package.

Install latest LTS Java 25:

sudo apt install openjdk-25-jdk

Verify the installation:

java -version

openjdk version "25.0.3-ea" 2026-04-21
OpenJDK Runtime Environment (build 25.0.3-ea+7-Ubuntu-2)
OpenJDK 64-Bit Server VM (build 25.0.3-ea+7-Ubuntu-2, mixed mode, sharing)

JRE is included in the JDK package. If you need only JRE, install the openjdk-25-jre package. For minimal Java runtime, install the openjdk-**25**-jre-headless package.

Installing Oracle Java in Ubuntu #

Oracle JDK is not available in the default Ubuntu repositories. You can install it by downloading the .deb package from Oracle.

At the time of writing, Oracle’s downloads page offers both JDK 26, the latest feature release, and JDK 25, the latest LTS release. Oracle JDK 25 is available under Oracle No-Fee Terms and Conditions (NFTC), which allows free production use and redistribution for that release. If you plan to standardize on Oracle JDK, review Oracle’s current licensing terms before deployment.

Visit the Oracle Java Downloads page and select the version you need.

In this example, we will download and install Java 25 because it is the current LTS release. If you want the newest feature release instead, download JDK 26 from the same page. Choose the Linux x64 Debian Package for the version you want and download the .deb file.

If you are installing on a server, use wget to download the file:

wget https://download.oracle.com/java/25/latest/jdk-25_linux-x64_bin.deb

Install the package:

sudo apt install ./jdk-25_linux-x64_bin.deb

Replace the filename if you downloaded a different version.

Setting the Default Java Version #

If you have multiple Java versions installed, check the current default:

java -version

Change the default version with update-alternatives:

sudo update-alternatives --config java

You will see a list of installed Java versions:

There are 2 choices for the alternative java (providing /usr/bin/java).
Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/lib/jvm/jdk-25.0.3-oracle-x64/bin/java 419454976 auto mode
1 /usr/lib/jvm/java-25-openjdk-amd64/bin/java 2511 manual mode
2 /usr/lib/jvm/jdk-25.0.3-oracle-x64/bin/java 419454976 manual mode
Press <enter> to keep the current choice[*], or type selection number: 

Enter the number of the version you want as default and press Enter.

Verify the change:

java -version

Setting the JAVA_HOME Environment Variable #

Some Java applications use the JAVA_HOME environment variable to determine the JDK location.

First, find the Java installation path:

sudo update-alternatives --config java

The paths are:

• Oracle JDK 25 is located at /usr/lib/jvm/jdk-25-oracle-x64/bin/java
• OpenJDK 25 is located at /usr/lib/jvm/java-25-openjdk-amd64/bin/java

Open the /etc/environment file:

sudo nano /etc/environment

Add the following line (adjust the path for your preferred version):

JAVA_HOME="/usr/lib/jvm/java-25-openjdk-amd64"

Apply the changes:

source /etc/environment

Verify the variable is set:

echo $JAVA_HOME

/usr/lib/jvm/java-25-openjdk-amd64

Uninstalling Java #

Uninstall Java like any other package:

sudo apt remove openjdk-25-jdk

Replace the package name with the version you want to remove.

Conclusion #

We covered installing OpenJDK from the Ubuntu 26.04 repositories and downloading Oracle JDK manually. The default OpenJDK 25 works for most applications, but Java 26 is also available in the Oracle repositories for the latest features.

For more information, see the official OpenJDK documentation .

PHP is one of the most used server-side programming languages. Many popular CMS and frameworks such as WordPress, Magento, and Laravel are written in PHP.

This guide covers the steps necessary to install PHP on Ubuntu 26.04 and integrate it with Nginx and Apache. The default Ubuntu 26.04 repositories include PHP 8.5. We will also show you how to install other PHP versions.

Quick Reference #

Prerequisites #

To follow this guide, you need to be logged in as a user with sudo privileges .

Installing PHP 8.5 with Apache #

If you are using Apache as your web server, run the following commands to install PHP and the Apache PHP module:

sudo apt update
sudo apt install php libapache2-mod-php

Once the packages are installed, restart Apache for the PHP module to get loaded:

sudo systemctl restart apache2

Installing PHP 8.5 with Nginx #

Unlike Apache, Nginx does not have built-in support for processing PHP files. We will use PHP-FPM (FastCGI Process Manager) to handle PHP files.

Run the following commands to install PHP and the PHP-FPM package:

sudo apt update
sudo apt install php-fpm

If apt cannot locate php-fpm, make sure the Universe repository is enabled. Standard Ubuntu installations usually include it, but minimal images may have only the core repository components enabled:

sudo apt install software-properties-common
sudo add-apt-repository universe
sudo apt update
sudo apt install php-fpm

Once the installation is completed, the FPM service starts automatically. To check the status of the service, run:

sudo systemctl status php8.5-fpm

● php8.5-fpm.service - The PHP 8.5 FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php8.5-fpm.service; enabled; preset: enabled)
Active: active (running) since Sat 2026-04-26 09:15:22 UTC; 12s ago

You can now edit the Nginx server block and add the following lines so that Nginx can process PHP files:

server {

 # . . . other code

 location ~ \.php$ {
 include snippets/fastcgi-php.conf;
 fastcgi_pass unix:/run/php/php-fpm.sock;
 }
}

The /run/php/php-fpm.sock path is managed through alternatives on Ubuntu. If that symlink does not exist, list the available sockets and use the versioned PHP-FPM socket shown by your system:

ls -l /run/php/

Restart the Nginx service so that the new configuration takes effect:

sudo systemctl restart nginx

Installing PHP Extensions #

PHP extensions are compiled libraries that extend the core functionality of PHP. Extensions are available as packages and can be easily installed with apt :

sudo apt install php-[extname]

For example, to install the MySQL and GD extensions, run:

sudo apt install php-mysql php-gd

Here are some of the most commonly used PHP extensions:

To install all commonly needed extensions at once:

sudo apt install php-mysql php-curl php-gd php-mbstring php-xml php-zip php-intl php-opcache php-bcmath

After installing a new PHP extension, restart Apache or PHP-FPM depending on your setup:

sudo systemctl restart apache2

Or for Nginx with PHP-FPM:

sudo systemctl restart php8.5-fpm

To list all installed PHP modules:

php -m

Testing PHP Processing #

To confirm that the web server can process PHP files, create a new info.php file in /var/www/html:

echo '<?php phpinfo();' | sudo tee /var/www/html/info.php

Open http://your_server_ip/info.php in your browser. If PHP is configured correctly, you will see the PHP information page:

sudo rm /var/www/html/info.php

Installing Other PHP Versions #

Ondřej Surý, a Debian developer, maintains a repository that includes multiple PHP versions. This is a third-party source, so use it only if you need a different PHP version than what Ubuntu provides. To enable the repository , run:

sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php

You can now install any PHP version you need by appending the version number to the package name:

sudo apt install php[version]

For example, to install PHP 8.3 and a few common modules:

sudo apt install php8.3 php8.3-cli php8.3-common php8.3-opcache php8.3-gd php8.3-curl php8.3-mysql php8.3-mbstring php8.3-xml

Switching Between PHP Versions #

If you have multiple PHP versions installed, you can switch the default CLI version using update-alternatives:

sudo update-alternatives --set php /usr/bin/php8.3

To interactively choose the default version:

sudo update-alternatives --config php

For Apache, disable the current PHP module and enable the one you want:

sudo a2dismod php8.5
sudo a2enmod php8.3
sudo systemctl restart apache2

For Nginx, update the PHP-FPM socket path in your server block to point to the correct version, then restart Nginx:

sudo systemctl restart nginx

Checking the PHP Version #

To check which PHP version is installed on your system, run:

php -v

PHP 8.5.4 (cli) (built: Apr 1 2026 09:36:11) (NTS)
Copyright (c) The PHP Group
Built by Ubuntu
Zend Engine v4.5.4, Copyright (c) Zend Technologies
with Zend OPcache v8.5.4, Copyright (c), by Zend Technologies

PHP Configuration Files #

PHP configuration files are located at:

• Main config: /etc/php/8.5/cli/php.ini (CLI) and /etc/php/8.5/apache2/php.ini (Apache) or /etc/php/8.5/fpm/php.ini (FPM)
• FPM pool config: /etc/php/8.5/fpm/pool.d/www.conf
• Extension configs: /etc/php/8.5/mods-available/

After changing any configuration, restart the relevant service:

sudo systemctl restart php8.5-fpm

Uninstalling PHP #

To remove PHP and related packages, you can purge them and clean up dependencies:

sudo apt purge 'php*'
sudo apt autoremove

FAQ #

What PHP version does Ubuntu 26.04 include?
Ubuntu 26.04 ships with PHP 8.5 in its default repositories.

What is the difference between php and php-fpm?
The php package includes the CLI interpreter and the Apache module. The php-fpm package provides a FastCGI Process Manager used by Nginx and other web servers that do not have built-in PHP support.

Can I run multiple PHP versions at the same time?
Yes. You can install multiple PHP versions from the Ondřej Surý PPA and configure each virtual host or server block to use a different PHP version.

Do I need to restart Apache or Nginx after installing an extension?
Yes. After installing a PHP extension, restart Apache (sudo systemctl restart apache2) or PHP-FPM (sudo systemctl restart php8.5-fpm) for the extension to be loaded.

Where is the php.ini file located?
PHP uses separate php.ini files for each SAPI. The CLI config is at /etc/php/8.5/cli/php.ini, the Apache config at /etc/php/8.5/apache2/php.ini, and the FPM config at /etc/php/8.5/fpm/php.ini.

Conclusion #

We have shown you how to install PHP 8.5 on Ubuntu 26.04 with both Apache and Nginx. You can now install extensions, configure PHP, and start building your applications.

If you have any questions, feel free to leave a comment below.

Nginx (pronounced “engine x”) is an open-source, high-performance HTTP and reverse proxy server used by some of the largest sites on the Internet. It can act as a standalone web server, load balancer, content cache, and proxy for HTTP and non-HTTP services.

This guide explains how to install Nginx on Ubuntu 26.04, configure the firewall, and manage the service.

Prerequisites #

Before continuing, make sure you are logged in as a user with sudo privileges , and that no other service such as Apache is running on port 80 or 443.

Installing Nginx #

Nginx is available in the default Ubuntu repositories. To install it, run:

sudo apt update
sudo apt install nginx

Once the installation is completed, the Nginx service starts automatically. To verify it is running:

sudo systemctl status nginx

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: active (running) since Fri 2026-04-25 15:00:00 UTC; 10s ago
...

Nginx is now installed and running. You can manage the Nginx service in the same way as any other systemd unit.

Configuring the Firewall #

Now that Nginx is running, you need to make sure the firewall allows traffic on HTTP (80) and HTTPS (443). If you are using ufw , enable the Nginx Full profile which covers both ports:

sudo ufw allow 'Nginx Full'

To verify the firewall status:

sudo ufw status

Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
Nginx Full ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)

Testing the Installation #

To confirm Nginx is serving requests, open http://YOUR_IP in a browser. You should see the default Nginx welcome page. You can also test from the command line:

curl -I http://localhost

HTTP/1.1 200 OK
Server: nginx/1.28.3 (Ubuntu)
...

Nginx Configuration Structure #

• All Nginx configuration files are located in /etc/nginx/.
• The main configuration file is /etc/nginx/nginx.conf.
• Create a separate configuration file for each domain to keep things manageable. Server block files are stored in /etc/nginx/sites-available/ and must be symlinked to /etc/nginx/sites-enabled/ to be active.
• Follow the standard naming convention: if your domain is mydomain.com, name the file /etc/nginx/sites-available/mydomain.com.conf.
• The /etc/nginx/snippets/ directory holds reusable configuration fragments that can be included in server block files.
• Log files (access.log and error.log) are located in /var/log/nginx/. Use a separate log file per server block.
• Common document root locations: /var/www/<site_name>, /var/www/html/<site_name>, or /home/<user>/<site_name>.

Conclusion #

Nginx is now installed and ready to serve your applications on Ubuntu 26.04. To set up multiple sites on the same server, see the guide on Nginx server blocks .

PostgreSQL is an open-source, object-relational database management system known for its reliability, feature set, and standards compliance. It is widely used in production environments ranging from small applications to large-scale data warehouses.

This guide explains how to install PostgreSQL 18 on Ubuntu 26.04, set up roles and authentication, and configure remote access.

Prerequisites #

To follow this guide, you need to be logged in as a user with sudo privileges .

Installing PostgreSQL on Ubuntu 26.04 #

The default Ubuntu 26.04 repositories include PostgreSQL 18.

Start by updating the local package index:

sudo apt update

Install the PostgreSQL server and the contrib package, which provides several additional features:

sudo apt install postgresql postgresql-contrib

Once the installation is completed, the PostgreSQL service starts automatically. Use the psql tool to verify the installation by connecting to the PostgreSQL server and printing its version :

sudo -u postgres psql -c "SELECT version();"

 version
----------------------------------------------------------------------------------------------------------------------------------
PostgreSQL 18.3 (Ubuntu 18.3-1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 15.2.0-14ubuntu1) 15.2.0, 64-bit
(1 row)

PostgreSQL has been installed and is ready to use.

PostgreSQL Roles and Authentication #

Database access in PostgreSQL is managed through roles. A role can represent a database user or a group of database users.

PostgreSQL supports several authentication methods . The most commonly used are:

• Trust lets a role connect without a password, as long as the conditions in pg_hba.conf are met.
• Password lets a role connect by providing a password. Passwords can be stored as scram-sha-256 or md5.
• Ident is supported on TCP/IP connections. It obtains the client’s operating system username, with optional mapping.
• Peer works like Ident, but for local connections only.

PostgreSQL client authentication is defined in pg_hba.conf. By default, PostgreSQL uses the peer authentication method for local connections.

The postgres user is created automatically during installation. It is the superuser for the PostgreSQL instance, equivalent to the MySQL root user.

To log in to the PostgreSQL server as the postgres user, use the sudo command:

sudo -u postgres psql

You can also switch to the user first:

sudo su - postgres
psql

To exit the PostgreSQL shell, type:

\q

Creating a Role and Database #

Only superusers and roles with the CREATEROLE privilege can create new roles.

The following example creates a role named john, sets a password for the role, and creates a database named johndb owned by that role:

1. Create a new PostgreSQL role:

   Terminal

   sudo -u postgres createuser john

2. Set a password for the role:

   Terminal

   sudo -u postgres psql

   sql

   ALTER ROLE john WITH ENCRYPTED PASSWORD 'strong_password';

   Use a real password here. Do not store it in shell history, scripts, or version control.

3. Create a new database owned by that role:

   Terminal

   sudo -u postgres createdb johndb --owner=john

Because john owns the database, it can create objects in the default public schema without additional grants.

Enabling Remote Access #

By default, PostgreSQL only listens on localhost (127.0.0.1).

To allow remote connections, open the PostgreSQL configuration file:

sudo nano /etc/postgresql/18/main/postgresql.conf

Find the listen_addresses line in the CONNECTIONS AND AUTHENTICATION section and set it to '*' to listen on all interfaces:

listen_addresses = '*'

Save the file and restart the PostgreSQL service:

sudo systemctl restart postgresql

Verify that PostgreSQL is now listening on all interfaces:

ss -nlt | grep 5432

LISTEN 0 244 0.0.0.0:5432 0.0.0.0:*
LISTEN 0 244 [::]:5432 [::]:*

The next step is to configure which hosts are allowed to connect by editing pg_hba.conf:

sudo nano /etc/postgresql/18/main/pg_hba.conf

Add rules at the bottom of the file. Some examples:

# TYPE DATABASE USER ADDRESS METHOD
# Allow jane to connect to all databases from anywhere using a password
host all jane 0.0.0.0/0 scram-sha-256
# Allow jane to connect only to janedb from anywhere
host janedb jane 0.0.0.0/0 scram-sha-256
# Allow jane to connect from a trusted host without a password
host all jane 192.168.1.134 trust

Reload PostgreSQL to apply the changes:

sudo systemctl reload postgresql

Finally, open port 5432 in the firewall. To allow access from a specific subnet:

sudo ufw allow proto tcp from 192.168.1.0/24 to any port 5432

Conclusion #

We have shown you how to install PostgreSQL 18 on Ubuntu 26.04 and covered the basics of roles, authentication, and remote access. For more details, consult the PostgreSQL 18 documentation .

MySQL is one of the most popular open-source relational database management systems. It is fast, easy to manage, scalable, and an integral part of the popular LAMP and LEMP stacks.

This guide explains how to install and secure MySQL 8.4 on an Ubuntu 26.04 machine. Upon completion, you will have a fully functional database server that you can use for your projects.

Quick Reference #

Prerequisites #

To follow this guide, you need to be logged in as a user with sudo privileges .

Installing MySQL on Ubuntu 26.04 #

The default Ubuntu 26.04 repositories include MySQL 8.4.

Start by updating the local package index:

sudo apt update

Install the MySQL server package:

sudo apt install mysql-server

Once the installation is completed, the MySQL service starts automatically. To verify that the MySQL server is running, type:

sudo systemctl status mysql

The output should show that the service is enabled and running:

● mysql.service - MySQL Community Server
Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; preset: enabled)
Active: active (running) since Fri 2026-04-25 09:14:23 UTC; 15s ago
Process: 1234 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
Main PID: 1242 (mysqld)
Status: "Server is operational"
Tasks: 38 (limit: 4558)
Memory: 362.4M
CPU: 1.183s
CGroup: /system.slice/mysql.service
└─1242 /usr/sbin/mysqld

If the server fails to start, you can check the logs with journalctl :

sudo journalctl -u mysql

To check the installed version, run:

mysql --version

mysql Ver 8.4.8-0ubuntu1 for Linux on x86_64 ((Ubuntu))

Securing MySQL #

MySQL includes a script named mysql_secure_installation that helps you improve the database server security.

Run the script:

sudo mysql_secure_installation

You will be asked to configure the VALIDATE PASSWORD component, which tests the strength of MySQL users’ passwords:

Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy. Press y to enable the password validation plugin, or any other key to skip:

There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

Next, you will be asked to remove the anonymous user, restrict root user access to the local machine, remove the test database, and reload privilege tables. Answer y to all questions:

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.
All done!

Logging In as Root #

You can interact with the MySQL server from the command line using the MySQL client utility, which is installed as a dependency of the MySQL server package.

On Ubuntu 26.04, the MySQL root account uses the auth_socket plugin by default. This plugin authenticates users that connect from localhost through the Unix socket file, which means you cannot authenticate as root by providing a password.

To log in to the MySQL server as the root user, type:

sudo mysql

You will be presented with the MySQL shell:

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.4.8-0ubuntu1 (Ubuntu)
Copyright (c) 2000, 2024, Oracle and/or its affiliates.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>

To exit the MySQL shell, type exit or press Ctrl+D.

Changing Root Authentication #

If you want to log in to your MySQL server as root using an external program such as phpMyAdmin, you have two options.

Option 1: Change the Authentication Method #

Change the authentication method from auth_socket to caching_sha2_password:

ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'very_strong_password';
FLUSH PRIVILEGES;

Option 2: Create a Dedicated Administrative User #

The recommended approach is to create a new administrative user with access to all databases:

CREATE USER 'administrator'@'localhost' IDENTIFIED BY 'very_strong_password';
GRANT ALL PRIVILEGES ON *.* TO 'administrator'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Creating a Database and User #

Once MySQL is secured, you can create databases and user accounts. For example, to create a database named myapp and a user that has access to it:

Log in to the MySQL shell:

sudo mysql

Create the database:

CREATE DATABASE myapp;

Create a user and grant privileges on the database:

CREATE USER 'myappuser'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON myapp.* TO 'myappuser'@'localhost';
FLUSH PRIVILEGES;

To allow the user to connect from any host (for remote access), replace 'localhost' with '%'.

Enabling Remote Access #

By default, MySQL only listens on localhost (127.0.0.1). To allow remote connections, you need to change the bind address.

Open the MySQL configuration file:

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

Find the line that starts with bind-address and change it to 0.0.0.0 to listen on all interfaces, or to a specific IP address:

bind-address = 0.0.0.0

Restart the MySQL service for the changes to take effect:

sudo systemctl restart mysql

For production, consider enabling TLS so remote connections are encrypted. This protects credentials and data in transit when connecting over untrusted networks.

Configuring the Firewall #

If you have a firewall enabled and want to allow connections to MySQL from remote machines, you need to open port 3306.

To allow access from a specific IP address:

sudo ufw allow from 192.168.1.100 to any port 3306

To allow access from any IP address (not recommended for production):

sudo ufw allow 3306/tcp

FAQ #

What version of MySQL does Ubuntu 26.04 include?
Ubuntu 26.04 ships with MySQL 8.4 in its default repositories. To check the exact version installed on your system, run mysql --version.

What is the difference between auth_socket and caching_sha2_password?
auth_socket authenticates users based on the operating system user connecting through the Unix socket. No password is needed, but you must use sudo. caching_sha2_password uses traditional password-based authentication.

How do I reset the MySQL root password?
Stop the MySQL service with sudo systemctl stop mysql, start it with --skip-grant-tables, log in without a password, run ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'new_password';, then restart the service normally.

Is mysql_native_password still supported?
It is still available, but it is deprecated and disabled by default in MySQL 8.4. Use caching_sha2_password for new installations unless you have a specific compatibility requirement.

Can I install a newer MySQL release on Ubuntu 26.04?
Yes. If you need a newer release than the one in the Ubuntu repositories, you can use the official MySQL APT repository . For most setups, the Ubuntu package is the simplest choice.

Conclusion #

We have shown you how to install and secure MySQL 8.4 on Ubuntu 26.04. Now that your database server is up and running, your next step could be to learn how to manage MySQL user accounts and databases .

Docker is an open-source container platform that lets you build, test, and run applications as portable containers. Containers package the application code together with its dependencies, which makes it easier to run the same workload across development machines, test environments, and servers.

Docker is widely used in development workflows and DevOps pipelines because it keeps application environments predictable.

This tutorial explains how to install Docker on Ubuntu 26.04.

Supported Ubuntu Versions #

Docker is available from the standard Ubuntu repositories, but those packages are often outdated. To ensure you get the latest stable version, we will install Docker from the official Docker repository.

At the time of writing, the Docker repository provides packages for current supported Ubuntu releases, including Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, and Ubuntu 22.04 LTS.

Prerequisites #

Before you begin, make sure that:

• You are running a 64-bit supported Ubuntu version
• You have a user account with sudo privileges
• Your system is connected to the internet and up to date

Uninstall any old or conflicting Docker packages first to avoid potential issues:

sudo apt remove docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc

Installing Docker on Ubuntu 26.04 #

Installing Docker on Ubuntu is relatively straightforward. We will enable the Docker repository, import the repository GPG key, and install the Docker packages.

Step 1: Update the Package Index and Install Dependencies #

First, update the package index and install packages required to use repositories over HTTPS :

sudo apt update
sudo apt install ca-certificates curl

Step 2: Import Docker’s Official GPG Key #

Add Docker’s official GPG key so your system can verify package authenticity:

sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Step 3: Add the Docker APT Repository #

Add the Docker repository to your system:

sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/ubuntu
Suites: $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}")
Components: stable
Architectures: $(dpkg --print-architecture)
Signed-By: /etc/apt/keyrings/docker.asc
EOF

$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") reads your Ubuntu codename from the OS release file. On Ubuntu 26.04 it returns resolute.

Step 4: Install Docker Engine #

Now that the Docker repository is enabled, update the package index and install Docker:

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Installing a Specific Docker Version (Optional) #

If you want to install a specific Docker version instead of the latest one, first list the available versions:

sudo apt update
apt list --all-versions docker-ce

The available Docker versions are printed in the second column:

docker-ce/resolute 5:29.4.0-1~ubuntu.26.04~resolute amd64
docker-ce/resolute 5:29.3.1-1~ubuntu.26.04~resolute amd64
docker-ce/resolute 5:29.3.0-1~ubuntu.26.04~resolute amd64
...

Install a specific version by adding =<VERSION> after the package name:

DOCKER_VERSION="<VERSION>"
sudo apt install docker-ce=$DOCKER_VERSION docker-ce-cli=$DOCKER_VERSION containerd.io docker-buildx-plugin docker-compose-plugin

Replace <VERSION> with the exact version string returned by apt list --all-versions docker-ce.

Verify the Docker Installation #

On most Ubuntu systems, the Docker service starts automatically after installation. If it does not, start it manually:

sudo systemctl start docker

Check the service status:

sudo systemctl status docker

The output will look something like this:

● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled)
Active: active (running)
...

You can also confirm that the client and daemon are responding:

sudo docker version

To verify that Docker can pull and run containers correctly, run the test image:

sudo docker run hello-world

If the image is not found locally, Docker will download it from Docker Hub, run the container, print a “Hello from Docker” message, and exit.

The container stops after printing the message because it has no long-running process.

Run Docker Commands Without sudo (Highly Recommended) #

By default, only root and a user with sudo privileges can run Docker commands.

To allow a non-root user to execute Docker commands, add the user to the docker group:

sudo usermod -aG docker $USER

$USER is an environment variable that holds the currently logged-in username. If you want to execute commands with another user, replace $USER with that username.

Run newgrp docker or log out and log back in for the group membership changes to take effect.

After that, you can rerun the test container without sudo :

docker run hello-world

Updating Docker #

When a new Docker version is released, update it using standard system commands:

sudo apt update
sudo apt upgrade

To prevent Docker from being updated automatically, mark it as held:

sudo apt-mark hold docker-ce

Uninstalling Docker #

Before uninstalling Docker, it is recommended to remove all containers, images, volumes, and networks :

Run the following commands to stop all running containers and remove all Docker objects:

docker container stop $(docker container ls -aq)
docker system prune -a --volumes -f

Remove Docker packages:

sudo apt purge docker-ce docker-ce-cli containerd.io \
docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
sudo apt autoremove

To completely remove Docker data from your system, delete the directories that were created during the installation process:

sudo rm -rf /var/lib/{docker,containerd}

Troubleshooting #

Permission denied while trying to connect to the Docker daemon socket
Your user is not yet in the docker group, or the group membership has not taken effect. Run sudo usermod -aG docker $USER, then log out and back in (or run newgrp docker).

Cannot connect to the Docker daemon. Is the daemon running?
The Docker service is not running. Start it with sudo systemctl start docker and check its status with sudo systemctl status docker.

Package ‘docker-ce’ has no installation candidate
The Docker repository was not added correctly. Re-run Steps 2 and 3, then run sudo apt update before installing.

Containers fail to start after an OS or Docker upgrade
Check the Docker daemon status, the installed Docker version, and your container runtime configuration. If the host or Docker Engine was upgraded recently, review the Docker release notes and verify that your workloads are using a supported configuration before restarting them.

Conclusion #

Installing Docker from the official repository ensures you always have access to the latest stable releases and security updates. For post-install steps such as configuring log drivers or setting up rootless mode, see the official post-install guide .

Node.js is an open-source JavaScript runtime built on Chrome’s V8 engine. It lets you run JavaScript outside the browser and is commonly used for APIs, command-line tools, and server-side applications. npm is the default package manager for Node.js.

This guide covers three ways to install Node.js and npm on Ubuntu 26.04:

• NodeSource repository - Install a specific Node.js version. NodeSource supports Node.js v25.x, v24.x, and v22.x.
• nvm (Node Version Manager) - Manage multiple Node.js versions on the same machine. This is the preferred method for developers.
• Ubuntu repository - The easiest way. Ubuntu 26.04 includes Node.js v22.x, which is suitable for many applications.

Choose the method that fits your needs. If you are not sure which version to install, check the documentation of the application you are deploying.

Quick Reference #

Installing Node.js and npm from NodeSource #

NodeSource maintains an APT repository with multiple Node.js versions. Use this method when you need a specific version.

Install the required dependencies:

sudo apt update
sudo apt install ca-certificates curl gnupg

Import the NodeSource GPG key:

sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg

NodeSource provides the following versions:

• v25.x - The current release.
• v24.x - The latest LTS version (Krypton).
• v22.x - Maintenance LTS version (Jod).

We will install Node.js version 24.x. Change NODE_MAJOR=24 to your preferred version if needed:

NODE_MAJOR=24
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list

Install Node.js and npm:

sudo apt update
sudo apt install nodejs

The nodejs package includes both node and npm binaries.

Verify the installation:

node --version

You should see output similar to this:

v24.x

npm --version

The output will show the npm version bundled with the installed Node.js release:

11.x

To compile native addons from npm, install the development tools:

sudo apt install build-essential

Installing Node.js and npm using NVM #

NVM (Node Version Manager) is a bash script that lets you manage multiple Node.js versions per user. This is the preferred method for developers who need to switch between versions.

Download and install nvm:

wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash

Do not use sudo , as it will enable nvm for the root user only.

The script clones the repository to ~/.nvm and adds the required lines to your shell profile:

=> Close and reopen your terminal to start using nvm or run the following to use it now:
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion

Either close and reopen your terminal or run the commands above to load nvm in the current session.

Verify the installation:

nvm -v

0.40.3

List all available Node.js versions:

nvm list-remote

...
v22.x (LTS: Jod)
...
v24.x (LTS: Krypton)
...
v25.x

Install the latest Node.js version:

nvm install node

...
Now using node v25.x (npm v11.x)
Creating default alias: default -> node (-> v25.x)

Verify the installation:

node -v

v25.x

Install additional versions:

nvm install --lts
nvm install 22

List installed versions:

nvm ls

-> v22.x
v24.x
v25.x
default -> node (-> v25.x)
iojs -> N/A (default)
unstable -> N/A (default)
node -> stable (-> v25.x) (default)
stable -> 25 (-> v25.x) (default)
lts/* -> lts/krypton (-> v24.x)
lts/jod -> v22.x
lts/krypton -> v24.x

The arrow (-> v22.x) indicates the active version. The default version activates when opening new shells.

Switch to a different version:

nvm use 24

Now using node v24.x (npm v11.x)

Change the default version:

nvm alias default 24

Installing Node.js and npm from the Ubuntu repository #

Ubuntu 26.04 includes Node.js v22.x in its default repositories. This version works well for many applications and receives security updates through Ubuntu.

Install Node.js and npm:

sudo apt update
sudo apt install nodejs npm

This installs Node.js along with the tools needed to compile native addons from npm.

Verify the installation:

node -v

v22.x

npm -v

10.x

Uninstalling Node.js #

The uninstall method depends on how you installed Node.js.

NodeSource or Ubuntu repository:

sudo apt remove nodejs
sudo apt autoremove

nvm:

nvm uninstall 24

To completely remove nvm, delete the ~/.nvm directory and remove the nvm lines from your ~/.bashrc or ~/.zshrc file.

Conclusion #

We covered three ways to install Node.js and npm on Ubuntu 26.04. NodeSource provides specific versions, nvm offers flexibility for managing multiple versions, and the Ubuntu repository includes a stable LTS version out of the box.

For more information, see the official Node.js documentation .

Ubuntu 26.04 LTS (Resolute Raccoon) was released on April 23, 2026. It ships with Linux kernel 7.0, GNOME 50, Python 3.14, PHP 8.5, Java 25, TPM-backed full-disk encryption, post-quantum cryptography support in OpenSSL, and a Wayland-only GNOME session. As an LTS release, it receives standard security updates for five years, with expanded coverage available through Ubuntu Pro.

This guide shows how to upgrade to Ubuntu 26.04 LTS from the command line. Ubuntu 25.10 systems can upgrade now, while Ubuntu 24.04 LTS systems will be offered the standard upgrade path after Ubuntu 26.04.1 is released.

If you prefer a clean setup or do not have an existing Ubuntu installation, follow our guide on how to install Ubuntu 26.04 instead.

Prerequisites #

You need to be logged in as root or a user with sudo privileges to perform the upgrade.

You can upgrade to Ubuntu 26.04 from Ubuntu 25.10 today. Ubuntu 24.04 LTS systems will be offered the standard upgrade path after Ubuntu 26.04.1 is released. If you are running an older release, you must first upgrade to Ubuntu 22.04 and then to 24.04 before continuing.

Make sure you have a working internet connection before starting.

Back Up Your Data #

Before starting a major version upgrade, make sure you have a complete backup of your data. If you are running Ubuntu on a virtual machine, take a full system snapshot so you can restore quickly if anything goes wrong.

Update Currently Installed Packages #

Before starting the release upgrade, bring your existing system fully up to date.

Check whether any packages are marked as held back, as they can interfere with the upgrade:

sudo apt-mark showhold

An empty output means there are no held packages. If there are held packages, unhold them with:

sudo apt-mark unhold package_name

Refresh the package index and upgrade all installed packages:

sudo apt update
sudo apt upgrade

Perform a full distribution upgrade to resolve any remaining dependency changes:

sudo apt full-upgrade

Remove automatically installed dependencies that are no longer needed:

sudo apt --purge autoremove

Upgrade to Ubuntu 26.04 LTS #

You can upgrade from the command line using do-release-upgrade, which works for both desktop and server installations.

do-release-upgrade is part of the update-manager-core package, which is installed by default on most Ubuntu systems. If it is not present, install it first:

sudo apt install update-manager-core

If you are upgrading over SSH, do-release-upgrade may start an additional SSH daemon on port 1022 so you can reconnect if the main session drops. If you use a firewall, you may need to open that port temporarily:

sudo ufw allow 1022/tcp

To begin the release upgrade, run:

sudo do-release-upgrade

If Ubuntu does not offer the new release yet, follow the standard supported rollout for your current version. This guide covers the normal upgrade path.

The tool will disable third-party repositories, update the apt sources to point to the Ubuntu 26.04 repositories, and begin downloading the required packages.

You will be prompted several times during the process. When asked whether services should be automatically restarted, type y. When asked about configuration files, type Y to accept the package maintainer’s version if you have not made custom changes; otherwise keep your current version to avoid losing your customizations.

The upgrade runs inside a GNU screen session and will automatically re-attach if the connection drops.

The process may take some time depending on the number of packages, your hardware, and your internet speed.

Once the new packages are installed, the tool will ask whether to remove obsolete software. Type d to review the list first, or y to proceed with removal.

When the upgrade finishes, you will be prompted to restart the system. Type y to reboot and complete the upgrade.

Verify the Upgrade #

After the system boots, log in and check the Ubuntu version :

lsb_release -a

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 26.04 LTS
Release: 26.04
Codename: resolute

You can also confirm the kernel version:

uname -r

The output should show a 7.0.x kernel.

Troubleshooting #

Third-party repository errors during apt update
The upgrade tool disables third-party repositories automatically. If you see errors before running do-release-upgrade, disable the affected sources under /etc/apt/sources.list.d/ and re-enable them one by one after the upgrade completes.

“Packages have been kept back”
Run sudo apt full-upgrade to resolve held-back packages before starting the upgrade. Do not proceed with do-release-upgrade until there are no held packages.

SSH connection drops mid-upgrade
The upgrade runs inside a GNU screen session. Reconnect over SSH and run sudo screen -r to re-attach to the running session.

A service or container does not work after the reboot
If something that worked before the upgrade fails afterward, check its status and logs first. Run systemctl status service_name and journalctl -xe for services, and review your container runtime logs and configuration for Docker or containerd workloads. Third-party packages and older configurations sometimes need updates after a major release upgrade.

GNOME desktop shows only Wayland sessions
Ubuntu 26.04 drops the X11 GNOME session. If you relied on an X11 desktop session, applications that do not support Wayland natively will run through XWayland automatically. For most applications this is transparent, but some older tools may behave differently.

Conclusion #

Your system is now running Ubuntu 26.04 LTS Resolute Raccoon. Re-enable any third-party repositories you disabled before the upgrade and verify that your critical services are running. For a full list of known issues and changes, see the official Ubuntu 26.04 release notes .

If you are setting up a new Linux server, Debian and Ubuntu are usually the two options that come up first. Both are mature, well-supported, and used across everything from small VPS deployments to large production environments. They also share the same package format and package manager, so the day-to-day administration feels familiar on both.

The decision usually comes down to tradeoffs: Debian gives you a leaner and more conservative base, while Ubuntu gives you newer defaults, a broader support ecosystem, and easier onboarding. This guide shows where those differences matter in practice.

Shared Foundation #

Ubuntu is built on top of Debian. Canonical (the company behind Ubuntu) takes a snapshot of Debian’s unstable branch every six months, applies its own patches and defaults, and publishes a new Ubuntu release.

Because of this shared lineage, the two distributions have a lot in common:

• Both use apt and dpkg for package management.
• Both use systemd as the init system.
• Both use .deb packages, and many third-party vendors ship a single .deb that works on either distribution.
• Configuration file locations, service management commands, and filesystem layout follow the same conventions.

If you already know one, you can work comfortably on the other with very little adjustment.

Release Cycle and Support #

The biggest practical difference between Debian and Ubuntu is how often they release and how long each release is supported.

Debian does not follow a fixed release schedule. A new stable version ships roughly every two years, but only when the release team considers it ready. Each stable release receives approximately three years of full security support from the Debian Security Team, followed by about two more years of extended support through the Debian LTS project. Debian 13 (Trixie), released in August 2025, is the current stable version as of this writing. Debian 12 (Bookworm), released in June 2023, is now oldstable.

Ubuntu follows a predictable time-based schedule. A new version ships every six months (April and October), and every two years the April release is designated a Long-Term Support (LTS) version. LTS releases receive five years of free security updates, extendable to ten years through Ubuntu Pro (free for up to five machines for personal use). Ubuntu 24.04 LTS (Noble Numbat) is the current LTS release.

If you want a release calendar you can plan around years in advance, Ubuntu is easier to work with. If you prefer a slower release model that puts stability first, Debian is usually the better choice.

Package Freshness vs Stability #

Debian Stable freezes all package versions at release time. Once Bookworm shipped, its packages only receive security patches and critical bug fixes, never feature updates. This means you will not encounter unexpected behavior changes after a routine apt upgrade, but it also means you may be running older versions of languages, databases, or runtimes for the life of the release.

Ubuntu LTS takes a similar approach to stability, but because it pulls from a more recent Debian snapshot and applies its own patches, LTS packages tend to be slightly newer at release time. Ubuntu also offers PPAs (Personal Package Archives) as an official mechanism for installing newer software outside the main repository, though mixing PPAs with production servers carries its own risks.

Both distributions offer backports repositories for users who need specific newer packages without upgrading the entire system.

For server workloads where you install most software through containers or version managers (for example, nvm for Node.js or pyenv for Python), base package age matters less. The distribution becomes a stable foundation, and you manage application-level versions separately.

Default Installation and Setup #

Ubuntu Server ships with a guided installer (Subiquity) that walks you through disk layout, networking, user creation, and optional snap-based packages like Docker. It installs a small but functional set of tools by default and can import your SSH keys from GitHub or Launchpad during setup.

Debian’s installer is more traditional. It offers the same configuration options, but the interface is text-based and expects you to make more decisions yourself. The resulting system is leaner; Debian installs very little beyond the base system unless you explicitly select additional task groups during installation.

If you provision servers with tools like Ansible, Terraform, or cloud-init, the installer matters less because you will not spend much time in it after the first boot. It matters more for quick manual deployments and local VMs, where Ubuntu usually gets you to a usable system faster.

Commercial Support and Cloud Ecosystem #

Canonical offers paid support contracts, compliance certifications (FIPS, CIS benchmarks), and a managed services tier for Ubuntu. Ubuntu Pro extends security patching beyond the main repository and adds kernel livepatch for rebootless security updates. That matters most for teams with uptime targets, compliance requirements, or formal support needs.

Debian is entirely community-driven. There is no single company behind it, and there is no commercial support offering from the project itself. Third-party consultancies provide Debian support, but the ecosystem around it is smaller.

In the cloud, Ubuntu has a strong lead in first-party image availability. Every major provider (AWS, Google Cloud, Azure, DigitalOcean, Hetzner) offers official Ubuntu images, and many default to Ubuntu when launching a new instance. Debian images are also available on all major platforms, but Ubuntu tends to receive new platform features and optimized images first.

For container base images, both are widely used. Debian slim images are a popular choice for minimal Docker containers, while Ubuntu images are common when teams want closer parity between their server OS and their container environment.

Security #

Both distributions have strong security track records. The Debian Security Team and the Ubuntu Security Team publish advisories and patches regularly, and both maintain clear processes for reporting and fixing vulnerabilities.

The key difference is scope. Ubuntu LTS includes five years of standard security maintenance for packages in the Main repository. Ubuntu Pro extends coverage to Main and Universe, effectively the full Ubuntu archive. Debian’s security team focuses on the main repository, and Debian’s LTS team covers only a subset of packages during the extended support period.

For kernel security, Ubuntu offers kernel livepatch through Ubuntu Pro, which applies critical kernel fixes without a reboot. Debian does not have an equivalent service built into the project, though third-party solutions exist.

In practice, both distributions are secure when properly maintained. The difference is in how much of the maintenance is handled for you and for how long.

When to Choose Debian #

Choose Debian when you want:

• Maximum stability with few surprises after upgrades. Debian Stable is one of the most conservative general-purpose distributions available.
• A minimal base system that you build up yourself. Debian installs very little by default, which keeps the system lean and gives you tighter control over what runs on the server.
• No vendor dependency. Debian is maintained by a community of volunteers and governed by a social contract. There is no single company setting the direction of the project.
• A lightweight container base. Debian slim images are a common choice when image size matters.

Debian is often the better fit for long-running infrastructure, self-managed servers, and setups where predictability matters more than convenience.

When to Choose Ubuntu #

Choose Ubuntu when you want:

• Faster time to a working server. The installer and default configuration get you to a usable system quickly, especially on cloud platforms where Ubuntu images are often the default.
• Longer official support. Five years of free LTS support (ten with Ubuntu Pro) gives you a wider upgrade window than Debian’s default support period.
• Commercial backing. If your organization requires vendor support contracts, compliance certifications, or managed services, Canonical provides them.
• Broader documentation and community. Ubuntu’s larger user base means you will usually find more tutorials, examples, and third-party guides written for it.
• Cloud-heavy workflows. First-party cloud images and strong cloud-init support make Ubuntu an easy default for many hosted deployments.

Ubuntu is often the easier choice for cloud deployments, teams that need commercial support, and environments where onboarding speed matters.

Side-by-Side Summary #

FAQ #

Can I migrate a server from Ubuntu to Debian or vice versa?
It is technically possible but not straightforward. The distributions share the same package format, but they differ in package versions, configuration defaults, and init scripts. A clean reinstall with configuration management (Ansible, Puppet, or similar) is the safer path. Plan the migration as a new deployment rather than an in-place conversion.

Do Debian and Ubuntu run the same software?
For the most part, yes. Most common server software is available on both Debian and Ubuntu, whether through the official repositories, vendor-provided .deb packages, containers, or upstream binaries. That said, package versions, repository availability, and vendor support can differ between the two distributions and between releases.

Which is better for Docker and containers?
Both work well as Docker hosts. Installing Docker follows nearly the same steps on either distribution. For base images inside containers, Debian slim images are slightly smaller, while Ubuntu images offer closer parity with Ubuntu-based host systems. The difference is marginal for most workloads.

Which is more secure?
Neither is inherently more secure than the other. Both have dedicated security teams and fast patch turnaround. Ubuntu Pro extends patching to a wider package set and adds kernel livepatch, which can matter in environments with strict uptime or compliance requirements. On a properly maintained server, both are equally secure.

Conclusion #

Debian and Ubuntu are close enough that you can run the same kinds of workloads on either one. If you want the more conservative and self-managed option, pick Debian. If you want faster onboarding, broader vendor support, and a smoother cloud path, pick Ubuntu.

A firewall is a tool for monitoring and filtering incoming and outgoing network traffic. It works by defining a set of security rules that determine whether to allow or block specific traffic.

Ubuntu ships with a firewall configuration tool called UFW (Uncomplicated Firewall). It is a user-friendly front-end for managing iptables firewall rules. Its main goal is to make managing a firewall easier or, as the name says, uncomplicated.

This article describes how to use the UFW tool to configure and manage a firewall on Ubuntu 24.04. A properly configured firewall is one of the most important aspects of overall system security.

Prerequisites #

Only root or users with sudo privileges can manage the system firewall. The best practice is to run administrative tasks as a sudo user.

Install UFW #

UFW is part of the standard Ubuntu 24.04 installation and should be present on your system. If for some reason it is not installed, you can install the package by typing:

sudo apt update
sudo apt install ufw

Check UFW Status #

UFW is disabled by default. You can check the status of the UFW service with the following command:

sudo ufw status verbose

The output will show that the firewall status is inactive:

Status: inactive

If UFW is activated, the output will look something like the following:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

UFW Default Policies #

The default behavior of the UFW firewall is to block all incoming and forwarding traffic and allow all outbound traffic. This means that anyone trying to access your server will not be able to connect unless you specifically open the port. Applications and services running on your server will be able to access the outside world.

The default policies are defined in the /etc/default/ufw file and can be changed either by manually modifying the file or with the sudo ufw default <policy> <chain> command.

Firewall policies are the foundation for building more complex and user-defined rules. Generally, the initial UFW default policies are a good starting point.

Application Profiles #

An application profile is a text file in INI format that describes the service and contains firewall rules for the service. Application profiles are created in the /etc/ufw/applications.d directory during the installation of the package.

You can list all application profiles available on your server by typing:

sudo ufw app list

Depending on the packages installed on your system, the output will look similar to the following:

Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH

To find more information about a specific profile and included rules, use the following command:

sudo ufw app info 'Nginx Full'

The output shows that the ‘Nginx Full’ profile opens ports 80 and 443.

Profile: Nginx Full
Title: Web Server (Nginx, HTTP + HTTPS)
Description: Small, but very powerful and efficient web server
Ports:
80,443/tcp

You can also create custom profiles for your applications.

Enabling UFW #

If you are connecting to your Ubuntu server from a remote location, before enabling the UFW firewall you must explicitly allow incoming SSH connections. Otherwise, you will no longer be able to connect to the machine.

To configure your UFW firewall to allow incoming SSH connections, type the following command:

sudo ufw allow ssh

Rules updated
Rules updated (v6)

If SSH is running on a non-standard port , you need to open that port.

For example, if your ssh daemon listens on port 7722, enter the following command to allow connections on that port:

sudo ufw allow 7722/tcp

Now that the firewall is configured to allow incoming SSH connections, you can enable it by typing:

sudo ufw enable

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

You will be warned that enabling the firewall may disrupt existing ssh connections; type y and hit Enter.

Opening Ports #

Depending on the applications that run on the system, you may also need to open other ports. The general syntax to open a port is as follows:

ufw allow port_number/protocol

Below are a few ways to allow HTTP connections.

The first option is to use the service name. UFW checks the /etc/services file for the port and protocol of the specified service:

sudo ufw allow http

You can also specify the port number and the protocol:

sudo ufw allow 80/tcp

When no protocol is given, UFW creates rules for both tcp and udp.

Another option is to use the application profile; in this case, ‘Nginx HTTP’:

sudo ufw allow 'Nginx HTTP'

UFW also supports another syntax for specifying the protocol using the proto keyword:

sudo ufw allow proto tcp to any port 80

Port Ranges #

UFW also allows you to open port ranges. The start and the end ports are separated by a colon (:), and you must specify the protocol, either tcp or udp.

For example, if you want to allow ports from 7100 to 7200 on both tcp and udp, run the following commands:

sudo ufw allow 7100:7200/tcp
sudo ufw allow 7100:7200/udp

Specific IP Address and Port #

To allow connections on all ports from a given source IP, use the from keyword followed by the source address.

Here is an example of allowlisting an IP address:

sudo ufw allow from 64.63.62.61

If you want to allow the given IP address access only to a specific port, use the to any port keyword followed by the port number.

For example, to allow access on port 22 from a machine with IP address 64.63.62.61, enter:

sudo ufw allow from 64.63.62.61 to any port 22

Subnets #

The syntax for allowing connections to a subnet of IP addresses is the same as when using a single IP address. The only difference is that you need to specify the netmask.

Below is an example showing how to allow access for IP addresses ranging from 192.168.1.1 to 192.168.1.254 to port 3306 (MySQL):

sudo ufw allow from 192.168.1.0/24 to any port 3306

Specific Network Interface #

To allow connections on a particular network interface, use the in on keyword followed by the name of the network interface:

sudo ufw allow in on eth2 to any port 3306

Denying Connections #

The default policy for all incoming connections is set to deny, and if you have not changed it, UFW will block all incoming connections unless you specifically open the connection.

Writing deny rules is the same as writing allow rules; you only need to use the deny keyword instead of allow.

Say you opened ports 80 and 443, and your server is under attack from the 23.24.25.0/24 network. To deny all connections from that network, run:

sudo ufw deny from 23.24.25.0/24

To deny access only to ports 80 and 443 from 23.24.25.0/24, use the following command:

sudo ufw deny proto tcp from 23.24.25.0/24 to any port 80,443

Deleting UFW Rules #

There are two ways to delete UFW rules: by rule number, and by specifying the actual rule.

Deleting rules by rule number is easier, especially when you are new to UFW. To delete a rule by number, first find the number of the rule you want to delete. To get a list of numbered rules, use the ufw status numbered command:

sudo ufw status numbered

Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 80/tcp ALLOW IN Anywhere
[ 3] 8080/tcp ALLOW IN Anywhere

To delete rule number 3, the one that allows connections to port 8080, enter:

sudo ufw delete 3

The second method is to delete a rule by specifying the actual rule. For example, if you added a rule to open port 8069 you can delete it with:

sudo ufw delete allow 8069

Disabling UFW #

If you want to stop UFW and deactivate all the rules, use:

sudo ufw disable

To re-enable UFW and activate all rules, type:

sudo ufw enable

Resetting UFW #

Resetting UFW will disable it and delete all active rules. This is helpful if you want to revert all your changes and start fresh.

To reset UFW, run the following command:

sudo ufw reset

IP Masquerading #

IP Masquerading is a variant of NAT (network address translation) in the Linux kernel that translates network traffic by rewriting the source and destination IP addresses and ports. With IP Masquerading, you can allow one or more machines in a private network to communicate with the internet using one Linux machine that acts as a gateway.

Configuring IP Masquerading with UFW involves several steps.

First, you need to enable IP forwarding. To do that, open the /etc/ufw/sysctl.conf file:

sudo nano /etc/ufw/sysctl.conf

Find and uncomment the line which reads net.ipv4.ip_forward=1:

net.ipv4.ip_forward=1

Next, you need to configure UFW to allow forwarded packets. Open the UFW configuration file:

sudo nano /etc/default/ufw

Locate the DEFAULT_FORWARD_POLICY key, and change the value from DROP to ACCEPT:

DEFAULT_FORWARD_POLICY="ACCEPT"

Now you need to set the default policy for the POSTROUTING chain in the nat table and the masquerade rule. To do so, open the /etc/ufw/before.rules file:

sudo nano /etc/ufw/before.rules

Append the following lines:

#NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic through eth0 - Change to public network interface
-A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

Replace eth0 in the -A POSTROUTING line with the name of your public network interface.

When you are done, save and close the file. Finally, reload the UFW rules:

sudo ufw disable
sudo ufw enable

Troubleshooting #

UFW blocks SSH after enabling it
If you enabled UFW without first allowing SSH, you will lose access to a remote server. To recover, you need console access (via your hosting provider’s web console) and run sudo ufw allow ssh followed by sudo ufw enable. Always allow SSH before enabling UFW on a remote machine.

Rules not active after ufw reset
After a reset, UFW is disabled and all rules are cleared. You need to re-add your rules and run sudo ufw enable to bring the firewall back up.

IPv6 rules not created
If ufw status shows rules only for IPv4, check that IPV6=yes is set in /etc/default/ufw, then run sudo ufw disable && sudo ufw enable to reload the configuration.

Application profile not found
If sudo ufw allow 'Nginx Full' returns an error, the profile may not be installed yet. Install the relevant package first (for example, nginx), then retry.

Conclusion #

We have shown you how to install and configure a UFW firewall on your Ubuntu 24.04 server. For a full reference of UFW commands and options, see the UFW man page .

Both apt and apt-get manage packages on Debian-based systems. They talk to the same package database, resolve the same dependencies, and pull from the same repositories. Yet they exist as separate tools, and choosing the wrong one in the wrong context can cause minor headaches.

This guide explains how apt and apt-get differ, when to use each one, and how their commands map to each other.

Why Two Tools Exist #

apt-get has been the standard Debian package manager since 1998. It is reliable and well-documented, but its interface was designed for an era when terminal usability was an afterthought. Related tasks like searching and showing package details live in a separate tool called apt-cache, so users constantly switch between the two.

The apt command was introduced in Debian 8 and Ubuntu 14.04 (APT version 1.0, released in 2014) as a user-friendly front end. It combines the most common apt-get and apt-cache operations into a single command, adds a progress bar, and uses colored output by default.

Both tools are part of the same apt package and share the same underlying libraries. Installing one always installs the other.

User-Facing Differences #

When you run apt install in a terminal, you will notice a few things that apt-get does not do:

• A progress bar at the bottom of the screen shows overall download and install progress.
• Newly installed packages are highlighted in the output.
• The number of upgradable packages is shown after apt update finishes.
• Output is formatted with color when connected to a terminal.

These features make apt more pleasant for interactive use. They also make its output less predictable for scripts, since the formatting can change between APT versions without warning. The apt man page states this explicitly: the command line interface of apt “may change between versions” and “should not be used in scripts.”

apt-get, on the other hand, guarantees a stable output format. Its behavior and exit codes are consistent across versions, which is why automation tools like Ansible, Docker, and CI pipelines use apt-get rather than apt.

Command Comparison #

The table below maps the most common apt commands to their apt-get or apt-cache equivalents:

As you can see, apt merges apt-get and apt-cache into one tool and adds a few convenience commands like apt list and apt edit-sources that have no direct apt-get equivalent.

When to Use apt #

Use apt for everyday interactive work in the terminal. If you are installing a package, checking for updates, or searching the repository by hand, apt is the better choice. The progress bar and cleaner output make it easier to follow what is happening.

For example, to update your package index and upgrade all packages:

sudo apt update && sudo apt upgrade

To search for a package and then install it:

apt search nginx

sudo apt install nginx

When to Use apt-get #

Use apt-get in shell scripts, Dockerfiles, CI pipelines, and any automated workflow. The stable output format means your scripts will not break when the system upgrades to a newer APT version.

A typical Dockerfile uses apt-get with the -y flag to skip confirmation prompts:

RUN apt-get update && apt-get install -y \
 curl \
 git \
 && rm -rf /var/lib/apt/lists/*

The same applies to Bash scripts and configuration management tools. If the command runs without a human watching the output, use apt-get.

Advanced Operations #

The commands below work with both apt and apt-get, but they are better documented and more established under apt-get. In scripts and Dockerfiles, prefer the apt-get form for consistency and stability.

• apt-get install --no-install-recommends pkg — Install a package without pulling in recommended (but not required) dependencies. This is widely used in Docker images to keep the image size small.
• apt-get install --allow-downgrades pkg — Allow installing an older version of a package.
• apt-get build-dep pkg — Install all build dependencies needed to compile a package from source.
• apt-get source pkg — Download the source package.
• apt-get download pkg — Download the .deb file without installing it.
• apt-get changelog pkg — Display the package changelog.
• apt-get clean / apt-get autoclean — Clear the local package cache.

FAQ #

Is apt-get deprecated? No. apt-get is actively maintained and receives updates alongside apt. The APT developers have stated that apt-get will not be removed. It remains the recommended tool for scripts and automation.

Can I replace all apt-get commands with apt? For interactive terminal use, yes. For scripts, no. The apt output format is not guaranteed to remain stable, and its interface may change between versions. Stick with apt-get in any automated workflow.

Is there a performance difference between apt and apt-get? No. Both tools use the same libraries and resolve dependencies the same way. The only difference is the user interface. Install and download speeds are identical.

What about apt-cache? Is it still needed? For interactive use, apt search and apt show replace the most common apt-cache operations. For scripts or when you need advanced query options like apt-cache policy or apt-cache depends, you should still use apt-cache directly.

Conclusion #

Use apt when you are typing commands at a terminal, and apt-get when you are writing scripts or Dockerfiles. For a complete reference of apt subcommands, see the apt Command in Linux guide and the APT cheatsheet .