What Ubuntu 20.04 LTS Brings to Server Environments

Ubuntu 20.04 LTS, codenamed Focal Fossa, arrived in April 2020 as the next long-term support release after Ubuntu 18.04. For server administrators and anyone managing web hosting infrastructure, this release introduced meaningful changes to the default toolchain, system services, and network configuration that affect how you deploy and maintain servers in production environments.

This guide covers what actually changed in Ubuntu 20.04 LTS, what those changes mean in practice, and how to decide whether upgrading from 18.04 makes sense for your current setup.

Base System Toolchain Changes

Ubuntu 20.04 ships with Python 3.8 as the default Python installation, GCC 9 as the default compiler, and Glibc 2.31 as the C library. If you run custom applications compiled against these libraries, you may notice behaviour differences from Ubuntu 18.04 which used Python 3.6, GCC 7, and Glibc 2.27.

The updated toolchain brings performance improvements and access to newer language features, but it also means that any software you compile from source may behave differently. Test applications thoroughly after upgrading or migrating to 20.04.

Netplan Is Now the Default Network Configuration

Ubuntu 18.04 introduced Netplan as an option for network configuration, and Ubuntu 20.04 makes it the default and recommended approach. Netplan uses YAML configuration files in /etc/netplan/ to define network settings, which are then rendered to the appropriate configuration for either systemd-networkd or NetworkManager.

The traditional /etc/network/interfaces file is still honoured and will work if you prefer that method, but Netplan is now the primary interface for network configuration on new installations. If you are comfortable using Netplan from 18.04, the behaviour in 20.04 is identical.

If you are still managing network settings through /etc/network/interfaces, plan the migration to Netplan before performing a major upgrade. Running both systems side by side can cause unexpected conflicts. The Netplan configuration below shows a typical static IP setup for a server interface.

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4

Apply the configuration with sudo netplan apply and check that your network connection remains stable before considering the migration complete.

WireGuard VPN Support in the Default Kernel

One of the most practical additions in Ubuntu 20.04 is native WireGuard support in the default kernel. WireGuard is a modern VPN protocol designed to be simpler and faster than traditional options like OpenVPN and IPSec. In Ubuntu 18.04, installing WireGuard required adding a third-party PPA, but in 20.04 you can install it directly from the standard repositories.

sudo apt install wireguard

This simplifies server setup significantly when you need a lightweight VPN for secure remote access or site-to-site connections. The WireGuard installation and configuration process is the same on Ubuntu 20.04 as on 18.04 with the PPA, but you skip the repository addition step entirely.

WireGuard is well-suited for securing traffic between servers, connecting remote workers to a private network, or establishing encrypted tunnels for services that should not be exposed publicly. As with any VPN configuration, ensure your firewall rules are correctly configured to allow WireGuard traffic on the chosen port.

PHP Version Options in Ubuntu 20.04

Ubuntu 20.04 ships with PHP 7.4 as the default version available in its repositories. PHP 7.4 was the current stable release at the time and offers good performance alongside broad compatibility with existing applications. PHP 8.0 is available through the ondrej PHP PPA if you need access to newer PHP features or are developing with a more recent version.

sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php8.0-fpm php8.0-mysql php8.0-xml php8.0-mbstring

If you are running WordPress sites or other PHP applications, check plugin and theme compatibility before upgrading to PHP 8.0. Most popular plugins support PHP 8.0, but some older or less-maintained plugins may encounter compatibility issues. Testing on a staging environment before applying any PHP version changes to production is strongly recommended.

The PHP 8 release brought significant changes including named arguments, attributes, union types, and match expressions. For a detailed look at what the PHP 8 series introduced and how to handle the migration process, the PHP 8 upgrade guide covers the key changes and compatibility considerations in more depth.

MariaDB 10.3 Replaces MySQL as Default

Like Ubuntu 18.04, Ubuntu 20.04 ships with MariaDB rather than MySQL as the default database server. MariaDB 10.3 is the default version in the repositories. MariaDB is a community-developed fork of MySQL that maintains backward compatibility while offering its own enhancements.

If you specifically need MySQL from Oracle rather than MariaDB, you can install it from the official MySQL APT repository. The following commands download and install the MySQL APT configuration package, which lets you choose the specific MySQL version and components you want to install.

wget https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb
sudo dpkg -i mysql-apt-config_0.8.15-1_all.deb
sudo apt update
sudo apt install mysql-server

When installing MySQL this way, the configuration tool presents an interactive prompt where you can select the MySQL version and whether to include additional components such as the MySQL server, client tools, or database common files.

Be aware that switching between MariaDB and MySQL on an existing server with databases requires careful handling. Export your data before making the switch, verify the exports, and test restoration with your chosen database engine before relying on it in production.

AppArmor Is Enabled More Aggressively by Default

Ubuntu has used AppArmor for mandatory access control since 2006, but Ubuntu 20.04 enables it more aggressively by default for a wider range of system services. AppArmor restricts what processes can do on the system, which limits the potential blast radius if a service is compromised or exploited.

Most services run correctly with AppArmor enabled without any additional configuration. If you install custom software that behaves unexpectedly after upgrading from an older Ubuntu version, checking AppArmor denial logs can help identify whether the security framework is blocking legitimate operations.

sudo cat /var/log/syslog | grep apparmor | tail -20

This command shows the most recent AppArmor denial entries from the system log. Look for entries related to your application to understand what resources it is trying to access that AppArmor is preventing.

While debugging, you can put individual profiles into complain mode, which logs violations without enforcing restrictions. This allows the application to function while you investigate.

sudo aa-complain /usr/sbin/program_name

Once you have resolved any issues, return the profile to enforce mode with sudo aa-enforce /usr/sbin/program_name. For more general guidance on securing Ubuntu servers, the Ubuntu server hardening guide covers the first steps to take on a new installation, including firewall configuration and access control.

Systemd Improvements in Version 245

Ubuntu 20.04 ships with systemd 245, which introduced several improvements to service management and system logging. The systemd-analyze command provides better diagnostics for slow boot times, helping you identify which services are delaying the startup process.

systemd-analyze time
systemd-analyze blame

The first command shows the total boot time broken down into kernel space and user space. The second lists services in order of how long each took to start during the most recent boot. This information is useful when optimising server boot performance or investigating unexpected delays.

The systemctl reboot --force command performs a faster reboot by skipping some shutdown operations. This is useful in testing environments but is not recommended for production systems where you want services to shut down cleanly and properly.

Upgrading from Ubuntu 18.04 to 20.04

The recommended approach for major LTS upgrades is a fresh installation rather than an in-place upgrade using do-release-upgrade. In-place upgrades can leave residual configuration from the previous version that causes subtle problems, especially with custom software or non-standard package configurations.

If you must upgrade in place, the process involves updating your current installation first, then running the distribution upgrade tool.

sudo apt update
sudo apt upgrade
sudo apt dist-upgrade
sudo do-release-upgrade

Before upgrading, test on a staging environment that mirrors your production setup. Verify the following items to reduce the risk of issues when you apply the upgrade to production.

  • Service startup: Confirm that all services start correctly after the upgrade completes.
  • Custom configurations: Verify that custom settings in /etc are preserved and still working as expected.
  • PHP compatibility: Check that your applications run correctly with the PHP version available after upgrade.
  • Database compatibility: If using MariaDB, verify that your databases are accessible and that queries produce expected results.
  • Firewall rules: Confirm that ufw or iptables rules are intact and functioning.
  • Network configuration: Test that Netplan or interface configurations are applied correctly and that network connectivity is stable.

Back up the server before upgrading. If you are using a cloud provider with snapshot capabilities, create a snapshot before proceeding. Verify that your backup is restorable before touching the production system.

WireGuard and Remote Access Considerations

Setting up remote access securely is an important part of any server management strategy. WireGuard provides a lightweight option for encrypted communication, but it is worth considering your full remote access setup including SSH configuration when hardening a new or upgraded server. The guide to securing SSH on Ubuntu covers key-based authentication, port changes, and tools like fail2ban to reduce the risk of brute force attempts.

Whether to Upgrade Now or Stay on Ubuntu 18.04

Ubuntu 18.04 receives standard support until April 2023 and extended security maintenance until April 2028. There is no immediate pressure to upgrade from 18.04 to 20.04 if your server is stable and your applications are working correctly.

Consider upgrading when one or more of the following applies: you need a software version that is not available on 18.04, you are setting up a new server and want the latest LTS baseline, or your current hardware or software situation warrants a fresh start. For most web server workloads, both 18.04 and 20.04 are solid choices today.

If you are running containerised workloads, Docker has become the standard for deploying web applications on Ubuntu servers. The practical guide to Docker for web applications covers when containerisation makes sense and how it compares to traditional hosting approaches.

Making the Right Choice for Your Server

Ubuntu 20.04 LTS remains a capable and well-supported release for server environments. The changes introduced in this version, from native WireGuard support to updated default software versions, reflect practical improvements that affect how you set up and maintain servers today.

If you are running Ubuntu 18.04 and your setup is stable, there is no urgent need to change. If you are deploying a new server, Ubuntu 20.04 or 22.04 both offer strong LTS baselines with long support windows. Evaluate your software requirements, test your applications in a non-production environment, and plan the migration or deployment carefully before making changes to systems that matter.

If you need help reviewing your current server setup, preparing a short note with your Ubuntu version, installed packages, and any specific issues you are encountering will make it easier to assess what steps, if any, are worth taking next.