Ubuntu 24.04 LTS: Key Changes for Web Servers Compared to 22.04

Ubuntu 24.04 LTS (Noble Numbat) arrived in April 2024 as the latest long-term support release. For anyone managing web servers, the changes from 22.04 matter. Some are visible in daily operations, some sit under the surface, and some affect how you configure and maintain servers going forward. This guide covers the changes most relevant to a web hosting or application server environment, with practical steps you can apply before upgrading or provisioning new servers.

If you are currently running Ubuntu 22.04 and managing a LAMP stack, it is worth reviewing how the base platform has changed before planning any major updates. The good news is that Ubuntu 24.04 is a solid LTS release for web workloads, but there are several areas where familiar configurations no longer apply.

Netplan Becomes the Default Network Configuration

Ubuntu 24.04 makes Netplan the default for all server installations. In previous releases, manual network configuration via /etc/network/interfaces or direct systemd-networkd configuration was common on bare-metal and virtualised servers. Netplan abstracts network configuration into YAML files that are then rendered to the appropriate backend, whether that is systemd-networkd or NetworkManager.

If you are managing network configuration manually, you need to understand Netplan. Configuration lives in /etc/netplan/. A typical static IP configuration looks like this:

network:
  version: 2
  renderer: networkd
  ethernets:
    ens33:
      addresses:
        - 192.168.1.100/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4

After editing, apply the changes with:

sudo netplan apply

Cloud servers typically use DHCP by default. If you need a static IP on a cloud instance, the process differs from traditional bare-metal or virtualisation environments. Cloud interfaces are usually managed by cloud-init, and the DHCP configuration should be changed via the cloud platform console rather than locally. Setting a static IP manually on a cloud instance without updating the platform-level configuration can cause connectivity issues.

If you prefer the traditional /etc/network/interfaces approach, you can install the ifupdown package and configure it manually, but this is increasingly discouraged as Netplan is now the supported method.

OpenSSL 3.0 Default and TLS 1.3 Mandatory

Ubuntu 24.04 ships with OpenSSL 3.0 as the default, which has been the case since Ubuntu 22.10, but the LTS context means many more servers will now encounter it. OpenSSL 3.0 introduces the concept of providers and a more modular architecture for cryptographic operations. Most existing application code works without changes, but legacy applications using older OpenSSL calling patterns may need updates or recompilation.

TLS 1.3 is now the minimum supported version for most services. This is a meaningful security improvement. TLS 1.3 removes outdated cryptographic algorithms, reduces handshake latency, and has better resistance to downgrade attacks. Nginx and Apache configurations that previously required explicit configuration to enable TLS 1.3 now get it by default.

If you run services that need to connect to older systems with TLS 1.2 only, you may need to explicitly configure backward compatibility. Check the SSL configuration in Nginx:

ssl_protocols TLSv1.2 TLSv1.3;

And in Apache:

SSLProtocol +TLSv1.2 +TLSv1.3

When hardening your web server SSL settings, it is worth reviewing the broader security configuration alongside the TLS version. A comprehensive approach to web server security includes proper cipher suite selection, certificate management, and monitoring for deprecated configurations.

PHP 8.3 in the Default Repositories

Ubuntu 24.04 ships with PHP 8.3 as the default PHP version in the universe repository. PHP 8.0 and earlier have dropped from the official repositories. If your application relies on an older PHP version, you need to add a third-party repository such as ondrej/php to continue receiving security updates.

sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php8.2

Ubuntu 24.04 also includes PHP 8.3 with the native PHP-FPM package, making the transition from Apache mod_php to PHP-FPM more straightforward. If you are migrating from an older LTS with Apache and mod_php, test the application with PHP-FPM before the upgrade.

When setting up a web server with PHP support on Ubuntu, the PHP-FPM approach is now the recommended path. It offers better resource management and is easier to isolate per-site, which matters when you are running multiple applications on the same server.

AppArmor3 and Policy Changes

Ubuntu 24.04 uses AppArmor3 by default. AppArmor is a Linux security module that restricts programs to only the resources they need. The update from AppArmor 2 to AppArmor 3 is mostly internal, but some policy syntax has changed slightly. If you have custom AppArmor profiles in enforce mode, they may need minor adjustments.

Check if any custom profiles need updating:

sudo apparmor_status

The nginx and apache2 profiles in Ubuntu 24.04 have been updated to cover new paths and capabilities. If you run additional services like PHP-FPM, PostgreSQL, or custom applications with AppArmor enforcement, verify the profiles are loaded correctly after any upgrade.

If you are building new servers, AppArmor comes enabled by default and works well for standard web server workloads. For custom applications, writing a minimal AppArmor profile can reduce the blast radius if something goes wrong, though it requires careful testing.

Systemd-Owned /tmp and tmpfs

Ubuntu 24.04 configures /tmp to use systemd's tmp.mount by default, and on systems with sufficient RAM, it may be mounted as tmpfs (a RAM-based filesystem). This improves performance for applications that read and write many temporary files, but it has implications for disk-based monitoring and log analysis tools that expect /tmp to be on disk.

If you run monitoring agents that track /tmp usage, the tmpfs mount will show as a separate filesystem with different available space than a traditional disk partition. Adjust monitoring thresholds accordingly.

To check the current configuration:

df -h /tmp
systemctl status tmp.mount

If your application relies on large temporary files or expects /tmp to persist across reboots, tmpfs may not be appropriate. You can check if /tmp is currently tmpfs with mount | grep /tmp or disable the tmpfs mount by masking the tmp.mount unit, though this is not recommended for most workloads.

Python 3.12 Default

Python 3.12 is the default Python version in Ubuntu 24.04. Python 3.11 in Ubuntu 22.04 will receive security updates until 2027, but any new server builds will use 3.12 by default. Check that your Python applications and automation scripts are compatible with 3.12 before deploying to a 24.04 server.

python3 --version

If you have applications that require an older Python version, use pyenv or a virtual environment to manage multiple Python versions on the same server. This is particularly relevant for legacy applications or automation tooling that has not yet been updated.

Nginx and Apache Package Versions

Ubuntu 24.04 ships with Nginx 1.24 and Apache 2.4.58. Both are stable versions that include TLS 1.3 support and modern security hardening. If you use Ubuntu's packaged versions rather than upstream repositories, you are on these versions.

The key configuration difference in Apache 2.4.58 is the mod_ssl default behaviour. SSL compression is now disabled by default (it was previously disabled in the default config but not enforced at the module level). This is a security fix and should not affect normal operations.

For new server builds, these versions are solid choices. If you need newer features or specific modules, you may still need to use upstream repositories, but for most web hosting workloads the packaged versions are sufficient and benefit from the Ubuntu security update process.

Database Packages in Ubuntu 24.04

Ubuntu 24.04 includes MySQL 8.0.36 and PostgreSQL 16 as the default packaged versions. MariaDB is also available at version 10.11 as the Ubuntu-maintained package. These are all reasonable current versions for production use.

When migrating a database server from 22.04, the upgrade paths are:

  • MySQL 8.0: In-place upgrade is supported from 8.0.11 onwards. Run mysql_upgrade after the OS upgrade.
  • PostgreSQL 16: Dump and reload is the recommended path from PostgreSQL 14 on 22.04. The pg_upgrade tool works for same-major-version upgrades but not across multiple major versions.
  • MariaDB 10.11: Supports upgrade from 10.6 on Ubuntu 22.04. Run mysql_upgrade after the OS upgrade.

Database migrations are often the most sensitive part of an OS upgrade. Unexpected incompatibilities in stored procedures, character sets, or application queries can surface after the migration completes. This is why testing in a staging environment is essential before touching production data.

Firewalld as an Alternative

While UFW remains the recommended uncomplicated firewall tool for Ubuntu, Ubuntu 24.04 server ISOs now include firewalld as an alternative in the installer. The default is still UFW, but if you are building servers from minimal ISOs or using certain cloud images, verify which firewall backend is active:

sudo systemctl status ufw
sudo systemctl status firewalld

If firewalld is running instead of UFW and you have UFW rules configured, either migrate to firewalld or stop and disable firewalld and enable UFW:

sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo systemctl enable ufw
sudo ufw enable

For most single-server setups, UFW is simpler to manage. If you are running containers or more complex network topologies, firewalld may offer more granular control, but it also has a steeper learning curve.

SSH Configuration Changes to Consider

When upgrading to Ubuntu 24.04 or provisioning new servers, reviewing your SSH configuration is good practice. Ubuntu 24.04 ships with OpenSSH 9.x, which has deprecations for certain key exchange and host key algorithms. If you connect from older clients, you may encounter warnings or connection failures.

For servers accessible from the internet, disabling password authentication and using SSH keys is strongly recommended. Ubuntu 24.04 makes this straightforward to configure, and there are well-documented approaches to setting up secure key-based access.

What to Do Before Upgrading from Ubuntu 22.04

If you are upgrading an existing 22.04 server rather than provisioning fresh, complete these checks before starting the upgrade process:

  • Test application compatibility with PHP 8.3: Run your application in a staging environment with PHP 8.3 before upgrading the production server. Pay particular attention to deprecated function usage and type-related errors.
  • Review custom AppArmor profiles: If you have enforce mode profiles for custom applications, check for syntax changes before upgrading. Tools like aa-complain can help test profiles before putting them back into enforce mode.
  • Audit Python dependencies: Python 3.12 may have incompatibilities with older packages. Test in staging first, and check whether your automation tooling (Ansible, Fabric, scripts) is compatible.
  • Check MySQL and PostgreSQL upgrade paths: Plan the database upgrade carefully. Do not leave the database upgrade as an afterthought. Back up all databases before starting.
  • Take a full server snapshot: If using VMs or cloud servers, take a snapshot before upgrading so you can roll back cleanly if something goes wrong during the process.
  • Review /etc/security/limits.conf: Some tuning parameters that were previously accepted have been deprecated or tightened in Ubuntu 24.04 kernel defaults. Check your application logs for related warnings.
  • Verify external repository compatibility: If you use third-party repositories for Nginx, PHP, or other components, check that they support Ubuntu 24.04 before upgrading.

Upgrading a live web server is not a decision to rush. Taking time to test in a non-production environment first can prevent hours of downtime and stress later.

Provisioning New Ubuntu 24.04 Servers

If you are building new servers from scratch on Ubuntu 24.04, the experience is more straightforward than an in-place upgrade. You start with current packages, which means PHP 8.3, Python 3.12, and current versions of your chosen web server and database are available immediately.

For most web hosting setups, the provisioning workflow looks familiar: install your web server, configure PHP-FPM, set up your database, secure the server, and deploy your application. The difference is that the defaults are more modern and more secure out of the box.

When planning a new server build, consider whether you need any packages from third-party repositories. If your application requires a specific PHP version not in the default repositories, add the PPA early in your provisioning process.