Although you could just deploy a Web Server and forget about it, it is strongly recommended that you perform at least some package updates as security problems are discovered and patched.
The updating of an Ubuntu server is relatively simple and uses the “apt” (Advanced Package Tool).
apt vs apt-get
The older versions of this tool used the command “apt-get” but a newer *friendlier* version named “apt” has been part of Ubuntu since version 16 and is the one that you should probably be using for most purposes.
Update vs Upgrade
The apt tool keeps a list of available packages on your server. If you attempt to install a package, apt will see that the package is available and go through the download and installation process. If a new package is released by Ubuntu and you try to install it and the apt tool has never seen the package you will see a failure message.
Running the command “apt update” will contact the Ubuntu repositories and download a copy of the list of available packages.
The command “apt upgrade” will upgrade existing packages on your server.
Which to run? Searching online, you will find lots of advice suggesting to run “apt update” first followed by “apt upgrade”. If you run just “apt update” this will actually have no effect on your server except to download a list of all the current packages. If you run “apt upgrade”, you are about 98% likely to succeed in upgrading all of the packages on your machine to the latest version. The only time that this will not work is if an updated package depends on a new package that was just introduced.
There is no harm in running both commands, other than the update command will take a couple of minutes. Generally I just run the upgrade command and use update if there is a failure in one of the packages.
Automating the Upgrades
While it is possible to configure a server for automatic upgrades, I don’t really recommend it, especially if you are using any of the odd numbered Ubuntu releases (which are considered experiment and/or development). I recommend that you set aside the time to run the updates manually at a time that is convenient. I have seen student’s pick automatic updates only to have their server on the night before their final presentation download an update that conflicted with another package. Lucky for the students, I had suffered the same problem just a few days before and knew what changes had to be made.
I have approximately 10 Ubuntu servers that I maintain. Updates are done early on the first morning of the weekend. I also update the servers in “reverse critical order” (the most critical servers are updated last and only if the less critical servers succeed.
If you have only a single server, I would recommend keeping a local virtual machine as a clone that you can apply updates to before rolling updates to your reach machine.