Joe is a completely novice Web developer who sets up an Apache server on its defaults, which include collection of log files which basically say "this specific file was requested by this specific IP address using this specific client string at this specific time, and the request succeeded/failed." Joe might not even be aware of this logging and might not ever use it.
Joe's Web site is Web 1.0: information published in a form others can read. It has no capabilities for typical users to create an account, log in, or enter data beyond the HTTP GET requests their browser automatically sends when the user navigates to/from/on the site. It doesn't even need cookies.
Joe's server and operations are outside the EU and his primary target audience may be too (e.g. Joe is a local activist in a non-EU country, and the Web site is that of the activist group, or a small nonprofit, or even a local restaurant which might serve ethnic food from a specific European tradition). However, it may be that some people in the EU are interested in what Joe is saying/doing, and visit Joe's web site to read what's posted there.
This page and others I've seen indicates that IP addresses are considered personal information under GDPR. It seems that Joe's server is collecting that data without notice and consent from each user.
It doesn't seem that this site would qualify as "purely personal" in the same way as a personal blog might.
Is Joe in violation of GDPR, just for having posted a simple Web site with an Apache server on defaults?