How to set up automatic updates on Ubuntu server

How to set up automatic updates on Ubuntu server

Introduction

Setting up automatic updates can be a daunting task. But fear not, this tutorial will help you set up automatic updates correctly in less than 10 minutes.


Before we start

Preface

While this tutorial is focused on Ubuntu Server, it can be used for many other distributions that use the same package manager, like Ubuntu Desktop, Debian, Linux Mint, etc.

Requirements

  • An Ubuntu server
  • An internet connection
  • Access to your server

Update

First you'll have to update to the latest package repository definition.

sudo apt update

Install

Then, we will need to install the package that does all the magic for us, unattended-upgrades.

sudo apt install -y unattended-upgrades

Chances are that you already have this package installed.


Configuration

Next step is to configure the package, lets start by opening the configuration file in the nano text editor.

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
// ...

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

// ...

You should read the configuration file to understand what it is doing, don't worry if you don't understand most things.

The important step is to uncomment the following lines.

// Required, updates common software
"${distro_id}:${distro_codename}-updates";

// Optional, removes unused packages when updating
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Optional, reboot automatically the system if needed at certain time
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";

You can search the file with ctrl + w

Then exit nano with ctrl + x and press Y to save modifications.


Enable

Now that everything is set up, lets enable the automatic updates. For this, you will need to configure one last file.

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

The file might be empty, in that case, just paste the following.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";

The values are specified in days, so auto-clean will happen every week and auto-updates every day.


Test

Let's test if everything is set up correctly.

sudo unattended-upgrades --dry-run

This will run unattended-upgrades without making any real change, making sure everything is correctly set up.


End

That was it, easy right?

What's next?

You might want to free up space on your server after all the updates are done!

Self-promotion

If you have found this useful then you should follow me, I will be posting more interesting content! 🥰

Or support me financially. 💸

Conclusion

Congratulations, today you have learned how to set up and configure automatic updates on your Ubuntu server thanks to the unattended-upgrades package.

Let me know if the tutorial was useful to you in the comments!