Learn how to set up Proxmox unattended upgrades to automatically install security updates and patches on your Proxmox VE server. This complete tutorial covers everything from installation to configuration, ensuring your virtualization environment stays secure without manual intervention.
Commands used in this video
Ensure the package cache is up to date
Run the following command to make sure APT has a fully updated cache:
apt updateInstall the unattended-upgrades package
Use this command to install unattended-upgrades, the package that makes all of this work:
apt install unattended-upgradesEnable unattended-upgrades
After installing the package, run this command to enable unattended-upgrades:
sudo dpkg-reconfigure --priority=low unattended-upgradesCheck the status of unattended-upgrades
Check the status of the unattended-upgrades service to ensure that it’s enabled and running:
systemctl status unattended-upgradesStart and enable the unattended-upgrades service
If for some reason the previous command shows that unattended-upgrades is either disabled or stopped, this command will take care of both:
systemctl enable --now unattended-upgradesChange into the apt.conf.d directory
The /etc/apt/apt.conf.d directory contains most of the files we’ll need to edit, so navigate to that directory:
cd /etc/apt/apt.conf.dEdit the 20auto-upgrades file
Next, edit the 20auto-upgrades file to ensure that everything is enabled (each option should show 1):
nano 20auto-upgradesCopy 50unattended-upgrades to a new file
Most of the configuration we’ll need can be found in the 50unattended-upgrades file, but it could be overwritten by an update at some point. Instead of editing that file directly, make a copy of it:
cp 50unattended-upgrades 99unattended-upgradesEdit the 99unattended-upgrades file
Considering that 99unattended-upgrades has a higher number than 50unattended-upgrades, it will “override” it. We’ll edit that file to adjust the configuration to meet our needs:
nano 99unattended-upgradesEdit the apt-daily-upgrade timer
A systemd timer (apt-daily-upgrade.timer) kicks off the update process. Run this command to adjust when it starts:
systemctl edit apt-daily-upgrade.timerReload systemd
Run the following command to “reload” systemd, which will pick up changes we’ve made to some of the config files:
systemctl daemon-reloadRestart the unattended-upgrades service
Restart unattended-upgrades itself in order to ensure it loads all of our changes:
systemctl restart unattended-upgradesCheck the status of unattended-upgrades
Check the status of unattended-upgrades and ensure that it’s still running:
systemctl status unattended-upgradesPerform a “Dry Run” to test unattended-upgrades
To make sure everything is working properly, the following command will perform a “Dry Run” to simulate what will happen once an actual update triggers:
sudo unattended-upgrade --dry-run --debug