Unattended Upgrades on Ubuntu Server

Enable Automatic Security Updates on Ubuntu Server.

  1. Install unattended-upgrades library

    sudo apt install -y unattended-upgrades
  2. Configurate unattended-upgrades service

    sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

    Define updates you want to manage within the files. For example, to enable automatic security updates, make sure you have a different and correctly set section as follows:

    Unattended-Upgrade::Allowed-Origins {
        // Extended security maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        // "${distro_id}:${distro_codename}-updates";
        // "${distro_id}:${distro_codename}-proposed";
        // "${distro_id}:${distro_codename}-backports";
  3. Setting up automatic boot

    sudo nano /etc/apt/apt.conf.d/20auto-upgrades

    Set the configuration below within the file

    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Unattended-Upgrade "1";
    APT::Periodic::AutocleanInterval "7";
    Unattended-Upgrade::Remove-Unused-Dependencies "true";
    Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
    # This is the most important choice: auto-reboot.
    Unattended-Upgrade::Automatic-Reboot "true";
    Unattended-Upgrade::Automatic-Reboot-Time "02:00";
  4. Process the changes by restarting teh service

    sudo systemctl restart unattended-upgrades
  5. Check the service with a forced start

    sudo unattended-upgrade -d