Vhtforums
AI Assistant
Forums
VHT Forums
Proxmox help
Can I use unattende...
 
Notifications
Clear all

[Solved] Can I use unattended-upgrades on Proxmox?

 
Proxmox help
Last Post by Brandon Lee 1 year ago
1 Posts
1 Users
0 Reactions
3,997 Views
RSS
Brandon Lee
Posts: 689
 Brandon Lee
Admin
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
Feb 14, 2025 5:04 pm
(@brandon-lee)
Member
Joined: 16 years ago
[#415]

At the end of the day, Proxmox is based on Debian. So, it is nothing more than Debian underneath the hood. This means you can usethe unattended-upgrade process to automatically update your host with security updates. However, Proxmox-specific packages should not be updated automatically to avoid breaking your setup. Also, this could lead to unexpected reboots.

Let's see how to update and still exclude Proxmox specific updates for stability.

1. Why Use unattended-upgrades on Proxmox?

✅ Keeps your system up-to-date with Debian security patches
✅ Reduces the risk of security vulnerabilities
✅ Automatically installs safe updates while blocking Proxmox-specific upgrades

🚨 Why exclude Proxmox packages?
Proxmox updates often include kernel changes, requiring a reboot. Updating them automatically would not be desirable since all your VMs/containers would go down unexpectedly.

2. Install unattended-upgrades

Run the following commands to install the package for unattended-upgrades:

apt update apt install unattended-upgrades -y

Then, we need to enable it:

dpkg-reconfigure unattended-upgrades

Select Yes to enable automatic updates.

3. Configure your update rules

Edit the configuration file:

nano /etc/apt/apt.conf.d/50unattended-upgrades

Modify the Allowed-Origins section of this file to include only security updates:

Unattended-Upgrade::Allowed-Origins {
    "Debian:bookworm-security";
    "Debian:bookworm-updates";
};
Unattended-Upgrade::Package-Blacklist {
    "proxmox-ve";
    "pve-kernel";
    "pve-manager";
    "qemu-server";
    "pve-qemu-kvm";
    "pve-container";
};

 

What this does:

  • Allows only Debian security updates
  • Blocks Proxmox-specific updates that may require reboots

4. Enable Auto-Upgrades

Now, we can configure auto-upgrades to run daily:

nano /etc/apt/apt.conf.d/20auto-upgrades

Add:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

5. Test & Monitor Updates

Run a dry-run test to see what would be installed:

unattended-upgrades --dry-run --debug

See what was updated:

cat /var/log/unattended-upgrades/unattended-upgrades.log

Email Notifications

If you want email alerts when updates are applied we can do this by installing the mailutils package:

apt install mailutils -y

Then edit:

nano /etc/apt/apt.conf.d/50unattended-upgrades

Add your email:

Unattended-Upgrade::Mail "[email protected]";

Final Thoughts

Yes, we can keep Proxmox server hosts updated, but care needs to be given to which updates you apply and avoiding unexpected reboots of the server host. By specifically configuring which updates to apply, this allows you to keep security updates applied and hold off on Proxmox specific and kernel updates that might reboot your host

If you have any questions or want to share what you do for unattended updates with Proxmox, please join the discussion!


Topic Tags
proxmox home lab home server security updates patching
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  proxmox (40) , home lab (71) , home server (44) , security updates (1) , patching (1) ,