commit f99e8e40efe601ca7cb50deb9a981e7d6783ed76 Author: gus gus@torproject.org Date: Thu Aug 29 05:17:15 2019 -0400
Add instructions to automatically update your Debian or Ubuntu relay, include post-install link --- .../technical-setup/guard/debianubuntu/contents.lr | 16 ++++-- .../guard/debianubuntu/updates/contents.lr | 61 ++++++++++++++++++++++ 2 files changed, 73 insertions(+), 4 deletions(-)
diff --git a/content/relay-operations/technical-setup/guard/debianubuntu/contents.lr b/content/relay-operations/technical-setup/guard/debianubuntu/contents.lr index f7992dd..2a8bedb 100644 --- a/content/relay-operations/technical-setup/guard/debianubuntu/contents.lr +++ b/content/relay-operations/technical-setup/guard/debianubuntu/contents.lr @@ -4,17 +4,21 @@ title: Debian/Ubuntu --- body:
-# 1. Configure Tor Package Repository +# 1. Enable Automatic Software Updates + +One of the most imported things to keeps your relay secure is to install security updates timely and ideally automatically so you can not forget about it. Follow the instructions to enable [automatic software updates](updates) for your operating system. + +# 2. Configure Tor Package Repository
Enable the Torproject package repository by following the instructions **[here](https://2019.www.torproject.org/docs/debian.html.en#ubuntu)**.
-# 2. Package Installation +# 3. Package Installation
Install the `tor` package:
`apt update && apt install tor`
-# 3. Configuration File +# 4. Configuration File
Put the configuration file `/etc/tor/torrc` in place:
@@ -29,11 +33,15 @@ ControlSocket 0 ContactInfo tor-operator@your-emailaddress-domain ```
-# 4. Restart the Service +# 5. Restart the Service
Restart the tor daemon so your configuration changes take effect:
`systemctl restart tor@default` + +# 6. Final notes + +If you are having troubles setting up your relay, have a look at our [help section](FIXME). If your relay is now running, check out the [post-install](/relay/setup/post-install/) notes. --- html: two-columns-page.html --- diff --git a/content/relay-operations/technical-setup/guard/debianubuntu/updates/contents.lr b/content/relay-operations/technical-setup/guard/debianubuntu/updates/contents.lr new file mode 100644 index 0000000..05da34b --- /dev/null +++ b/content/relay-operations/technical-setup/guard/debianubuntu/updates/contents.lr @@ -0,0 +1,61 @@ +_model: page +--- +title: Debian Ubuntu Updates +--- +_discoverable: yes +--- +_hidden: yes +--- +body: + +# 1. Install the required packages + +``` +apt-get install unattended-upgrades apt-listchanges +``` + +# 2. Edit the configuration file + +Put the lines below into the configuration file /etc/apt/apt.conf.d/50unattended-upgrades, everything that was originally inside the generated file can be removed before you add the lines below. + +``` + Unattended-Upgrade::Origins-Pattern { + "origin=Debian,codename=${distro_codename},label=Debian-Security"; + "origin=TorProject"; + }; + Unattended-Upgrade::Package-Blacklist { + }; +``` + +#3. Automatically reboot + +If you want to automatically reboot add the following at the the end of the file `/etc/apt/apt.conf.d/50unattended-upgrades`: + +``` + Unattended-Upgrade::Automatic-Reboot "true"; + + Create the file /etc/apt/apt.conf.d/20auto-upgrades with the following content + + APT::Periodic::Update-Package-Lists "1"; + APT::Periodic::AutocleanInterval "5"; + APT::Periodic::Unattended-Upgrade "1"; + APT::Periodic::Verbose "1"; +``` + +# 4. Test + +You can test your unattended-upgrades setup with the following command: + +``` + sudo unattended-upgrade -d +``` +--- +html: two-columns-page.html +--- +key: 1 +--- +section: Relays Operations +--- +section_id: relays-operations +--- +_slug: updates