[tor-commits] [community/staging] Add instructions to automatically update your Debian or Ubuntu relay, include post-install link

hiro at torproject.org hiro at torproject.org
Sun Mar 21 19:17:24 UTC 2021


commit f99e8e40efe601ca7cb50deb9a981e7d6783ed76
Author: gus <gus at torproject.org>
Date:   Thu Aug 29 05:17:15 2019 -0400

    Add instructions to automatically update your Debian or Ubuntu relay, include post-install link
---
 .../technical-setup/guard/debianubuntu/contents.lr | 16 ++++--
 .../guard/debianubuntu/updates/contents.lr         | 61 ++++++++++++++++++++++
 2 files changed, 73 insertions(+), 4 deletions(-)

diff --git a/content/relay-operations/technical-setup/guard/debianubuntu/contents.lr b/content/relay-operations/technical-setup/guard/debianubuntu/contents.lr
index f7992dd..2a8bedb 100644
--- a/content/relay-operations/technical-setup/guard/debianubuntu/contents.lr
+++ b/content/relay-operations/technical-setup/guard/debianubuntu/contents.lr
@@ -4,17 +4,21 @@ title: Debian/Ubuntu
 ---
 body:
 
-# 1. Configure Tor Package Repository
+# 1. Enable Automatic Software Updates
+
+One of the most imported things to keeps your relay secure is to install security updates timely and ideally automatically so you can not forget about it. Follow the instructions to enable [automatic software updates](updates) for your operating system.
+
+# 2. Configure Tor Package Repository
 
 Enable the Torproject package repository by following the instructions **[here](https://2019.www.torproject.org/docs/debian.html.en#ubuntu)**.
 
-# 2. Package Installation
+# 3. Package Installation
 
 Install the `tor` package:
 
 `apt update && apt install tor`
 
-# 3. Configuration File
+# 4. Configuration File
 
 Put the configuration file `/etc/tor/torrc` in place:
 
@@ -29,11 +33,15 @@ ControlSocket 0
 ContactInfo tor-operator at your-emailaddress-domain
 ```
 
-# 4. Restart the Service
+# 5. Restart the Service
 
 Restart the tor daemon so your configuration changes take effect:
 
 `systemctl restart tor at default`
+
+# 6. Final notes
+
+If you are having troubles setting up your relay, have a look at our [help section](FIXME). If your relay is now running, check out the [post-install](/relay/setup/post-install/) notes.
 ---
 html: two-columns-page.html
 ---
diff --git a/content/relay-operations/technical-setup/guard/debianubuntu/updates/contents.lr b/content/relay-operations/technical-setup/guard/debianubuntu/updates/contents.lr
new file mode 100644
index 0000000..05da34b
--- /dev/null
+++ b/content/relay-operations/technical-setup/guard/debianubuntu/updates/contents.lr
@@ -0,0 +1,61 @@
+_model: page
+---
+title: Debian Ubuntu Updates
+---
+_discoverable: yes
+---
+_hidden: yes
+---
+body:
+
+# 1. Install the required packages
+
+```
+apt-get install unattended-upgrades apt-listchanges
+```
+
+# 2.  Edit the configuration file
+
+Put the lines below into the configuration file /etc/apt/apt.conf.d/50unattended-upgrades, everything that was originally inside the generated file can be removed before you add the lines below.
+
+```
+    Unattended-Upgrade::Origins-Pattern {
+            "origin=Debian,codename=${distro_codename},label=Debian-Security";
+    	"origin=TorProject";
+    };
+    Unattended-Upgrade::Package-Blacklist {
+    };
+```
+
+#3. Automatically reboot
+
+If you want to automatically reboot add the following at the the end of the file `/etc/apt/apt.conf.d/50unattended-upgrades`:
+
+```
+    Unattended-Upgrade::Automatic-Reboot "true";
+
+    Create the file /etc/apt/apt.conf.d/20auto-upgrades with the following content
+
+    APT::Periodic::Update-Package-Lists "1"; 	 	
+    APT::Periodic::AutocleanInterval "5"; 	 	
+    APT::Periodic::Unattended-Upgrade "1"; 	 	
+    APT::Periodic::Verbose "1"; 	 	
+```
+
+# 4. Test
+
+You can test your unattended-upgrades setup with the following command:
+
+```
+   sudo unattended-upgrade -d
+```
+---
+html: two-columns-page.html
+---
+key: 1
+---
+section: Relays Operations
+---
+section_id: relays-operations
+---
+_slug: updates





More information about the tor-commits mailing list