Setup Unattended Upgrades on Ubuntu server

unattended-upgrades.sh

# Install required packages
# update-notifier-common provides a mechanism for other packages to register a reboot request.
# Without update-notifier-common, automatic reboots will not work.
sudo apt install unattended-upgrades update-notifier-common

# configure it
sudo vi /etc/apt/apt.conf.d/50unattended-upgrades
  
  # set allowed origins
  Unattended-Upgrade::Allowed-Origins {
    # hardcoded distro
    #"Ubuntu xenial-security";
    #"Ubuntu xenial-updates";
    
    # more portable
    "${distro_id}:${distro_codename}-security";
    "${distro_id}:${distro_codename}-updates";
  };
  # enable automatic reboots
  Unattended-Upgrade::Automatic-Reboot "true";
  Unattended-Upgrade::Remove-Unused-Dependencies "true";

# further configuration happens in /etc/apt/apt.conf.d/10periodic
sudo vi /etc/apt/apt.conf.d/10periodic

  APT::Periodic::Update-Package-Lists "1";
  APT::Periodic::Download-Upgradeable-Packages "1";
  APT::Periodic::AutocleanInterval "7";
  APT::Periodic::Unattended-Upgrade "1";

sudo service unattended-upgrades restart

# verify everything by looking at logs
sudo tail -f /var/log/unattended-upgrades/unattended-upgrades.log