Fixing Nginx Downgrade Issues After Upgrading from Debian 11 (Bullseye) to Debian 12 (Bookworm) on a GCP Cloud VM

Fixing Nginx Downgrade Issues After Upgrading from Debian 11 (Bullseye) to Debian 12 (Bookworm) on a GCP Cloud VM

When upgrading from Debian 11 (Bullseye) to Debian 12 (Bookworm) on a Google Cloud Platform (GCP) VM, I encountered a frustrating issue: after installing the latest Nginx version from the official Nginx repository, running apt update marked it for downgrade to an older version from Debian’s default repository.

This guide explains how I resolved the issue while maintaining Nginx updates from nginx.org without APT forcing an unwanted downgrade.

🚀 The Problem: Nginx Marked for Downgrade

After upgrading Debian from Bullseye (11) to Bookworm (12), I ensured that my Google, Debian, and Nginx repositories were correctly configured. However, when I ran:

apt update

APT attempted to downgrade Nginx from version 1.26.3-1~bullseye to an older Bookworm version (1.22.x-1+deb12u1).

🔍 Why Did This Happen?

  • My installed version (1.26.3-1~bullseye) was from the Nginx repository for Bullseye, but my system was now on Debian 12 (Bookworm).
  • APT still saw Bullseye’s version as installed but prioritized the lower version from Debian’s default repository.
  • The APT preferences file for Nginx (/etc/apt/preferences.d/nginx) was configured to prioritize nginx.org, but the issue persisted because of the mismatched Bullseye version.

🛠️ Fixing the Issue Step by Step

1️⃣ Check the Installed Nginx Version and Available Versions

First, I checked which version was installed and which versions were available:

apt-cache policy nginx

The output showed:

nginx:
  Installed: 1.26.3-1~bullseye
  Candidate: 1.26.3-1~bookworm
  Version table:
 *** 1.26.3-1~bullseye 100
        100 /var/lib/dpkg/status
     1.26.3-1~bookworm 1001
       1001 http://nginx.org/packages/debian bookworm/nginx amd64 Packages
     1.26.2-1~bookworm 1001
       1001 http://nginx.org/packages/debian bookworm/nginx amd64 Packages
     1.22.1-9 500
        500 http://deb.debian.org/debian bookworm/main amd64 Packages

📌 Key observations:

  • Installed version: 1.26.3-1~bullseye (from Nginx’s Bullseye repo)
  • Correct version for Bookworm: 1.26.3-1~bookworm
  • Debian’s older Nginx version (1.22.1-9) was still listed as a candidate

Since bullseye packages had a lower priority (100), APT wanted to downgrade to Debian’s version instead of upgrading to the latest Bookworm Nginx release.

2️⃣ Force Install the Correct Bookworm Version

To correct this, I manually reinstalled Nginx from the correct Bookworm repository:

sudo apt install --reinstall nginx=1.26.3-1~bookworm

Alternatively, using the -t bookworm flag also works:

sudo apt install nginx -t bookworm

After reinstalling, I confirmed the version:

nginx -v

Now, Nginx was correctly running 1.26.3-1~bookworm. 🎉

3️⃣ Ensure APT Always Uses the Nginx.org Repository

To prevent future downgrades, I verified the APT preferences file located at:

sudo nano /etc/apt/preferences.d/nginx

The file contained:

Package: *
Pin: origin nginx.org
Pin: release o=nginx
Pin-Priority: 1001

This correctly set the highest priority (1001) for packages from nginx.org, ensuring Debian wouldn’t override it.

4️⃣ Update and Verify Again

To test if the fix worked, I ran:

sudo apt update && sudo apt upgrade

Result: APT no longer attempted to downgrade Nginx! 🎯

5️⃣ Remove Any Previously Set Package Hold (If Applied)

Before I began searching for help, I had used the apt-mark hold command to stop Nginx from being downgraded:

sudo apt-mark hold nginx

Since the issue was now fixed, I removed the hold to allow future updates:

sudo apt-mark unhold nginx

To confirm Nginx was no longer held back:

apt-mark showhold

No output confirmed Nginx was free to update normally. 🎯

💡 Summary of Fix

✔️ Problem: After upgrading from Bullseye to Bookworm, APT marked Nginx for downgrade due to a version mismatch.
✔️ Root Cause: Installed version was from Nginx’s Bullseye repo, while Bookworm’s correct version was available but not installed.
✔️ Solution: 1️⃣ Check current & available Nginx versions (apt-cache policy nginx) 2️⃣ Reinstall the correct Bookworm version (apt install --reinstall nginx=1.26.3-1~bookworm) 3️⃣ Ensure the correct repository priority (/etc/apt/preferences.d/nginx) 4️⃣ Run apt update && apt upgrade to verify fix 5️⃣ Remove any package hold (apt-mark unhold nginx)

With these steps, APT now correctly pulls updates from nginx.org instead of downgrading Nginx from Debian’s default repository.

🚀 If you’re running a Debian-based server (especially on GCP), these steps can help you avoid Nginx upgrade issues after a major OS update. 🔥

If you’re looking for a comprehensive and well-structured guide on upgrading a Debian server, I highly recommend the tutorial from Cyberciti.biz: How to Upgrade Debian 11 to Debian 12 (Bookworm). This guide provided clear, step-by-step instructions that were instrumental in helping me successfully upgrade my GCP Cloud VM from Debian 11 (Bullseye) to Debian 12 (Bookworm). If you’re planning a similar upgrade, I encourage you to check out their article—it’s an excellent resource for system administrators and Linux enthusiasts alike. 🚀

Let me know if this guide helped you! Have you encountered similar issues? Share your experience in the comments below! 😊

By William McGill

William McGill is an IT veteran and independent contractor with over 20 years of experience in technology, networking, and insurance. He blends tech expertise with real-world problem-solving, working across industries from flood insurance claims to system administration. While most of his writing focuses on tech, freelancing, and adapting to an ever-evolving digital landscape, he occasionally explores topics that simply spark his curiosity—because life isn’t just about work, but about being human.

Leave a comment

Your email address will not be published. Required fields are marked *

William McGill