OpenMediaVault 8 Upgrade Guide: Navigating the Jump to Debian 13 & Kernel 6.17
First off, I've come to love OMV since I started using it in 2021/2022. It's incredibly stable (even through my own blunders) being built on Debian, flexible as all hell (Thanks omv-extras!) and powerful. Also it's FOSS. No price, no costs, just performance.
Upgrading your home server is usually a "one-click" affair. It's supposed to be boring...
That assumption holds - until you’re running a customized NAS with:
- NVIDIA proprietary drivers manually installed (transcoding!)
- Docker-heavy workloads (F-yeah!)
- A few ill-advised "I’ll clean this up later" packages installed directly on the host (Ah... My shame! SteamCMD got me...)
This post combines two hard-earned lessons:
- How my OMV7 → OMV8 (Debian 13 “Trixie”) upgrade went sideways—and how I recovered it
- Why the jump to Linux kernel 6.17 is actually worth the pain for self-hosters
This is part of my Open Media Vault series:
Open Media Vault Guides
If you’re stuck in a kernel loop or staring at a broken Web GUI, here is how I survived the upgrade from hell, that was my fault, not OMVs...
TL;DR: OMV7 → OMV8 Upgrade Checklist
If you read nothing else, read this.
Before You Upgrade
- ✅ Back up your OS drive (Clonezilla / Proxmox snapshot)
- ✅ Confirm critical plugins support OMV 8
- ✅ Fully update OMV 7 before dist upgrading to 8
- ⚠️ Remove questionable host-installed apps (SteamCMD, runtimes, etc.)😧
Performing the Upgrade
- 🔐 Use SSH or local console only
- ▶️ Firstly run:
apt upgrade && omv-upgrade- Possibly reboot, if prompted, yes.
- ▶️ THEN Run:
omv-release-upgrade - 👀 Read prompts carefully (defaults are usually correct)
- Wait & have patience!
- 🔁 Reboot when finished
After the Upgrade
- 🌐 Clear browser cache before judging the Web UI
- 🧠 If you see a 502 error: reinstall PHP 8.4-FPM and redeploy salt
- 🧩 Verify kernel selection (especially Proxmox / ZFS users)
- 🎮 Reinstall apps like Plex manually if repos are broken
Common OMV 8 Upgrade Issues (And How to Fix Them)
1. The Kernel Catch‑22 (a.k.a. Death by i386)
OMV 8 expects a modern kernel (6.12+), but legacy 32‑bit (i386) packages can quietly sabotage the upgrade process.
In my case, the culprit was SteamCMD—installed directly on the OMV host years ago to run a Minecraft server for my kids. It pulled in i386 libraries that sat there like unexploded landmines.
Symptoms:
- Kernel packages stuck in a dependency loop
aptrefusing to finish upgrades- “Held packages” with no obvious cause
Fix:
- Purge the i386 architecture entirely
- Force-install the correct kernel headers
Lesson learned: If apt is fighting you, check for architecture mismatches first. And yes—this is exactly why containers exist.2. Fixing GPG Repo Errors (SHA-1) in Debian 13 (Plex Users, Pay Attention)
As of February 1, 2026, Debian 13 hard-rejects SHA‑1 signed repositories.
apt-get update before the upgrade. If you see a "GPG error" or "Insecure" warning on a repo, that repo will break/halt the OMV upgrade. Remove it for now completely!That’s great for security. It’s also how my Plex updates instantly broke.
Symptom:
Sub-process /usr/bin/sqv returned an error code (1)Cause:
- Plex’s APT repo was still SHA‑1 signed at the time of upgrade
While it's frustrating that Plex or other repos break, remember: Debian 13 is doing this to protect you. SHA-1 is cryptographically 'broken,' and forcing modern signatures keeps your NAS from being a target for repository-injection attacks.
This actually just happened, with Notepad++ and highlights the threat landscape in 2026, which is all about supply chain integrity.
Your Options/Fixes:
- Delay the OS upgrade (nope!)
- Temporarily remove Plex and reinstall manually from the
.deb- Totally valid option, what I did.
sudo rm /etc/apt/sources.list.d/plexmediaserver.listThen, a new command for Deb 13 Trixie:
apt modernize-sourcesWhat apt modernize-sources actually does:
Instead of just "upgrading" keys, it converts your entire repository structure from the old, fragile .list format to the new, structured DEB822 format.
- Old Format (
.list): A single, massive line of text that is hard for machines (and humans) to read without making mistakes. - New Format (
.sources): A clean, "stanza-based" format that looks like a config file.
The benefits of running it:
- Signed-By Integration: It automatically tries to find the GPG keys for your repos and adds the
Signed-By: /path/to/keyline directly into the source block. This is the "correct" way to handle security in 2026. - Organization: It moves everything into
/etc/apt/sources.list.d/debian.sourcesand disables the old, cluttered/etc/apt/sources.list. - Backups: It creates
.bakfiles of your old lists, so you can revert if a third-party repo (like Plex) gets confused.
- Wait for Plex to update their repo (the least painful path—and what I chose)
3. NVIDIA Drivers: Proprietary vs Open (RTX 3060 Edition)
If you are on OMV7/8 and using an RTX 3060, stick to Proprietary 590.x. The Open modules are exciting but lack the rock-solid power management (P-States) needed to keep your NAS from pulling 30W at idle.
- Proprietary 590.x drivers: current reality for stable NVENC, power management, and transcoding
Pro Tips:
- Blacklist
nouveau - Say YES to DKMS (or your driver dies on the next kernel update)
- Say NO to installing i386 support—every time!
I install them manually every time.
To install the latest NVIDIA drivers on Debian 13 (Trixie) using the .run file method, you need to navigate the strict security policies of 2026. Since Trixie is the current "Testing" branch, the repositories often lag behind the cutting-edge versions needed for the newest hardware (like the RTX 50-series).
Here is the step-by-step "Command Line" guide to doing this properly.
Step 1: Prep the System
Before downloading, you must install the build tools and the specific headers for your Proxmox/Debian kernel.
sudo apt update
sudo apt install build-essential dkms linux-headers-$(uname -r)
Step 2: WGET the Latest Driver
NVIDIA's download URLs follow a predictable pattern. As of February 2026, the v570.124.04 or v580.x branches are the stable targets for Trixie.
# Move to your downloads folder
cd ~/Downloads
# Download the 64-bit Linux driver (Example version 590.48.01)
wget https://us.download.nvidia.com/XFree86/Linux-x86_64/570.124.04/NVIDIA-Linux-x86_64-590.48.01.run
# Make it executable
chmod +x NVIDIA-Linux-x86_64-590.48.01.run
Step 3: Disable the Nouveau Driver
You cannot install NVIDIA drivers while the open-source nouveau driver is active. If you're upgrading from OMV7 and already had this done, you should not need to do this again / can skip.
echo "blacklist nouveau" | sudo tee /etc/modprobe.d/blacklist-nouveau.conf
echo "options nouveau modeset=0" | sudo tee -a /etc/modprobe.d/blacklist-nouveau.conf
# Update your initramfs to apply the change
sudo update-initramfs -u
Reboot your machine now to ensure Nouveau is fully unloaded.
Run nvidia-smi to check while playing something from plex, and forcing a transcode:
Thu Feb 5 15:03:36 2026
+-----------------------------------------------------------------------------------------+
| NVIDIA-SMI 590.48.01 Driver Version: 590.48.01 CUDA Version: 13.1 |
+-----------------------------------------+------------------------+----------------------+
| GPU Name Persistence-M | Bus-Id Disp.A | Volatile Uncorr. ECC |
| Fan Temp Perf Pwr:Usage/Cap | Memory-Usage | GPU-Util Compute M. |
| | | MIG M. |
|=========================================+========================+======================|
| 0 NVIDIA GeForce RTX 3060 Off | 00000000:2E:00.0 Off | N/A |
| 40% 48C P2 52W / 170W | 607MiB / 12288MiB | 6% Default |
| | | N/A |
+-----------------------------------------+------------------------+----------------------+
+-----------------------------------------------------------------------------------------+
| Processes: |
| GPU GI CI PID Type Process name GPU Memory |
| ID ID Usage |
|=========================================================================================|
| 0 N/A N/A 809948 C frigate.detector.onnx_0 276MiB |
| 0 N/A N/A 3164153 C /usr/lib/ffmpeg/7.0/bin/ffmpeg 127MiB |
| 0 N/A N/A 4018944 C ...exmediaserver/Plex Transcoder 190MiB |
+-----------------------------------------------------------------------------------------+Plex transcoder, on my GPU right at the bottom.
Step 4: The Installation
Since this is a server/NAS, you should run the installer with the DKMS flag. This ensures the driver automatically rebuilds itself when you update your kernel in the future.
Run the installer:
sudo ./NVIDIA-Linux-x86_64-570.124.04.run --dkms
Installer Answers for Trixie:
- Install NVIDIA's 32-bit compatibility libraries? No (I purged
i386earlier; keep it clean). - Would you like to run the nvidia-xconfig utility? Yes (If you use a monitor) or No (If headless).
- You should be running OMV headless.
- Install Proprietary or Open Kernel? Proprietary (Recommended for optimal performance of an RTX gpu).
Step 5: Verification
Once finished, reboot one last time and run the "Golden Command":
nvidia-smi
If you see the RTX 3060 listed with the 570.x driver version, you are successfully set up.
Pro-Tip: Why "Wget" is a double-edged sword
While wget is fast, the .run file method is "unmanaged." This means apt doesn't know the driver exists.
- To Uninstall: You must keep the
.runfile and runsudo ./NVIDIA-Linux-x86_64-xxx.run --uninstall. - To Update: You have to manually
wgetthe new version and run it again.
Now that the driver is installed, would you like me to show you how to verify that Plex is actually using the GPU for hardware transcoding?
4. Fixing the OMV 8 "502 Bad Gateway" Error😱
One of the scariest moments was the "502 Bad Gateway" after the upgrade.
502 Bad Gateway
OMV 8 moves to PHP 8.4-FPM, and sometimes the old configuration files don't play nice with the new service binaries.
- The Fix: Don’t spend hours editing
.conffiles. A simple--reinstallofphp8.4-fpmand a salt deploy (omv-salt deploy run phpfpm) was the "magic button" that brought the Web GUI back to life. Here's the commands for easy copy/paste:
# First, runt this:
apt-get install --reinstall php8.4-fpm
# Then:
omv-salt deploy run phpfpmThis single step resurrected the Web UI instantly.
Part 2: Linux Kernel 6.17 Benefits for NAS & Docker Users💻
Jumping from kernel 6.12 → 6.17 isn’t just incremental polish. It’s a tangible upgrade for NAS, Dockera, and media workloads. While 6.12 was an LTS (Long Term Support) candidate that stabilized "PREEMPT_RT" for real-time tasks, the 6.17 cycle introduces "quality of life" features that directly impact server efficiency, SSD longevity, and container security.
Here’s what you’ll actually notice.
| Feature | Impact on Your NAS |
| NVMe Zeroing | Faster deletions, less SSD wear. |
| DualPI2 | No more "Bufferbloat" during large downloads. |
| AVC Controls | Reclaim 5-10% CPU speed by disabling mitigations. |
| Namespace Locks | Snappier UI when running 50+ Docker containers. |
1. Storage: SSD Longevity and "Instant" Zeroing
For those running databases or large media servers, 6.17 introduces a major efficiency gain for NVMe and SCSI SSDs.
- Zeroing without I/O: The kernel can now write zeroes to modern SSDs without actual I/O operations (using the
DEACbit for NVMe andUMMAPfor SCSI). This uses theFALLOC_FL_WRITE_ZEROESflag, which tells the SSD to mark regions as zeroed internally.+1 - Impact: This reduces physical wear on your drives and speeds up large file deletions or allocations significantly.
- Large Folio Support for Btrfs: Btrfs now handles memory in larger chunks (folios), reducing CPU overhead during high-throughput storage tasks like 4K video streaming or large file backups.
Impacts:
- Less SSD wear
- Faster deletes and allocations
- Better longevity for metadata-heavy systems (Plex, databases, ZFS)
2. Networking: Lower Latency and Smarter Throttling
If you host real-time services like Jellyfin, Nextcloud, or game servers, the networking stack received two major upgrades:
- DualPI2 Congestion Control: This new algorithm is designed to reduce (kill!) "bufferbloat" (network queue latency). It helps keep your connection responsive even when the bandwidth is fully saturated by a large download.
- Adaptive Polling (from 6.13): The network stack now intelligently switches between "polling" and "interrupts." During heavy traffic, it polls for data more efficiently; during lulls, it reverts to interrupts to save power.
Impacts:
- Up to 45% more throughput and 30% less power usage in high-traffic scenarios
- This is real-world performance impact of smoother Jellyfin/Plex streams & responsive UI even during maxed-out downloads.
3. Security: "Attack Vector Controls"
Managing security mitigations (like those for Spectre/Meltdown) has historically been a mess of cryptic kernel boot parameters.
- Unified Mitigations: 6.17 introduces Attack Vector Controls (AVC). Instead of toggling individual vulnerabilities, you can now manage them by "scope" (e.g.,
user-to-kernel,guest-to-host).+1 - Impact: If you run a private home lab with no "untrusted" users or VMs, you can easily disable specific classes of mitigations with one command to claw back 5–10% of CPU performance that was previously lost to hardware bug workarounds!
4. Virtualization and Containers (Docker/LXC)
For users running a heavy stack of Docker containers, several "under-the-hood" changes make the system snappier:
- Per-Namespace RTNL Lock: Previously, a single "Global Lock" (RTNL) could slow down networking operations if you had dozens of containers starting or stopping. This lock is now per-network-namespace, drastically reducing "contention" in container-heavy environments.
- AppArmor AF_UNIX Mediation: AppArmor can now strictly control Unix domain sockets.
- Impact: This adds a new layer of security for local inter-container communication, making it much harder for a compromised container to "talk" to a sensitive socket on your host. This is a major security improvement!
5. Scheduling: Proxy Execution
This is an experimental but exciting feature for 6.17.
- What it is: It allows a lower-priority task that is holding a resource (like a lock) to temporarily "inherit" the priority of the high-priority task waiting for it.
- Impact: It prevents "priority inversion" where your high-speed task is stuck behind a slow background task. This results in much smoother interactive responsiveness for your OS, especially when the server is under a heavy background load (like a parity check or a large build).
🛠 The Safe Upgrade Path — OMV7 → OMV8
If you’re already on OMV7, you do not need a fresh install. OMV’s built-in migration handles Debian 12 → 13 cleanly—if you prepare properly. I'll also mention where I hit my roadblocks along each part of the process.
Phase 1: The "Digital Fortress" Pre-Check🚨
Before you touch the terminal, you need to clean house. OMV 8 is strictly modern; it does not tolerate "technical debt" or legacy packages.
- The 32-bit (i386) Purge: This was my biggest blunder. If you’ve ever installed SteamCMD, old game servers, or 32-bit drivers, they will act like unexploded landmines.
- The Fix: Run
dpkg --get-selections | grep i386. If anything pops up, purge it. OMV 8 expects a clean 64-bit architecture.
- The Fix: Run
- Backups (The "Safety Net"): I’ll admit, I skipped the full disk clone this time and used
omv-regen. Don't be like me. If you are on Proxmox, right-click your VM and hit Snapshot. It takes 10 seconds and saves 10 hours of rebuild time. - Plugin Audit: Go to OMV-Extras and ensure your "must-have" plugins are OMV 8 ready.
Phase 2: The Migration - Execution
Perform this via SSH‼️ (using PuTTY, Terminal, or VS Code) or the local console. Never attempt this inside the Web UI's terminal window.
Step 1: Patch the Current System
Bring OMV 7 to its final, most stable state.
apt get upgrade && omv-upgrade
If required, reboot.
I do usually reboot because I'll have had the system running for a long time, and this 'refreshes' everything.
Step 2: The "Quiesce" (Quiet the Host)
To ensure the upgrade has 100% of your CPU and RAM, stop your heavy workloads.
- Stop all Docker containers and VMs via
docker compose downand shutting down VMs. - Stop media servers (Plex/Jellyfin).
systemctl stop plexmediaserverfor example. - Why? You don't want a background transcoding task locking a file while the OS is trying to replace it.
Step 3: Trigger the Release Upgrade
This is the "point of no return."
omv-release-upgrade
What to expect: On my Ryzen 3600X, this took about 10 minutes.
- The SHA-1 Guillotine: If the process stops with a GPG error (common with Plex or older repos), it’s because Debian 13 rejects SHA-1 security. You may need to temporarily comment out those lines in
/etc/apt/sources.list.d/. - Prompt Panic: It will ask if you want to keep or replace configuration files. Generally, the Default (Keep) is the safest bet for OMV.
Step 4: The First Reboot
Once the script finishes, force a reboot:
sudo reboot
Phase 3: Post-Upgrade Resurrection
Your server is back up, but it might feel "broken." Don't panic.
- The 502 Bad Gateway Fix: If the Web UI won't load, it's likely a PHP version mismatch. OMV 8 moves to PHP 8.4-FPM.
- The Magic Button:
apt-get install --reinstall php8.4-fpm omv-salt deploy run phpfpm - Note: Clear your browser cache! Your browser is trying to show you OMV 7 files on an OMV 8 system.
- The Magic Button:
- Verify the Kernel: Run
uname -r. If you aren't seeing Kernel 6.17+, head to System > Kernel and ensure the Proxmox/PVE kernel is set as the default. - NVIDIA Redux: If your transcoding broke, check your drivers. With the move to Kernel 6.17, make sure you are on the Proprietary 590.x drivers. Ensure DKMS is active so the driver "follows" the kernel on the next update. I wiped my drivers completely first, then re-installed them after.
🛠️ The "Silver Bullet": The OMV 7 to 8 Fixes Script
Even with a perfect plan, migrations can leave behind "ghost" configurations or broken symlinks. The lead developer of OMV-Extras (ryecoaaron) maintained a script specifically designed to mop up these messes.
Why use it? If your Web GUI is missing icons, you’re getting "RPC Errors," or the dashboard feels "glitchy" after the upgrade, this script resets the core environment variables and ensures the new PHP 8.4-FPM services are mapped correctly.
How to run it: While logged in as root via SSH, run the following:
wget -O - https://raw.githubusercontent.com/OpenMediaVault-Plugin-Developers/installScript/refs/heads/master/fix7to8upgrade | sudo bash
What this does:
- Cleans up the
aptcache and identifies held packages. - Forces a deployment of the Saltstack (the "brain" that configures OMV).
- Corrects directory permissions that may have changed between Debian 12 and 13.
💡 Core Lab Pro-Tip: The "Audit" Before the Fix
If you run the script and still have issues, check the logs. OMV 8 is very vocal about what it hates. An example is running journalctl -u php8.4-fpm to see if a specific legacy plugin is crashing the web service. This is how I found there was something wrong with my php8.4. journalctl -xe gives you an overview of everything since boot.
✅ Final State
- OMV 8 (“Synchrony”)
- Debian 13 (Trixie)
- Linux kernel 6.17
- Full NVIDIA hardware acceleration
- Zero data loss
Not a one‑click upgrade—but absolutely worth it.

Quick Fix Matrix
| Symptom | Likely Cause | The Fix |
| 502 Bad Gateway | PHP-FPM service mismatch | Run the "Fixes" script or reinstall php8.4-fpm. |
| GPG / Repo Errors | Debian 13 SHA-1 rejection | Disable the offending repo in sources.list.d. |
| ZFS Pool Missing | Wrong Kernel booted | Go to System > Kernel and select the PVE Kernel. |
| "Held Packages" | i386 (32-bit) conflicts | Purge i386 architecture and try apt --fix-broken install. |
Enjoyed this "war story" from the trenches? I’m building a community of self-hosters who value stability, security, and performance over "hoping for the best."👇
If you're still on OMV8 or want to know how to setup ZFS on OMV, jump here to this link below:
Member discussion