Skip to content

Watchtower — Automated Docker Updates on a Synology NAS

New guide released31/12/2021

What is Watchtower?

Watchtower is an application that watches for updates for all your over containers and automatically updates them for you, this saves you time especially when you have a lot of containers running.

Let’s Begin

Watchtower requires access to the Docker socket, we are unable to set this up via the Synology GUI. This means we will be using Docker-Compose.

Docker Compose

We will be using Docker Compose to set up the container. In a nutshell we will be creating a text file (YAML formatted) which tells Docker exactly how we want to set up a specific container.

The next steps can be done either using a code/text editor such as Notepad++ or to keep things simple for this guide we will be using the Synology Text Editor which can be installed from the Package Center.

Install Text Editor from the Package Center

Open up Text Editor and click on File then New to start a new file.

You can now copy and paste the details below into the new text file, it is important you don’t change the spacing as YAML has to be formatted correctly in order to be read by Docker Compose.

version: "3.8"
    image: containrrr/watchtower:latest
    container_name: watchtower
      - WATCHTOWER_SCHEDULE=0 0 2 * * *
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

Environment Variables

We need to make some changes in order for watchtower to know what time it is where you are and what we want it to do. You can amend these based on your preferences.

VariableValueWhat it does
TZEurope/LondonChange this to your own timezone
WATCHTOWER_CLEANUPtrue or falseWe want to clean up the old docker images, if you don’t turn this on over the course of a few months you will find that the images start to eat a lot of space and they are not even being used. (true or false)
WATCHTOWER_INCLUDE_STOPPEDtrue or falseDo you want to update any stopped containers, the container will stay stopped after being updated (true or false)
WATCHTOWER_REVIVE_STOPPEDtrue or falseIf a stopped container is updated do you want Watchtower to start it up? (true or false)
WATCHTOWER_SCHEDULE0 0 2 * * *Rather than setting the number of seconds to wait between checks you can set a schedule. The default I use is to check at 2am everyday, you can work out your own schedule using a cron schedule generator

Your final file should look similar to the one shown below.

The final file

Saving the Compose File

We now need to save this file into our docker share

Click on File then Save As, navigate to the ‘Docker’ share and create a new folder called ‘watchtower’ (lower case)

You need to change the ‘File name’ to watchtower.yml and save it in the ‘watchtower’ folder

SSH and Docker-Compose

It’s time to get logged into you Diskstation via SSH, you can do this in the same way as when you obtained your IDs in the ‘Setting up a restricted Docker user‘ guide.

Once you have logged in you will need to give 2 commands, you can copy and paste these one at a time — you will need to enter your password for the command starting with ‘sudo’

First we are going to change directory to where the watchtower.yml is located, type the below and then press enter.

cd /volume1/docker/watchtower

Then we are going to instruct Docker Compose to read the file we created and complete the set-up the container. Again type the below and press enter.

sudo docker-compose -f watchtower.yml up -d

When the command has completed you should be able to see Watchtower running in the list of containers in the Synology GUI. You can go into the container and within the log you should see that Watchtower is counting down to your next check.

You can now just leave Watchtower running you will never need to manually update your containers again.

Throw me some bits or buy me a coffee?

If you have found my site useful please consider pinging me a tip as it helps cover the cost of running the site, you can even buy me a coffee 🙂

Buy Me A Coffee
Doge / Ethereum / Bitcoin
Published inDockerSynologyUpdating Containers


  1. Dr_Frankenstein Dr_Frankenstein

    Try removing redundant images with sudo docker image prune

    This will remove any unused images.

    Or you can do a complete cleanup with

    sudo docker system prune

    This will remove all unused images, stopped containers and other cached items

    • Chris Chris

      It’s the same…

  2. Chris Chris

    A big thank you for all you do.
    I have an error with Watchtower, and I don’t know what to do…
    This is an installation with Portainer.
    But I tried in SSH and same problem
    Thank you for your help

    level=warning msg=”Failed to retrieve container image info: Error: No such image: sha256:0d303190802119ec5897f8fa8305f7c2af47b3bd03d206f0dce83c60fe84c6e0″

  3. rfg81 rfg81

    It seems watchtower blocks vlan access when I have it setup as a container in portainer. I’m going to use it as a task to run daily to avoid this problem.

  4. Bryan Bryan

    Well even got this up and running. I almost feel like a docker wizard now. Well I’d be lost without the tutorials! Keep them up. Great stuff!

  5. NewToSyn NewToSyn

    Loving your guides! I have just ordered a synology NAS and will be following them and sending some coffee. Started drafting the docker compose file in preparation. I was trying to figure out how to set watchtower to only update certain containers – their seems to be an environment variable to do this, but I believe I need to set it for each container. I don’t suppose you have done this?

    • Dr_Frankenstein Dr_Frankenstein

      Hey, shout out in Discord if you have any questions when setting up. I have not done what you are after but it looks easy. You add a label of ‘com.centurylinklabs.watchtower.enable’ to you other containers in the compose file and then the Environment Variable WATCHTOWER_LABEL_ENABLE this will then only update those containers.

      Bit hard to explain in the comments.

      • NewToSyn NewToSyn

        Thanks. Will give it a go, think I’ve figured out the label thing. Looks like an even simpler alternative is putting the names of the containers that I want monitored as part of the compose. Just out of interest – do you run your box with separate compose files, or a single one including all? I am unsure whether it’s critical to specify the version or not since some compose files seem to specify use of a different version at the start eg 2 vs 3

        • Dr_Frankenstein Dr_Frankenstein

          I use a single compose file in the /docker share. The version numbers don’t really make any difference to be honest at some point I used 3 and it just stuck. So there might be some slightly different numbers across the guides.

    • Rather than having Watchtower constantly running, I just set up a scheduled task in Synology to run it once a day and clean up after itself once it has completed. Since the container is quite small, it doesn’t have much impact and it also means you don’t need a Compose file or any command line work (although I do run Compose files through Portainer and don’t use Synology’s Docker front end at all).

      docker run –rm –name watchtower \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -e WATCHTOWER_RUN_ONCE=true \

      • There must be an error in the command.
        It doesn’t run saying something is wrong but I’m not able to figure out the problem

        • His example has hyphens instead of double dashes in a few places. Should be “–rm –name”, not “–rm –name”.

          • Looks like it’s this blogging platform’s fault — did it to my examples as well :/

          • Dr_Frankenstein Dr_Frankenstein

            I will see if there is a setting I can change for the comments section, WordPress being derpy and changing

            • – and -rm

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed. – writing Synology Docker Guides since 2016 – Join My Discord!