Please note if you are using DSM7.2 or higher you should use the Container Manager version of this guide from the menu.
This guide has reached the end of its updates as most people are now on the latest DSM update - This guide is correct as of 08/12/2023 however no further updates will be added.
Important or Recent Updates
| Historic Updates | Date |
|---|---|
| New guide released | 31/12/2021 |
| Added command to only include specific containers (thanks to TimeLord on Discord) | 01/09/2022 |
| Added notes in relation to updating GlueTUN and Torrents | 03/12/2022 |
| Added the missing ‘synobridge’ network | 16/01/2023 |
| Compose version number removed and small wording amendments | 09/04/2023 |
| Amended the path to save the compose file – this is for security, so the container has no access to the file contents. | 14/04/2023 |
| Added labels to GlueTUN container guide so updated information in this one to coincide | 06/05/2023 |
| Added a 3rd option to just exclude specific containers via a label. | 23/11/2023 |
What is Watchtower?
Watchtower is an application that watches for updates for all your containers and automatically updates them for you.
Let’s Begin
Watchtower requires access to the Docker socket, we are unable to set this up via the Synology GUI. This means we will be using Docker-Compose.
Docker Compose
We will be using Docker Compose to set up the container. In a nutshell we will be creating a text file (YAML formatted) which tells Docker exactly how we want to set up a specific container.
The next steps can be done either using a code/text editor such as Notepad++ or to keep things simple for this guide we will be using the Synology Text Editor which can be installed from the Package Center.
Open up Text Editor and click on File then New to start a new file.
We have a couple of different composes available below the first one is configured to update all running containers at 2am daily (UTC).
services:
watchtower:
image: containrrr/watchtower:latest
container_name: watchtower
environment:
- TZ=YOURTIMEZONE
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_INCLUDE_STOPPED=true
- WATCHTOWER_REVIVE_STOPPED=false
- WATCHTOWER_SCHEDULE=0 0 2 * * *
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stoppedAs an addition to the method above you can exclude specific containers from updates by adding this line to their yaml (compose) details. This is likely faster than using method 2
labels:
- com.centurylinklabs.watchtower.enable=falseThe second has an added section where you can specify the names of the containers you would like to update (use the exact name of the container as per the Synology UI)
You can copy and paste the one you wish to use into the new text file, it is important you don’t change the spacing as YAML has to be formatted correctly in order to be read by Docker Compose.
services:
watchtower:
image: containrrr/watchtower:latest
container_name: watchtower
environment:
- TZ=YOURTIMEZONE
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_INCLUDE_STOPPED=true
- WATCHTOWER_REVIVE_STOPPED=false
- WATCHTOWER_SCHEDULE=0 0 2 * * *
command: # add or remove the below as required
- nzbget
- overseerr
- plex
- prowlarr
- radarr
- sonarr
- tautulli
- watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stoppedEnvironment Variables
We need to make some changes in order for watchtower to know what time it is where you are and what we want it to do. You can amend these based on your preferences.
| Variable | Value | What it does |
|---|---|---|
| TZ | Europe/London | Change this to your own timezone |
| WATCHTOWER_CLEANUP | true or false | We want to clean up the old docker images, if you don’t turn this on over the course of a few months you will find that the images start to eat a lot of space and they are not even being used. (true or false) |
| WATCHTOWER_INCLUDE_STOPPED | true or false | Do you want to update any stopped containers, the container will stay stopped after being updated (true or false) |
| WATCHTOWER_REVIVE_STOPPED | true or false | If a stopped container is updated do you want Watchtower to start it up? (true or false) |
| WATCHTOWER_SCHEDULE | 0 0 2 * * * | Rather than setting the number of seconds to wait between checks you can set a schedule. The default I use is to check at 2am every day, you can work out your own schedule using a cron schedule generator |
Your final file should look similar to the one shown below, depending on which version you used above.
Saving the Compose File
We now need to save this file into our docker share
Click on File then Save As, navigate to the ‘docker’ share and you need to change the ‘File name’ to watchtower.yml and save it in the ‘docker’ folder.
SSH and Docker-Compose
It’s time to get logged into you Diskstation via SSH, you can do this in the same way as when you obtained your IDs in the ‘Setting up a restricted Docker user‘ guide.
Once you have logged in you will need to give 2 commands, you can copy and paste these one at a time — you will need to enter your password for the command starting with ‘sudo’
First we are going to change directory to where the watchtower.yml is located, type the below and then press enter.
cd /volume1/dockerThen we are going to instruct Docker Compose to read the file we created and complete the set-up the container. Again type the below and press enter.
sudo docker-compose -f watchtower.yml up -dWhen the command has completed you should be able to see Watchtower running in the list of containers in the Synology GUI. You can go into the container and within the log you should see that Watchtower is counting down to your next check.
You can now just leave Watchtower running you will never need to manually update your containers again.
FAQ
Q: I keep getting X container has stopped unexpectedly errors!
A: DSM does not know or understand that Watchtower is issuing commands in the background. So it makes the assumption that it was stopped unexpectedly, but we know it was Watchtower doing an update, the same happens if you issue a commands via docker-compose or even Portainer.
Q: Do I need to update Watchtower itself?
A: Nope it updates itself – quite clever really 🙂
Buy Me a Coffee or a Beer
If you have found my site useful please consider pinging me a tip as it helps cover the cost of running things or just lets me get the odd beverage. Plus 10% goes to the devs of the apps I do guides for every year.
| Historic Updates | Date |
|---|---|
| New guide released | 31/12/2021 |
| Added command to only include specific containers (thanks to TimeLord on Discord) | 01/09/2022 |
| Added notes in relation to updating GlueTUN and Torrents | 03/12/2022 |
| Added the missing ‘synobridge’ network | 16/01/2023 |
| Compose version number removed and small wording amendments | 09/04/2023 |
| Amended the path to save the compose file – this is for security, so the container has no access to the file contents. | 14/04/2023 |
Thanks a lot for your instructions! One question with watchtower installation guide, i followed your guide but the watchtower container automatically using another bridge(172.18.0.0) and it’s different from the synobridge which other containers is using( mine is 172.16.0…)! Is it a problem? and how can i change the bridge for the watchtower?
Hey, sorry this is my error I didn’t add the bridge into the yaml, it will still work, check back in a couple of hours and the guide above will have the bridge added!
Thanks for your quick reply, I’ve already made it!
I’ve read the horror stories about losing the mapping when updating and have experienced this myself. How do you prevent that from happening during the update? Love your page btw. Thanks
Do you mean the volume maps sorry, not something I have seen reported here however I would always recommend having regular backups or at least snapshots of the Docker share so you can roll back etc.
So i made a copy of the sonarr container so it still works. Brought in the new image and when i go to map the folders it fails to see them in sonarr, I assume because the ports are already configured for my first install which is now my backup. I am unable to change the ports in the new image. Hopefully that’s my problem as it would be easy to fix but sonarr container will not let me change the port. I hope this makes sense.
I am not sure why you are creating a copy first? Watchtower will check for an image update, then stop and remove Sonarr, then bring it up with the same settings.
You don’t need to do anything manually.
Backups would be of the actual files contained in your /docker share as they are the important part the containers themselves are disposable.
I live in central united states and set the TZ to US/CENTRAL (-06:00) but based on when everything updated the container is set to (00:00) timezone… does it not recognize US/CENTRAL?
You can find a section on this page called “Environment Variables” describing TZ. It contains a link that points to a list of valid timezones. You will need to find TZ in that list that fits your location the best.
us/ central is in the list but for some reason it’s not reconized… the only thing i can think of is us/central says “link” for the type but america/chicago says “canonical”… might be common knowledge but i guess yo can only use “canonical” timezones
Every day is a school day! Got to love timezones.
so apparently us/central is not recognized.. america/chicago is though… weird
Have set up Watchtower and is working perfectly so far – one question, I went with the version of naming the containers to update. How do I add/remove items from the list once set up?
It’s as simple as amending the list and running the compose again.
I am a bit confused to exclude container from update list. Can you please advise how to do that?
Hey, use the second of the two yml files you add the containers you want to include and leave off the ones you don’t.