Skip to content

Watchtower — Automated Docker Updates on a Synology NAS

Last updated on 23 November 2023

Please note if you are using DSM7.2 or higher you should use the Container Manager version of this guide from the menu.
This guide has reached the end of its updates as most people are now on the latest DSM update - This guide is correct as of 08/12/2023 however no further updates will be added.


Important or Recent Updates
Historic Updates

What is Watchtower?

Watchtower is an application that watches for updates for all your containers and automatically updates them for you.

Let’s Begin

Watchtower requires access to the Docker socket, we are unable to set this up via the Synology GUI. This means we will be using Docker-Compose.

Docker Compose

We will be using Docker Compose to set up the container. In a nutshell we will be creating a text file (YAML formatted) which tells Docker exactly how we want to set up a specific container.

The next steps can be done either using a code/text editor such as Notepad++ or to keep things simple for this guide we will be using the Synology Text Editor which can be installed from the Package Center.

Install Text Editor from the Package Center

Open up Text Editor and click on File then New to start a new file.

We have a couple of different composes available below the first one is configured to update all running containers at 2am daily (UTC).

YAML
services:
  watchtower:
    image: containrrr/watchtower:latest
    container_name: watchtower
    environment:
      - TZ=YOURTIMEZONE
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_INCLUDE_STOPPED=true
      - WATCHTOWER_REVIVE_STOPPED=false
      - WATCHTOWER_SCHEDULE=0 0 2 * * *
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

As an addition to the method above you can exclude specific containers from updates by adding this line to their yaml (compose) details. This is likely faster than using method 2

YAML
    labels:
      - com.centurylinklabs.watchtower.enable=false

The second has an added section where you can specify the names of the containers you would like to update (use the exact name of the container as per the Synology UI)

You can copy and paste the one you wish to use into the new text file, it is important you don’t change the spacing as YAML has to be formatted correctly in order to be read by Docker Compose.

YAML
services:
  watchtower:
    image: containrrr/watchtower:latest
    container_name: watchtower
    environment:
      - TZ=YOURTIMEZONE
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_INCLUDE_STOPPED=true
      - WATCHTOWER_REVIVE_STOPPED=false
      - WATCHTOWER_SCHEDULE=0 0 2 * * *
    command: # add or remove the below as required
      - nzbget
      - overseerr
      - plex
      - prowlarr
      - radarr
      - sonarr
      - tautulli
      - watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

Environment Variables

We need to make some changes in order for watchtower to know what time it is where you are and what we want it to do. You can amend these based on your preferences.

VariableValueWhat it does
TZEurope/LondonChange this to your own timezone
WATCHTOWER_CLEANUPtrue or falseWe want to clean up the old docker images, if you don’t turn this on over the course of a few months you will find that the images start to eat a lot of space and they are not even being used. (true or false)
WATCHTOWER_INCLUDE_STOPPEDtrue or falseDo you want to update any stopped containers, the container will stay stopped after being updated (true or false)
WATCHTOWER_REVIVE_STOPPEDtrue or falseIf a stopped container is updated do you want Watchtower to start it up? (true or false)
WATCHTOWER_SCHEDULE0 0 2 * * *Rather than setting the number of seconds to wait between checks you can set a schedule. The default I use is to check at 2am every day, you can work out your own schedule using a cron schedule generator

Your final file should look similar to the one shown below, depending on which version you used above.

Saving the Compose File

We now need to save this file into our docker share

Click on File then Save As, navigate to the ‘docker’ share and you need to change the ‘File name’ to watchtower.yml and save it in the ‘docker’ folder.

SSH and Docker-Compose

It’s time to get logged into you Diskstation via SSH, you can do this in the same way as when you obtained your IDs in the ‘Setting up a restricted Docker user‘ guide.

Once you have logged in you will need to give 2 commands, you can copy and paste these one at a time — you will need to enter your password for the command starting with ‘sudo’

First we are going to change directory to where the watchtower.yml is located, type the below and then press enter.

Bash
cd /volume1/docker

Then we are going to instruct Docker Compose to read the file we created and complete the set-up the container. Again type the below and press enter.

Bash
sudo docker-compose -f watchtower.yml up -d

When the command has completed you should be able to see Watchtower running in the list of containers in the Synology GUI. You can go into the container and within the log you should see that Watchtower is counting down to your next check.

You can now just leave Watchtower running you will never need to manually update your containers again.

FAQ

Q: I keep getting X container has stopped unexpectedly errors!
A: DSM does not know or understand that Watchtower is issuing commands in the background. So it makes the assumption that it was stopped unexpectedly, but we know it was Watchtower doing an update, the same happens if you issue a commands via docker-compose or even Portainer.

Q: Do I need to update Watchtower itself?
A: Nope it updates itself – quite clever really 🙂


Buy Me a Coffee or a Beer

If you have found my site useful please consider pinging me a tip as it helps cover the cost of running things or just lets me get the odd beverage. Plus 10% goes to the devs of the apps I do guides for every year.

Historic UpdatesDate
New guide released31/12/2021
Added command to only include specific containers (thanks to TimeLord on Discord)01/09/2022
Added notes in relation to updating GlueTUN and Torrents03/12/2022
Added the missing ‘synobridge’ network16/01/2023
Compose version number removed and small wording amendments09/04/2023
Amended the path to save the compose file – this is for security, so the container has no access to the file contents.14/04/2023
Historic Updates
Published inDockerSynologyUpdating Containers 7.1

76 Comments

  1. kilik kilik

    Thanks a lot for your instructions! One question with watchtower installation guide, i followed your guide but the watchtower container automatically using another bridge(172.18.0.0) and it’s different from the synobridge which other containers is using( mine is 172.16.0…)! Is it a problem? and how can i change the bridge for the watchtower?

    • Dr_Frankenstein Dr_Frankenstein

      Hey, sorry this is my error I didn’t add the bridge into the yaml, it will still work, check back in a couple of hours and the guide above will have the bridge added!

  2. Kyle Rothrock Kyle Rothrock

    I’ve read the horror stories about losing the mapping when updating and have experienced this myself. How do you prevent that from happening during the update? Love your page btw. Thanks

    • Dr_Frankenstein Dr_Frankenstein

      Do you mean the volume maps sorry, not something I have seen reported here however I would always recommend having regular backups or at least snapshots of the Docker share so you can roll back etc.

      • Kyle Rothrock Kyle Rothrock

        So i made a copy of the sonarr container so it still works. Brought in the new image and when i go to map the folders it fails to see them in sonarr, I assume because the ports are already configured for my first install which is now my backup. I am unable to change the ports in the new image. Hopefully that’s my problem as it would be easy to fix but sonarr container will not let me change the port. I hope this makes sense.

        • Dr_Frankenstein Dr_Frankenstein

          I am not sure why you are creating a copy first? Watchtower will check for an image update, then stop and remove Sonarr, then bring it up with the same settings.

          You don’t need to do anything manually.

          Backups would be of the actual files contained in your /docker share as they are the important part the containers themselves are disposable.

  3. I live in central united states and set the TZ to US/CENTRAL (-06:00) but based on when everything updated the container is set to (00:00) timezone… does it not recognize US/CENTRAL?

    • TimeLord TimeLord

      You can find a section on this page called “Environment Variables” describing TZ. It contains a link that points to a list of valid timezones. You will need to find TZ in that list that fits your location the best.

      • us/ central is in the list but for some reason it’s not reconized… the only thing i can think of is us/central says “link” for the type but america/chicago says “canonical”… might be common knowledge but i guess yo can only use “canonical” timezones

  4. Terry Terry

    Have set up Watchtower and is working perfectly so far – one question, I went with the version of naming the containers to update. How do I add/remove items from the list once set up?

    • Dr_Frankenstein Dr_Frankenstein

      Hey, use the second of the two yml files you add the containers you want to include and leave off the ones you don’t.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

drfrankenstein.co.uk – writing Synology Docker Guides since 2016 – Join My Discord!