Skip to content

Watchtower — Automated Docker Updates on a Synology NAS

Last updated on 23 November 2023

Please note if you are using DSM7.2 or higher you should use the Container Manager version of this guide from the menu.
This guide has reached the end of its updates as most people are now on the latest DSM update - This guide is correct as of 08/12/2023 however no further updates will be added.

Important or Recent Updates
Historic Updates

What is Watchtower?

Watchtower is an application that watches for updates for all your containers and automatically updates them for you.

Let’s Begin

Watchtower requires access to the Docker socket, we are unable to set this up via the Synology GUI. This means we will be using Docker-Compose.

Docker Compose

We will be using Docker Compose to set up the container. In a nutshell we will be creating a text file (YAML formatted) which tells Docker exactly how we want to set up a specific container.

The next steps can be done either using a code/text editor such as Notepad++ or to keep things simple for this guide we will be using the Synology Text Editor which can be installed from the Package Center.

Install Text Editor from the Package Center

Open up Text Editor and click on File then New to start a new file.

We have a couple of different composes available below the first one is configured to update all running containers at 2am daily (UTC).

    image: containrrr/watchtower:latest
    container_name: watchtower
      - WATCHTOWER_SCHEDULE=0 0 2 * * *
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

As an addition to the method above you can exclude specific containers from updates by adding this line to their yaml (compose) details. This is likely faster than using method 2

      - com.centurylinklabs.watchtower.enable=false

The second has an added section where you can specify the names of the containers you would like to update (use the exact name of the container as per the Synology UI)

You can copy and paste the one you wish to use into the new text file, it is important you don’t change the spacing as YAML has to be formatted correctly in order to be read by Docker Compose.

    image: containrrr/watchtower:latest
    container_name: watchtower
      - WATCHTOWER_SCHEDULE=0 0 2 * * *
    command: # add or remove the below as required
      - nzbget
      - overseerr
      - plex
      - prowlarr
      - radarr
      - sonarr
      - tautulli
      - watchtower
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

Environment Variables

We need to make some changes in order for watchtower to know what time it is where you are and what we want it to do. You can amend these based on your preferences.

VariableValueWhat it does
TZEurope/LondonChange this to your own timezone
WATCHTOWER_CLEANUPtrue or falseWe want to clean up the old docker images, if you don’t turn this on over the course of a few months you will find that the images start to eat a lot of space and they are not even being used. (true or false)
WATCHTOWER_INCLUDE_STOPPEDtrue or falseDo you want to update any stopped containers, the container will stay stopped after being updated (true or false)
WATCHTOWER_REVIVE_STOPPEDtrue or falseIf a stopped container is updated do you want Watchtower to start it up? (true or false)
WATCHTOWER_SCHEDULE0 0 2 * * *Rather than setting the number of seconds to wait between checks you can set a schedule. The default I use is to check at 2am every day, you can work out your own schedule using a cron schedule generator

Your final file should look similar to the one shown below, depending on which version you used above.

Saving the Compose File

We now need to save this file into our docker share

Click on File then Save As, navigate to the ‘docker’ share and you need to change the ‘File name’ to watchtower.yml and save it in the ‘docker’ folder.

SSH and Docker-Compose

It’s time to get logged into you Diskstation via SSH, you can do this in the same way as when you obtained your IDs in the ‘Setting up a restricted Docker user‘ guide.

Once you have logged in you will need to give 2 commands, you can copy and paste these one at a time — you will need to enter your password for the command starting with ‘sudo’

First we are going to change directory to where the watchtower.yml is located, type the below and then press enter.

cd /volume1/docker

Then we are going to instruct Docker Compose to read the file we created and complete the set-up the container. Again type the below and press enter.

sudo docker-compose -f watchtower.yml up -d

When the command has completed you should be able to see Watchtower running in the list of containers in the Synology GUI. You can go into the container and within the log you should see that Watchtower is counting down to your next check.

You can now just leave Watchtower running you will never need to manually update your containers again.


Q: I keep getting X container has stopped unexpectedly errors!
A: DSM does not know or understand that Watchtower is issuing commands in the background. So it makes the assumption that it was stopped unexpectedly, but we know it was Watchtower doing an update, the same happens if you issue a commands via docker-compose or even Portainer.

Q: Do I need to update Watchtower itself?
A: Nope it updates itself – quite clever really 🙂

Buy Me a Coffee or a Beer

If you have found my site useful please consider pinging me a tip as it helps cover the cost of running things or just lets me get the odd beverage. Plus 10% goes to the devs of the apps I do guides for every year.

Historic UpdatesDate
New guide released31/12/2021
Added command to only include specific containers (thanks to TimeLord on Discord)01/09/2022
Added notes in relation to updating GlueTUN and Torrents03/12/2022
Added the missing ‘synobridge’ network16/01/2023
Compose version number removed and small wording amendments09/04/2023
Amended the path to save the compose file – this is for security, so the container has no access to the file contents.14/04/2023
Historic Updates
Published inDockerSynologyUpdating Containers 7.1


  1. Thanks for posting this! I ended up using Portainer to deploy this container but it was still nice to see the YAML definition to do it.

    • Dr_Frankenstein Dr_Frankenstein

      Good stuff – The new Container package for DSM7.2 is going to make all the compose elements to my guides much easier for anyone wanting to stick with the Syno UI


    I set this up a few days ago and everything is updating but pihole. I verified the container names lineup. What am I missing?

  3. Ronald Ronald

    Thanks for all your amazing tutorials which helped a lot in setting up all the containers.
    Although I went through all the steps (incl second version of the YML file) and got the Watchtower container running, it doesn’t see any updates. Prowlarr and Readarr had new versions but were not seen. All my containers are running ‘latest’ except Readarr which runs ‘develop’. So I have more or less the same issue as Dan M had, but I do not understand quite well how to solve it. For setting up the containers (except Whachtower) I’ve use the easy way (not the Docker Compose way).

    • TimeLord TimeLord

      Just to add to what Dr_Frankenstein has already mentioned – if there are updates watchtower will pull them in the next run. If you do not specify WATCHTOWER_POLL_INTERVAL or WATCHTOWER_SCHEDULE, watchtower will run the update every 24 hrs. If you want to just run the update on-demand, add –run-once to your watchtower docker command. For example,

      to update everything:

      sudo docker run -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower –run-once

      to update only selected images (prowlarr and readarr):

      sudo docker run -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower –run-once prowlarr readarr

      Please make sure that prowlarr and readarr are the actual names of your containers:

      sudo docker ps –format ‘{{.Names}}’

      • Ronald Ronald

        Thank you both for your responds. Problem solved now. Issue was that container names were written with capital letter like Readarr while in the YML file only lowercase.

  4. Dan M Dan M

    Hi, Thanks for your guides, they are very helpful. I followed this guide for Watchtower on my Syno920+, I used the second version to create my YAML file and got Watchtower installed and running. I only enabled it for a few *.arr containers that I currently run nightly versions. I know there are new nightly versions available, and I will use Readarr in this example. Watchtower is never finding the updated nightly version, the log always says “no pull needed” Not sure what I need to change or what I am doing wrong?

    “Checking if pull is needed” container=/Readarr image=”linuxserver/readarr:nightly-version-″

    • TimeLord TimeLord

      Assuming you’re using docker-compose, what exactly is your “image” line for readarr in docker-compuse YML file? Your log shows you’re trying to pull specifically “linuxserver/readarr:nightly-version-”, instead of “linuxserver/readarr:nightly”.

      “linuxserver/readarr:nightly-version-” is 10 days old as of today
      “linuxserver/readarr:nightly” is 4 days old as of today

      • Dan M Dan M

        Thanks for your quick response. So I now know what the problem is and why I am having the problem. I set up all my docker containers using the default synology docker management tool. It worked fine for up up until this point in time.

        So I can think of two possible options:

        Recreated my containers using docker compose which is probably what y’all would recommend, or

        (and not sure if this is even possible) add a variable or something(?) to my existing Synology docker configs.

        At any rate, I have learned enough that I shouldn’t have a problem recreating my containers using docker-compose

        • Dr_Frankenstein Dr_Frankenstein

          As Timelord correctly pointed out you will need to recreate them with the pure ‘nightly’ tag no version numbers, you can do this in the ui if you want. And then Watchtower will work as expected.

  5. This is awesome! You may want to note that if you edit your YML file to add or delete containers to update, you need to run the “SSH and Docker-Compose” steps again. 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed. – writing Synology Docker Guides since 2016 – Join My Discord!