Self-hosting applications and services on your own server gives you control and flexibility, but it also comes with the responsibility of maintenance.

Keeping your Docker containers up-to-date can be a tedious task.

That’s where Watchtower comes in.

What is Watchtower?

Watchtower is a Docker container image that automates the process of updating your other Docker containers.

It monitors your running containers for new image versions and automatically pulls and restarts them when updates are available.

Think of it as an automated update manager specifically for your Dockerized applications.

Why is Watchtower useful for self-hosting and servers?

  • Automation: The biggest benefit is automation. Without Watchtower, you’d have to manually check for updates for each of your containers, pull the new images, and restart the containers. Watchtower eliminates this manual work, freeing up your time for other tasks.
  • Security: Keeping your containers up-to-date is crucial for security. New image versions often contain security patches that address vulnerabilities. Watchtower helps you ensure that you’re running the latest and most secure versions of your applications.
  • Reduced Downtime (with careful configuration): Watchtower can minimize downtime during updates. By using a rolling update strategy (which you can configure), it can update containers one at a time, ensuring that your service remains available. (However, zero-downtime updates are complex and might require additional orchestration beyond Watchtower itself. Watchtower primarily focuses on the update process).
  • Simplified Management: Managing updates for multiple containers can be complex. Watchtower simplifies this process by providing a central point for managing updates.
  • Easy to Use: Setting up Watchtower is relatively straightforward. You run it as a Docker container, and it takes care of the rest.

How does Watchtower work?

  1. Runs as a Container: Watchtower itself runs as a Docker container.
  2. Monitors Other Containers: It monitors other containers on the same Docker host.
  3. Checks for Updates: It periodically checks the container registry (e.g., Docker Hub, your private registry) for new versions of the images used by your running containers.
  4. Pulls New Images: When a new version is available, Watchtower automatically pulls the updated image.
  5. Restarts Containers: It then restarts the container using the new image. You can configure how this restart is handled (e.g., one by one, all at once).

How to use Watchtower

  1. Pull the Watchtower Image:
docker pull containrrr/watchtower
  1. Run Watchtower:
docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower
  • -d: Runs the container in detached mode (background).
  • --name watchtower: Gives the container a name.
  • -v /var/run/docker.sock:/var/run/docker.sock: Mounts the Docker socket. This is essential as it allows Watchtower to communicate with the Docker daemon and manage other containers.
  1. (Optional) Configure updates for specific containers:

By default, Watchtower updates all containers. You can use labels to control which containers are updated. For example, to update only containers with the label com.example.update=true:

docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --label com.example.update=true \ # Update only containers with this label
  containrrr/watchtower

And then, when running your other containers, include the label:

docker run -d \
  --label com.example.update=true \
  # ... other container options
  1. (Optional) Configure update frequency:

You can change how often Watchtower checks for updates (the default is every 5 minutes):

docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --interval 3600 # Check every hour (in seconds)
  containrrr/watchtower

Important Considerations:

  • Security: Mounting the Docker socket gives Watchtower significant power. Only run Watchtower on systems you trust.
  • Downtime: While Watchtower can minimize downtime, it doesn’t guarantee zero downtime. For critical applications, consider more advanced deployment strategies.
  • Testing: Before automatically updating production containers, it’s a good idea to test updates in a staging environment.
  • Configuration: Explore the Watchtower documentation for more advanced configuration options, such as notifications, rolling updates, and specific container update strategies.

You could also spin watchtower like:

#to run once
sudo docker run -d \
    --name watchtower \
    -v /var/run/docker.sock:/var/run/docker.sock \
    containrrr/watchtower --run-once

Or like this:

#to run on a specific time and remove unused images    
sudo docker run -d \
    --name watchtower \
    -v /var/run/docker.sock:/var/run/docker.sock \
    containrrr/watchtower --debug --cleanup --schedule "0 30 4 * * *"

If you just want to focus on a container:

#to monitor only a container (ex: shipyard)
sudo docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock v2tec/watchtower shipyard

See watchtowet at the container registry:

Conclusion

Watchtower is a valuable tool for anyone self-hosting applications using Docker.

It simplifies the update process, improves security, and saves you time and effort.

By automating container updates, Watchtower helps you keep your self-hosted services running smoothly and securely.

Just be careful which services you are setting up for automatic updates.

Some time ago, I got issues when one DB was updated, which broke my nextcloud setup.