Linuxpad

Got Linux?

Automatic Container Updates With Watchtower.

Posted by on Tagged docker home-lab linux selfhost telegram traefik
Automatic Container Updates With Watchtower.

Docker is a popular containerization platform that allows you to easily package, distribute, and run applications in lightweight, portable containers. In light of this, one of the essential tasks is keeping container images up-to-date with the latest software patches, security fixes, and feature updates.

In this article, we introduce you to an exciting tool called Watchtowerwhich automates updating Docker container images. Watchtower is a lightweight, open-source container management tool that automates updating Docker container images. It monitors your Docker environment for changes in the available image versions and automatically pulls and updates containers with the latest images.

This fantastic tool can be installed with this simple docker command as:

docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower

Watchtower provides flexibility and customization options, allowing you to configure the update process according to your specific needs and preferences. So let us dive even deeper by customizing this container with the help of a docker-compose.yaml file.

Now paste this code in the docker-compose.yaml file generated as:



services:
  watchtower:
    container_name: watchtower
    hostname: watchtower
    environment:
      #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=${SMTP_PORT:-587}
      #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=${SMTP_USER:-smtpuser}
      #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=${SMTP_PASS:-smtppass}
      #- WATCHTOWER_NOTIFICATION_EMAIL_FROM=${SMTP_MAIL_FROM:[email protected]}
      #- WATCHTOWER_NOTIFICATION_EMAIL_TO=${SMTP_MAIL_TO:[email protected]}
      #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=${SMTP_SERVER:-smtp.google.com}
      - WATCHTOWER_HTTP_API_TOKEN=${API_TOKEN:-SecureApiToken}
      #- WATCHTOWER_NOTIFICATIONS=email
      - WATCHTOWER_DEBUG=true
      #- DOCKER_HOST=tcp://socketproxy:2375
      - WATCH_TOWER_HTTP_API_METRICS=true
      #- WATCH_TOWER_HTTP_API_TOKEN="mytoken"
      #new- TZ=$TZ
      - WATCHTOWER_MONITOR_ONLY=false
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_NOTIFICATIONS=shoutrrr
      - WATCHTOWER_NOTIFICATION_URL=telegram://$TELEGRAM_AUTH_TOKEN@telegram?channels=$TELEGRAM_CHAT_ID&parseMode=HTML
      - WATCHTOWER_NOTIFICATION_TEMPLATE=📊🔔⚡️ <b>Server:</b> <code>Update</code>{{println}}{{range .}}{{.Message}}{{println}}{{end}}
      - WATCHTOWER_NOTIFICATION_SKIP_TITLE=true
      - WATCHTOWER_SCHEDULE=0 0 6 * * * # requires a go cron syntax of 6 space-separated fields; see https://containrrr.dev/watchtower/arguments/#scheduling
      #- WATCHTOWER_CLEANUP=true # remove unused images afterwards
    image: nickfedor/watchtower
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.watchtower-http.entrypoints=http"
      - "traefik.http.routers.watchtower-http.middlewares=redir-https"
      - "traefik.http.routers.watchtower-http.rule=Host(`watchtower.linuxpad.blog`)"
      - "traefik.http.routers.watchtower-http.service=noop@internal"
      - "traefik.http.routers.watchtower-https.entrypoints=https"
      - "traefik.http.routers.watchtower-https.tls=true"
      - "traefik.http.routers.watchtower-https.middlewares=gzip"
      - "traefik.http.routers.watchtower-https.rule=Host(`watchtower.linuxpad.blog`)"
      - "traefik.http.services.watchtower-backend.loadbalancer.server.scheme=http"
      - "traefik.http.services.watchtower-backend.loadbalancer.server.port=9080"
      - "traefik.http.routers.watchtower-https.middlewares=authelia@docker"



    restart: always
    #network_mode: "host"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro # Disable for socket proxy
    ports:
      - 9080:8080
    working_dir: /

networks:
  traefik:
    external: true

Finally, create a .env file in addition the compose file and paste this code:

SMTP_PORT=587
[email protected]
SMTP_PASS=secret_passwd
[email protected]
[email protected]
SMTP_SERVER=smtp.google.com
API_TOKEN=My-HTTP-API-Token
DEFAULT_NETWORK="traefik"
#TZ="Europe/Madrid"
TELEGRAM_AUTH_TOKEN="superBotSecret"
TELEGRAM_CHAT_ID="myChatID"

As you can see from the above files, watchtower is using a notification system with the help of telegram bot which gives us regular container updates. This guide does not cover the setup process of telegram bot. You can check that out below:

Bots: An introduction for developers
Bots are small applications that run entirely within the Telegram app. Users interact with bots through flexible interfaces…

Thats it! You should now have watchtower setup in your homelab.