Watchtower: Keep Your Docker Containers Updated Automatically!

by

What’s New Andrew

Are you tired of manually updating your Linux servers and Docker containers? In this video, we’ll show you how to automate the process with Watchtower and unattended upgrades! Learn how to keep your servers secure with automatic Linux updates and ensure your Docker containers are always running the latest versions—all without lifting a finger. Whether you’re managing a homelab or cloud servers, these simple steps will save you time and keep your infrastructure up-to-date. Stick around to see how easy it is, and don’t forget to subscribe for more tech tutorials!

The following commands were used and can be copied and pasted for use in your setup.

Watchtower

Watchtower Docker Compose example file:

services:
  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      WATCHTOWER_CLEANUP: false 
      WATCHTOWER_INCLUDE_STOPPED: true
      WATCHTOWER_INCLUDE_RESTARTING: true
      TZ: America/Chicago
      WATCHTOWER_ROLLING_RESTART: true
      WATCHTOWER_SCHEDULE: "0 0 6 * * *"
      #WATCHTOWER_POLL_INTERVAL: 86400 # Interval in seconds.  Default is 86400 (24 hours) 
    restart: always

If you prefer to use the command line, the following Watchtower Docker Command is straight from the Watchtower GitHub repo:

$ docker run --detach \
    --name watchtower \
    --volume /var/run/docker.sock:/var/run/docker.sock \
    containrrr/watchtower

If you have a container that you do NOT want to auto-update with Watchtower, simply add the following label to your docker compose file for that container (not the Watchtower container):

    labels:
      - com.centurylinklabs.watchtower.enable = "false"

Linux Unattended Upgrades

To set up unattended upgrades in your Linux server you can issue the following command: 

apt install unattended-upgrades && systemctl enable --now unattended-upgrades

Back up the initial config file in case you need to restore it due to issues with the changes you make:

cp /etc/apt/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades.BACKUP

Edit the configuration file as shown in the video and make sure all security update lines are un-commented (no // in front of them)

nano /etc/apt/apt.conf.d/50unattended-upgrades

Now you can sit back, relax, and let your machines do the work for you!