From utilities designed to boost your creativity and productivity to media apps for organizing your documents, images, movies, and game collections, self-hosted services have become pretty diverse these days. In fact, the container ecosystem has grown so much that you’ll find dedicated apps (and even platforms) created specifically to help you manage, maintain, and troubleshoot other home lab utilities.
Take Watchtower, for example. As someone who’s always on the prowl for cool services, Watchtower has caught my eye a couple of times in the past. But as my collection of Docker containers started to blossom out of control, I had to…
From utilities designed to boost your creativity and productivity to media apps for organizing your documents, images, movies, and game collections, self-hosted services have become pretty diverse these days. In fact, the container ecosystem has grown so much that you’ll find dedicated apps (and even platforms) created specifically to help you manage, maintain, and troubleshoot other home lab utilities.
Take Watchtower, for example. As someone who’s always on the prowl for cool services, Watchtower has caught my eye a couple of times in the past. But as my collection of Docker containers started to blossom out of control, I had to find a way to automate the container updation process. Although Watchtower isn’t an all-powerful tool that can update my entire service stack without fail, it works well for the most part – especially once I properly configured it with some environment labels.
Updating containers is rather cumbersome
The conventional method is far too slow
Contrary to the simple updation process of virtual machines, getting containers up to date can feel like a job and a half. Rather than just running update and upgrade commands or clicking a couple of buttons, you’ll have to update the underlying image of your containers. Once you’ve shut down your Docker container, the conventional method involves destroying the existing instance and pulling the latest version of its image. After that, you’ll have to spin up a new container using this image.
Of course, the data saved by your Docker environment over the course of its lifetime will remain unharmed. But the entire process is rather tedious for a single container. Now, imagine doing that for dozens of Docker containers. Heck, considering that most of the popular container images get new versions uploaded almost daily, you can see why I dread updating my Docker environments manually.
Watchtower makes this process a cakewalk
And it’s fairly easy to deploy
Automation tools are some of the most QoL-enhancing utilities you can arm your self-hosting rig with, and Watchtower is an absolute must when you’re as deep into the tinkering rabbit hole as I am. Once you deploy Watchtower (as its own container, no less), it connects with the Docker socket and begins scanning for new images for every single container running on your machine. After that, it performs the whole updation process without requiring a single terminal command besides the initial docker run (or docker-compose up, if you prefer the YAML config route).
The best part? Unlike Ansible, Terraform, and other popular automation services, Watchtower is extremely easy to get up and running. All you have to do is paste the following command into the terminal, and voila, Watchtower will start working its magic.
docker run -d \--name watchtower \-v /var/run/docker.sock:/var/run/docker.sock \containrrr/watchtower
Alternatively, if you prefer using Compose files, you can simply create a new docker-compose.yml file, write this code inside it, and use docker-compose up to deploy an instance of Watchtower:
version: "3"services: watchtower: image: containrrr/watchtower volumes: - /var/run/docker.sock:/var/run/docker.sock
Personally, I prefer using the latter method, as it lets me fine-tune my Watchtower instance for any new containers I may deploy in the future. And trust me, you’ll want to make some adjustments to Watchtower’s operations…
But automatic updates can break containers
That’s where certain environment variables come in handy
If you think Windows updates are buggy, you’ll want to take a look at the container ecosystem. With Watchtower pulling new images regularly, you’re bound to run into a broken one every now and then. Since broken images can cause the container to stop functioning, you won’t know about a faulty image until Watchtower unknowingly updates the container and causes it to get stuck in a perpetual startup loop. To make matters worse, I run Pi-hole, Authentik, and a handful of network services as Docker containers, and a broken update could cause my entire home lab operations to get disrupted.
Luckily, Watchtower includes a couple of neat environment variables that can avert this situation entirely – and I often tinker with its Compose file whenever I add new Docker containers to my self-hosting rig. For my network stack, I’ve added the* - WATCHTOWER_DISABLE_CONTAINERS= *argument followed by the services I don’t wish Watchtower to monitor inside the environment section.
Likewise, I’ve got a couple of applications that, despite not interrupting other services, can be bothersome should they go down. Jellyfin, Vaultwarden, Firefly III, and Immich are some services my family uses as well, and I’d rather not troubleshoot faulty instances in the middle of the night. Since I’ve got different VMs and even bare-metal systems running all my services, I tend to add - WATCHTOWER_MONITOR_ONLY=true to the environment section on every machine that runs important services. That way, Watchtower will ping me about the updates instead of automatically pulling them, breaking my containers, and forcing me to don my troubleshooting hat when my family heads to my room with pitchforks and torches.
Although Watchtower can send notifications to Slack and SMTP servers, I prefer using a self-hosted Gotify instance to receive all alerts. Connecting Gotify with Watchtower is pretty simple as well, as I simply added the following code (with my own URL and Token values, of course) inside the environment section:
- WATCHTOWER_NOTIFICATIONS=gotify- WATCHTOWER_NOTIFICATION_GOTIFY_URL=http://IP_Address_of_Gotify_server- WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=Gotify_Secret
Remember to customize Watchtower once you set it up
Despite being really easy to configure, Watchtower needs some environment variables to ensure it doesn’t pull broken images accidentally. There’s also the fact that the official image was last updated in November 2024, so we probably won’t receive new feature updates anytime soon. On the security front, Watchtower connects with the Docker socket, which cna make your self-hosting rig more vulnerable.
Me? I’ve already hardened my home lab, and while I do prefer to run up-to-date apps, the “latest” version of Watchtower is more than enough for updating my container arsenal.