Auto update Docker Containers by setting up Watchtower

Learn how to automatically update all of your running Docker containers by setting up Watchtower with Docker Compose on Docker.

Auto update Docker Containers by setting up Watchtower

Overview

Setup Watchtower to auto update running Docker containers to ensure you get the latest features and more importantly any security fixes.

Before you begin

This article is part of a series, to see the overview of the series click here

If you've been following the series by now we've spun up a number of Docker containers to get our NGINX Proxy, Ghost blog, Database and static website up and running. You're probably wondering how am I going to manage all of this🤦‍♂️.

So far we've got 7 containers up and running doing varies tasks all tied into our NGINX Proxy out in to the web (All on a $6 Vultr VPS I might add, with room to spare).

Docker stats output showing server utilisation of resources for docker containers
Docker stats lists all the running containers

So how do you go about managing all of this? luckily someone has thought about that - enter Watchtower which is a tool that automatically watches all of the source images of our containers for future updates and will trigger an update process in our VPS should a newer version of the image we are using to run a container become available.

A great example of this is Ghost. Periodically the Ghost development team will release updates features on new versions of the Ghost platform or potential security fixes that we want to install as soon as they become available. Normally this process would rely on yourself to identify a new release and require you to login and manually update the container.  

Here's a bit of an overview of what we're building:

Watchtower will periodically check other containers to ensure they are up to date.

Architecture showing watchtower monitoring for image updates on all other containers
WatchTower will watch all of our running containers in the architecture

Folder Structure

First off, lets setup the folder structure - we need a new folder, which I'm going to call 'watchtower

  • The watchtower folder contains the docker-compose.yml folder

Create the required folder structure using the following commands:

mkdir watchtower
cd watchtower

Defining the service with Docker-Compose

Once you've created all the required folders lets jump straight and create our docker-compose.yml file that will allow us to define the service we want to spin up.

nano docker-compose.yml
version: '3.1'

services:
  watchtower:
    image: v2tec/watchtower
    container_name: watchtower
    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
    restart: always
    networks:
      - proxy

networks:
  proxy:
    external:
      name: nginx-proxy

let's break down this down a bit to understand what we're defining:

  • We're using v2tec/watchtower as the docker image
  • I've updated the container_name to watchtower just so it's easier for me to keep track of when you list all of the running docker images as part of this tutorial series
  • We're attaching the docker container to the proxy network so it can talk to the reverse-proxy to make outbound requests for email alerts
  • Optional: If you are interested in getting some sort of indication when containers get updated you can add a environment section to configure the email notification service such as Mailgun.

The below example includes the Watchtower email notification options:

version: '3.1'

services:
  watchtower:
    image: v2tec/watchtower
    container_name: watchtower
    environment:
        - WATCHTOWER_NOTIFICATIONS=email
        - WATCHTOWER_NOTIFICATION_EMAIL_FROM=REDACTED
        - WATCHTOWER_NOTIFICATION_EMAIL_TO=REDACTED
        - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.mailgun.org
        - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
        - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=REDACTED
        - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=REDACTED
    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
    restart: always
    networks:
      - proxy

networks:
  proxy:
    external:
      name: nginx-proxy
In previous parts of the how to series we've configured .env environment to contain the VIRTUAL_HOST & VIRTUAL_PORT variables. As this container doesn't require a domain we don't need to communicate these items to the NGINX proxy to allow forwarding of traffic.

Start the two services

let's spin up Watchtower and let it get to work.

sudo docker-compose up

Appending -d will detach from the docker logs for the docker-compose.yml file.

sudo docker-compose up -d

Confirm the Docker container is now running by using the following command:

docker ps
Docker stats showing the watchtower container has launched
Docker stats shows that the Watchtower container has launched

Conclusion

That's it, The Watchtower container will connect into the docker socket and identify all of the containers and associated images that are being run on our VPS and will periodically check for any updates. If an update is found Watchtower will stop the container and relaunch it with the new image in a matter of seconds, all without you lifting a finger!


Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Alex Gallacher
Great! Next, complete checkout for full access to Alex Gallacher
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.