Auto update Docker Containers by setting up Watchtower
Learn how to automatically update all of your running Docker containers by setting up Watchtower with Docker Compose on Docker.
Overview
Set up Watchtower to auto-update running Docker containers to ensure you get the latest features and more importantly any security fixes.
Before you begin
If you've been following the series by now we've spun up several Docker containers to get our NGINX Proxy, Ghost blog, Database and static website up and running. You're probably wondering how am I going to manage all of thisπ€¦ββοΈ.
So far we've got 7 containers up and running doing various tasks all tied into our NGINX Proxy out into the web (All on a $6 Vultr I might add, with room to spare).
So how do you go about managing all of this? luckily someone has thought about that - enter Watchtower which is a tool that automatically watches all of the source images of our containers for future updates and will trigger an update process in our VPS should a newer version of the image we are using run a container become available.
A great example of this is Ghost. Periodically the Ghost development team will release updated features on new versions of the Ghost platform or potential security fixes that we want to install as soon as they become available. Normally this process would rely on you to identify a new release and require you to log in and manually update the container.
Here's a bit of an overview of what we're building:
Watchtower will periodically check other containers to ensure they are up to date.
Folder Structure
First off, let's set up the folder structure - we need a new folder, which I'm going to call 'watchtower'
- The watchtower folder contains the docker-compose.yml folder
Create the required folder structure using the following commands:
mkdir watchtower
cd watchtowerDefining the service with Docker-Compose
Once you've created all the required folders let's jump straight and create the docker-compose.yml file that will allow us to define the service we want to spin up.
nano docker-compose.yml
version: '3.1'
services:
watchtower:
image: v2tec/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
networks:
- proxy
networks:
proxy:
external:
name: nginx-proxy
Yaml file used to deploy the required Watchtower service
let's break this down a bit to understand what we're defining:
- We're using v2tec/watchtower as the docker image
- I've updated the container_name to watchtower just so it's easier for me to keep track of when you list all of the running docker images as part of this tutorial series
- We're attaching the docker container to the proxy network so it can talk to the reverse-proxy to make outbound requests for email alerts
- Optional: If you are interested in getting some sort of indication when containers get updated you can add an environment section to configure the email notification service such as Mailgun.
The below example includes the Watchtower email notification options:
version: '3.1'
services:
watchtower:
image: v2tec/watchtower
container_name: watchtower
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_NOTIFICATION_EMAIL_FROM=REDACTED
- WATCHTOWER_NOTIFICATION_EMAIL_TO=REDACTED
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.mailgun.org
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=REDACTED
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=REDACTED
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
networks:
- proxy
networks:
proxy:
external:
name: nginx-proxyThe YAML File is used to deploy the required service with additional environment variables.
In previous parts of the how to series we've configured .env environment to contain the VIRTUAL_HOST & VIRTUAL_PORT variables. As this container doesn't require a domain we don't need to communicate these items to the NGINX proxy to allow forwarding of traffic.
How to Add Comments to Docker-compose file
If you want to add comments to the docker-compose file simply add a # at the start of the line to designate what comes after it as a comment.
version: '3.1'
# This is a comment in the Docker Compose File!
services:
watchtower:
image: v2tec/watchtower
container_name: watchtower
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_NOTIFICATION_EMAIL_FROM=REDACTED
- WATCHTOWER_NOTIFICATION_EMAIL_TO=REDACTED
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.mailgun.org
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=REDACTED
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=REDACTED
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
networks:
- proxy
networks:
proxy:
external:
name: nginx-proxyThe YAML File is used to deploy the required service with additional environment variables.
You can update the polling period by including a new environment variable called POLL_Interval. Note this is in seconds.
environment:
- WATCHTOWER_POLL_INTERVAL=300Update polling period
Start the two services
let's spin up Watchtower and let it get to work.
sudo docker-compose upAppending -d will detach from the docker logs for the docker-compose.yml file.
sudo docker-compose up -dConfirm the Docker container is now running by using the following command:
docker ps
Conclusion
That's it, The Watchtower container will connect to the docker socket and identify all of the containers and associated images that are being run on our VPS and will periodically check for any updates. If an update is found Watchtower will stop the container and relaunch it with the new image in a matter of seconds, all without you lifting a finger!
