Watchtower
What is it?
Watchtower automatically updates running Docker containers to the latest image from their registry. It checks on a schedule, pulls newer images, and (optionally) restarts containers—cleaning up old images along the way.
Why I use it
- Keeps utility containers up-to-date with zero effort
- Scheduled updates during quiet hours
- Handles image cleanup so disk doesn’t fill with old layers
Deploy with Portainer (Web editor)
Stacks → Add stack → Web editor → paste → Deploy.
Links
- GitHub: https://github.com/containrrr/watchtower
- Docs: https://containrrr.dev/watchtower/
- Docker Hub:
containrrr/watchtower
version: "3.8"
services:
watchtower:
image: containrrr/watchtower:latest
container_name: watchtower
hostname: watchtower
mem_limit: 512m
mem_reservation: 128m
cpu_shares: 512
security_opt:
- no-new-privileges:true
read_only: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
TZ: "Europe/London"
WATCHTOWER_CLEANUP: "true" # Remove old images after updating
WATCHTOWER_REMOVE_VOLUMES: "false" # Don’t remove attached volumes
WATCHTOWER_INCLUDE_RESTARTING: "true" # Restart containers after update
WATCHTOWER_INCLUDE_STOPPED: "false" # Skip stopped containers
WATCHTOWER_SCHEDULE: "0 0 4 * * *" # Run daily at 04:00
WATCHTOWER_LABEL_ENABLE: "false" # Update ALL containers (ignore labels)
WATCHTOWER_ROLLING_RESTART: "true"
WATCHTOWER_TIMEOUT: "30s"
WATCHTOWER_LOG_FORMAT: "pretty"
restart: unless-stopped
networks:
- homelab
networks:
homelab:
external: true