Watchtower Docker on Proxmox — LXC & VM Auto-Updates 2026

Q: Can I run Watchtower directly on Proxmox VE?

Proxmox VE itself does not run Docker — Docker containers must run inside LXC containers (with nesting enabled) or inside VMs running a Linux OS. Watchtower runs inside these guest environments, not on the Proxmox host itself. The setup is identical to any standard Linux Docker host once Docker is installed in the LXC or VM.

Q: What is the best way to run Docker on Proxmox?

The two main approaches are: (1) LXC container with nesting enabled — lighter weight, shares Proxmox kernel, great for homelab. (2) VM running Ubuntu/Debian — full isolation, better compatibility with Docker's requirements, recommended for production. For Watchtower on Proxmox, both approaches work identically once Docker is installed.

Q: How do I install Docker in a Proxmox LXC container?

Create an LXC container with a Debian/Ubuntu template, enable nesting in the container options (Features → Nesting = enabled), then install Docker with the standard install script: curl -fsSL https://get.docker.com | sh. After installation, Watchtower can be added using the same docker run command as any Linux host.

Docker on Proxmox — Architecture Overview

Understanding where Watchtower Docker Proxmox runs requires understanding Proxmox's architecture:

Proxmox VE host: The hypervisor OS — runs LXC containers and KVM VMs. Does not run Docker natively (not recommended).
LXC container: Lightweight Linux container running on PVE. Can run Docker with nesting enabled. Shares the PVE kernel.
VM (KVM): Full virtual machine with its own kernel. Runs Docker normally like any Linux server. Full isolation.

Watchtower runs inside whichever guest you use for Docker — not on the Proxmox host itself.

Option 1: Docker in Proxmox LXC (Recommended for Homelab)

LXC containers are the most resource-efficient way to run Docker on Proxmox. Setup:

Step 1: Create an LXC container with nesting enabled

# In Proxmox WebUI:
# 1. Create CT → Select template (Debian 12 or Ubuntu 22.04)
# 2. Set reasonable resources: 2 cores, 2GB RAM, 20GB disk
# 3. IMPORTANT: In "Features" tab, enable:
#    - Nesting: ✓ (required for Docker in LXC)
#    - keyctl: ✓ (recommended)
# 4. Create the container and start it

Step 2: Install Docker inside the LXC

# SSH or use Proxmox console → open the LXC shell
# Install Docker using the official script:
curl -fsSL https://get.docker.com | sh

# Add your user to docker group
usermod -aG docker $USER

# Verify Docker is running
docker --version
docker run hello-world

Step 3: Install Watchtower

# Inside the LXC container (where Docker is running):
docker run -d \
  --name watchtower \
  --restart unless-stopped \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /etc/localtime:/etc/localtime:ro \
  -e WATCHTOWER_CLEANUP=true \
  -e WATCHTOWER_SCHEDULE="0 0 4 * * *" \
  containrrr/watchtower

# Verify Watchtower is running
docker logs watchtower

Option 2: Docker in a Proxmox VM (Recommended for Production)

For production workloads or when you need full kernel isolation, run Docker inside a VM:

# Create a VM in Proxmox with:
# - Ubuntu 22.04 LTS or Debian 12 ISO
# - 2+ cores, 4GB+ RAM (adjust for your workload)
# - Standard VirtIO disk and network

# After VM is running, install Docker:
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
newgrp docker

# Install Watchtower (identical to any Linux host):
docker run -d \
  --name watchtower \
  --restart unless-stopped \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e WATCHTOWER_CLEANUP=true \
  -e WATCHTOWER_SCHEDULE="0 0 4 * * *" \
  containrrr/watchtower

Docker Compose Setup on Proxmox

# docker-compose.yml inside your LXC/VM:
version: "3.8"
services:
  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    environment:
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_SCHEDULE=0 0 4 * * *
      - WATCHTOWER_ROLLING_RESTART=true
      - WATCHTOWER_NOTIFICATION_URL=slack://TOKEN@CHANNEL

# Deploy:
# docker compose up -d

Using tteck's Proxmox Helper Scripts

The popular tteck Proxmox Helper Scripts (community-maintained) include a Docker LXC template that sets up Docker with proper nesting configuration automatically:

# Run on Proxmox host shell:
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/docker.sh)"

# This creates a pre-configured LXC with:
# - Debian 12 base
# - Docker + Docker Compose installed
# - Nesting properly enabled
# - Portainer (optional)

# After the script completes, SSH into the new LXC and install Watchtower:
docker run -d \
  --name watchtower \
  --restart unless-stopped \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e WATCHTOWER_CLEANUP=true \
  containrrr/watchtower

Managing Multiple LXC/VMs with Watchtower

In a Proxmox environment you might have Docker running across multiple LXC containers or VMs — one for media, one for home automation, one for dev work. Each needs its own Watchtower instance:

# Each Docker environment gets its own Watchtower:
# LXC 100 (media stack): watchtower with Plex/Jellyfin/Sonarr/Radarr
# LXC 101 (automation): watchtower with Home Assistant/n8n
# LXC 102 (services): watchtower with Vaultwarden/Nextcloud

# Use WATCHTOWER_NOTIFICATION_TITLE_TAG to distinguish in notifications:
-e WATCHTOWER_NOTIFICATION_TITLE_TAG=media-lxc   # On LXC 100
-e WATCHTOWER_NOTIFICATION_TITLE_TAG=automation  # On LXC 101
-e WATCHTOWER_NOTIFICATION_TITLE_TAG=services    # On LXC 102

Common Proxmox Watchtower Issues

Issue: Docker fails to start in LXC

# If you see "failed to create new cgroup" or similar errors:
# Fix: Ensure nesting is enabled in the LXC container options
# Proxmox WebUI → LXC container → Options → Features → Nesting: ✓

# For Debian/Ubuntu LXC, also add to /etc/pve/lxc/CTID.conf:
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

Issue: Watchtower cannot access Docker socket

# Check socket exists inside the LXC:
ls -la /var/run/docker.sock

# Check Docker daemon is running:
systemctl status docker

# If Docker daemon is not running:
systemctl enable --now docker

Frequently Asked Questions

Can I run Watchtower directly on Proxmox VE?

Not directly on the PVE host — Docker containers must run inside LXC containers (with nesting enabled) or VMs. Watchtower runs inside these guest environments. The PVE host is a hypervisor and should not run application workloads like Docker directly.

What is the best way to run Docker on Proxmox?

For homelab use, an LXC container with nesting enabled is the most resource-efficient approach. For production or when you need better compatibility, a VM running Ubuntu or Debian provides full isolation. Either way, Watchtower configuration is identical once Docker is installed in the guest.

How do I install Docker in a Proxmox LXC container?

Create an LXC with a Debian or Ubuntu template, enable Nesting in the Features tab, then run curl -fsSL https://get.docker.com | sh inside the LXC. Alternatively, use tteck's Proxmox helper scripts which automate the entire Docker LXC setup including proper nesting configuration.

Marcus Carter

Platform Engineer · Proxmox VE homelab architect

Marcus runs a 3-node Proxmox cluster with 40+ LXC containers and VMs, all managed with Docker and Watchtower. He contributes to the Proxmox community forums and the tteck helper scripts project.