Why Run Watchtower on Synology?
Synology NAS devices running DSM 7.x with Container Manager are popular homelab Docker hosts for services like Plex, Nextcloud, Home Assistant, Vaultwarden, and Portainer. Without watchtower docker synology setup, every image update for these self-hosted services requires SSH sessions and manual docker pull + restart commands.
Installing docker watchtower synology automates all of this — your Synology apps stay current with zero maintenance overhead.
Prerequisites
- Synology NAS with DSM 7.x
- Container Manager (formerly Docker package) installed from Package Center
- SSH enabled on the NAS (Control Panel → Terminal & SNMP)
- Admin or docker-group access
Method 1: Install via SSH (Recommended)
SSH into your Synology and run the standard Docker install command:
# SSH into Synology
ssh admin@192.168.1.x
# Install watchtower docker synology
sudo docker run -d \
--name watchtower \
--restart unless-stopped \
-v /var/run/docker.sock:/var/run/docker.sock \
-e WATCHTOWER_CLEANUP=true \
-e WATCHTOWER_POLL_INTERVAL=21600 \
containrrr/watchtowersudo even for admin users depending on your Docker group configuration. If you get "permission denied", prefix with sudo.Method 2: Docker Compose via SSH
Create a compose file on the NAS:
# Create directory for watchtower config
mkdir -p /volume1/docker/watchtower
cd /volume1/docker/watchtower
# Create docker-compose.yml
cat > docker-compose.yml <<'EOF'
version: "3.8"
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_POLL_INTERVAL=21600
- WATCHTOWER_SCHEDULE=0 0 4 * * *
EOF
# Start watchtower
sudo docker compose up -dMethod 3: Container Manager GUI
Using the Synology Container Manager web interface:
- Open Container Manager from the Synology desktop
- Go to Registry and search for
containrrr/watchtower - Download the latest image
- Go to Container → Create
- Select the watchtower image
- Under Volume, add a bind mount: Host path
/var/run/docker.sock→ Mount path/var/run/docker.sock - Under Environment, add:
WATCHTOWER_CLEANUP=true,WATCHTOWER_POLL_INTERVAL=21600 - Enable Auto Restart
- Click Done
Common Synology Watchtower Issues
Issue: "Permission denied: /var/run/docker.sock"
# Add your user to the docker group
sudo synogroup --add docker $USER
# OR run with sudo explicitlyIssue: Container Manager shows "Unhealthy" after install
Watchtower doesn't have a built-in Docker health check endpoint — "Unhealthy" in Container Manager's UI is cosmetic. Check sudo docker logs watchtower to confirm it's actually running and checking containers.
Issue: Watchtower updates Synology packages unexpectedly
Use the label-exclude method to protect containers you don't want auto-updated:
# Add to any sensitive container
labels:
- "com.centurylinklabs.watchtower.enable=false"Recommended Synology Configuration
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_SCHEDULE=0 0 3 * * * # 3 AM daily
- WATCHTOWER_NOTIFICATIONS=slack
- WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL=https://hooks.slack.com/...Frequently Asked Questions
Yes. Container Manager uses the standard Docker daemon, so Watchtower works identically to any other Linux Docker host. The Docker socket is at /var/run/docker.sock and the Watchtower containrrr/watchtower image runs unchanged.
No. Container Manager is a Synology package, not a Docker container — Watchtower only manages Docker containers. Synology DSM and its packages are updated through the standard DSM update mechanism, not by Watchtower.
Yes. Use the Container Manager GUI method described above. You can deploy Watchtower entirely through the web interface without SSH access, though the SSH + Compose method is recommended for easier configuration management.