By Akash Jain in QNAP

Installing Watchtower on QNAP


with watchtower, you can automates container updates, ensuring your Docker environment stays secure and up-to-date with any manual work

The Challenge: Why Command Line Access Is Required

While QNAP’s GUI makes it easy to manage containers, installing Watchtower requires one crucial step that cannot be performed through the interface: Binding the Docker socket (-v /var/run/docker.sock).

This binding allows Watchtower to communicate directly with the Docker daemon on your QNAP.   QNAP’s GUI does not let you access the root folders and you only are able to mount shared folders ( /share)  from host to container.  Therefore, command-line access is necessary.

Preparing Your QNAP for Watchtower Installation

Step 1: Enable SSH on QNAP

  1. Log in to your QNAP’s web interface.
  2. Navigate to Control Panel > Network & File Services > Telnet/SSH.
  3. Check the box to enable SSH and ensure the port is set to the default (22) or your preferred port.
  4. Apply the changes.

Step 2: Install an SSH Client

If you’re on:

  • Windows: Download and install putty.
  • Linux/Mac: Use the terminal, as SSH is built-in.

Connect to your QNAP using admin username and password. No other user can login to terminal

Installing Watchtower

With SSH access established, you can now install Watchtower. Run the following Docker command:

docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower
  • -d: Runs Watchtower in detached mode (in the background).
  • --name watchtower: Assigns the name "watchtower" to the container for easier identification.
  • -v /var/run/docker.sock:/var/run/docker.sock: Mounts the Docker socket, allowing Watchtower to communicate with the host Docker daemon.
  • containrrr/watchtower: Specifies the official Watchtower image.

After running the command, Watchtower will start monitoring your containers for updates. That's it , you dont have to use command line again, because you will see your container in your container station GUI after this.

Close Putty and disable SSH

Its important that you go back to Control Panel > Network & File Services > Telnet/SSH, and disable SSH. 

Named volumes are better

Named volumes ensure data persists across container updates. Now if you use the default settings, many times your volumes will be anonymous volumes. That's the reason that we didn't use  --remove-volumes Flag when we ran the docker command. 

Go to any container on QNAP container station, and click on inspect. Look at the mount option and see the name of the volume. If its a long string, it was generated by system and hence was an anonymous volume, is better that you use named volumes.