Someone recommended it for keeping my containers up to date automatically. I checked out the repo and it seems too good to be true. It just updates your containers when a new image is available and everything just works out of the box? I’m a bit scared of just leaving it alone in case it might break something. The fact that it doesn’t come with a gui also scares me a bit.
Does anyone here use it and can recommend it? Any horror stories?
You must log in or register to comment.
I got my proxmox in production and I’ve installed before whatschtower and just broke me down 4 containers with bad updates so I stoped from using whatschtower…
I would like any services that just notify me about any new docker image update whitout making any updating
I just had a strange issue with Watchtower where it somehow failed to update itself. And it left a running but unhealthy duplicate of itself. Just restarting the old container fixed it. But I guess that’s a risk?
As example, some software pushes out updates that can (and sometimes will) break your setup.
Of course nobody pushes out something like that on purpose to mess with users. But mistakes happen all the time. And even if the dont, some version upgrades require the user to take manual steps, when these are ignored and with something like Watchtower just blindly upgraded, setups can and very likely will break.
Imo its not worth the very short amount of time saved by automatic-updates versus the amount of time it costs to fix such a mess when it occurs.
For example, NPM (Nginx Proxy Manager) had a update months ago that broke many users setups. They of course did warn about this in the changenotes, but i remember people here on sub saying “well damn i used watchtower and it updated npm overnight and i wake up and nothing works anymore, took me hours to figure out the reason and fix it”.
https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.10.0
Yeah I used it, it broke paperless for me. I uninstalled it.
The latest version isn’t always the best version. In a home lab or home network, this is rarely a big problem, but in a production environment, I wouldn’t recommend it.
Normally fine but if you want to be more careful about what is being pushed to your server you can use something like diun to get notifications and run updates manually.
Personally I love dockcheck, which I think is by a guy on the sub. I tend to just run that every now and again and be done with it unless I am notified of a perssing update, although I do still have a couple of things I don’t care too much about just auto update with watchtower.
I am happy in the camp of diun+dockcheck too, they both dont get enough love.
Using an outdated version of a container (including DBs!) that have known vulnerabilities that will be very easy to exploits including by bots, is so much worse than the risk of a container breaking after an update. Just monitor your server properly and you’ll be good