- cross-posted to:
- docker
- [email protected]
- cross-posted to:
- docker
- [email protected]
cross-posted from: https://lemmy.world/post/26728988
Hi - I’m rebuilding my homelab and want to give docker compose another try. It looks like Watchtower is years out of date now. I see two forks that look more promising per https://techgaun.github.io/active-forks/index.html#https://github.com/containrrr/watchtower
These two: https://github.com/beatkind/watchtower https://github.com/nicholas-fedor/watchtower
The former seems to have more activity. What are you all using?
You must log in or register to comment.
Those of you self hosters who use watchtower, what’s your use case?
I only let me notify about updates. I don’t want autoupdates, because some projects may have breaking changes (looking at you Immich 😁)
I get a message from watchtower over Gotify and then I can read the changelog
I’ve been thinking about this. Can you do that with watchtower? Don’t need diem or anything?
It is very easy. Here is my compose:
services: watchtower: image: containrrr/watchtower container_name: watchtower restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock - /etc/localtime:/etc/localtime:ro command: --interval 10800 logging: driver: local environment: WATCHTOWER_NOTIFICATION_URL: gotify:// WATCHTOWER_NOTIFICATIONS_HOSTNAME: Fancy name WATCHTOWER_MONITOR_ONLY: true WATCHTOWER_WARN_ON_HEAD_FAILURE: neverEvery 3 hours it will check for updates, send a message via Gotify and pull the new images. It will not restart the containers with the new images.
Automatic updates. Works like a dream. Depending on what you are running it can obviously cause issues, either server side breaking or server,client communication issues
ADHD and not technical by trade so it’s not in my DNA to remember
The first one also has better code coverage and way more pulls on Docker Hub.
Years out of date
What problems does it have? Never ran into an issue for my usecase.
I don’t know. Last time I used it was maintained. Seems like a security vulnerability running something this critical out of date, no?
Just because there is no update does not mean there are security vulnerabilities to worry about, or do you have a specific one that is not fixed?
The attack vector seems very narrow to me. It checks the container registry downloads the containers and runs some docker commands.
It has no interface, so in order to attack it you either have to compromise the container registry (but then it would be easier to compromise the containers you download) the secure connection used to download the containers (https is quite stable) or something on the server side.
Also the project does not really look that abundant to me.
EDIT: So i have not checked this, but watchtower is probably using docker for most steps anyway? So basically the only thing that could be attacked is via the notifications watchtower is sending?
Use renovate instead, it supports dockerfiles.
