For those that aren't aware, Docker is a software platform which allows the development and running of applications in a cut-down virtual container. Normal virtualisation programs like VMware, VirtualBox and QEMU allow you to set up virtual machines, with their own operating systems and applications, but each of these VMs have a full operating system for each virtual guest, and the additional applications on top of that. However, Docker and Kubernetes virtualises only the applications, removing the overhead of additional operating systems for each of the virtual guests, and allows you to use only the minimal Docker applications needed to provide your requirements.
For example, if you wanted to run a web service which uses Apache and MySQL database, then you can set up a Docker container with a pre-built Apache / PHP image, connected to another Docker container with a pre-build MySQL database image, and in less that 30 seconds, you have a virtual / containerised LAMP stack. There are already millions of pre-build Docker images (Applications) already available for immediate download from the Internet, your hardest problem is choosing which ones to use; and that's dead easy depending on what you want to achieve.
This guide is everything you need in order to:
- Set up Secure Shell Server (SSH), for remotely managing Synology NAS
- Install / set up Docker package on your Synology NAS or any other computer
- Install / set up Portainer, a web based management tool
- Install / set up Watchtower, automatically update your images and containers
- Install / set up Portainer Agent, to manage additional Docker and./ Kubernetes environments
NOTE: We will set up Portainer to manage multiple Docker environments, however we will not cover Docker Swarms in this guide.
At the time of writing, there are almost 10 million Docker images available for download, and you don't need a user login account in order to access / download them.
Docker Image Search: Docker Hub
NOTE FOR WINDOWS USERS:
- Follow this guide to set up Windows Subsystem for Linux (WSL): Install WSL
- Then download and install the official Docker Desktop client: Install Docker Desktop on Windows
- Where there are any commands throughout this guide, remove "sudo" at the front prior to running on Windows OS.
- Refer to this guide if you need to open network ports on your Windows 11 firewall, so you can access Portainer on port 9443 and 8000.
- Skip through to Part 3
PART 1 - Set up Secure Shell Server (SSH):
1. Turn on SSH server for remote access: Go to "Control Panel" --> "Terminal & SNMP" --> "Terminal" - Select "Enable SSH Service" on port 22, and apply settings
2. For Windows users, download PuTTY: Download and install Putty, which as a Windows compatible SSH client, allowing you to remotely log into your NAS using SSH protocol
Putty Website: Download PuTTY: latest release (0.77)
3. Connect to your Synology NAS using SSH / PuTTY on port 22 (default), using your Synology username and password.
NOTE 1: You can only log in using SSH if you're using an account in the Synology administrators group.
NOTE 2: Even though the account is in the Synology administrators group, the account has basic privileges in the NAS operating system, and you will need to use "sudo" command to undertake several of the steps below, otherwise they won't have the privilege to complete successfully.
For Linux / Ubuntu OS:
sudo apt-get install openssh-server
PART 2 - Install / Set up Docker Package:
We need to connect to your Synology NAS using SSH to run some commands, and also setting up a dedicated user on your Synology so we can allow the Docker containers to access to the files on the Synology storage shares - we don't want the Docker application to run with Administrator privileges, so this will just be a basic user for file access.
1. To install Docker, open "Package Center", then search for "Docker" - In the results below, locate and install the Docker package.
2. During installation, chose the Storage Volume to install Docker, this will mostly likely be "Volume 1".
3. Start the Docker program after the installation is complete.
4. Docker should now be available in the Synology "Main Menu", click it to open the application to check it is available and running.
5. A shared folder called "docker" was create during installation, open "File Station" to check there is a new "docker" share.
6. Next, open "Control Packer" --> "User & Group", and select "Create" a new user account.
|Description:||Docker Service Account|
|Password:||Something very long, you'll never log in with this account|
|Disallow password change:||Ticked|
|Join Groups:||Accept defaults|
|Folder Permissions:||User Read/Write for "docker" Shared Folder|
|Assign User Quota:||Accept defaults|
|Application Permissions:||Accept defaults|
|User Speed Limits:||Accept defaults|
8. If you are using this guide to set up Docker / Portainer on a Linux distribution (Ubuntu / Debian etc), then run the following commands at the CLI to set up a dedicated "docker" system user account and install Docker on Linux:
For Linux / Ubuntu OS - Set up "docker" user and install Docker (Not for Synology users):
sudo addgroup --system docker sudo adduser --system --no-create-home --ingroup docker docker sudo usermod -G docker -a `whoami` sudo apt-get install docker docker.io docker-compose
9. Use the following command to find the Docker Document Root - where images and containers will be stored; Docker will self manage this section, do not change.
sudo docker info | grep -i dir
|Synology Default App Dir:||/volume1/@docker (Assuming Docker is on Volume 1)|
|Linux / Ubuntu Default App Dir:||/var/lib/docker|
10. Some Docker images need to be run with User or Group ID of your docker user (PUID= PGID=), use the following command to identify the UID and GID of your new Docker user account:
sudo id docker uid=1010(docker) gid=100(users) groups=100(users)
Therefore, your PUID=1010 and PGID=100
NOTE: PUID / PGID will vary from system to system, you can't use Docker configurations from the Internet and expect them to work, unless you adjust the PUID / PGID values to match your system.
PART 3 - Install / Set up Portainer:
Reference: Docker Standalone - Portainer Documentation
Ask any Synology user that has used Docker already on their NAS, and they'll all tell you how very limited the management portal is. It can't load docker-compose files, it won't allow you to use file paths outside the presented scope, and its limited when trying to map ports and volumes.. i.e. the docker socket can't be mapped.
The best way to use Docker on Synology, is to install the Docker package, install a web based management tool such as Portainer, and never log back into your Synology for Docker again - Portainer will allow you to use the full power of Docker, without the shortfalls of the Synology Docker tool.
To install and setup Portainer, you will need to SSH into your Synology as discussed in PART 1, and run the following commands manually. We only want to log into SSH and run sudo commands very rarely, as we have potential to make a mess of the Synology OS if you don't know what you're doing - so we'll only do the basics via SSH, then continue management via the web portal once Portainer is installed.
1. Use the following command to set up a persistent configuration / data folder for Portainer, and make the "docker" user the owner of the files.
sudo mkdir -p /volume1/docker/portainer sudo chown -R docker /volume1/docker/*
Linux / Ubuntu OS:
sudo mkdir -p /opt/docker/portainer sudo chown -R docker /opt/docker
Windows OS WLS:
2. There are two versions of Portainer images which can be used to manage your Docker environment:
- "portainer-ce" - Community Edition (Free, but limited to one Docker environment)
- "portainer-ee" - Business Edition (Can manage up to five Docker nodes and has more features)
My personal choice is to run portainer-ee Business Edition by registering a free account; they will immediately email you a license to active Business Edition.
Register for free Portainer Business Edition at Docker and Kubernetes Management | Portainer
3. Cut and paste the following code and run it in your SSH / Powershell sessions. You will need to change "portainer-ce" to "portainer-ee" if you plan on using the Business Edition. FYI - It can be changed / updated at a later time.
sudo docker run -d \ --name portainer \ --restart=always \ -p 8000:8000 \ -p 9443:9443 \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /volume1/docker/portainer:/data \ portainer/portainer-ce:latest
Linux / Ubuntu OS:
sudo docker run -d \ --name portainer \ --restart=always \ -p 8000:8000 \ -p 9443:9443 \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /opt/docker/portainer:/data \ portainer/portainer-ce:latest
Windows OS (PowerShell):
docker run -d --name portainer --restart=always -p 8000:8000 -p 9443:9443 -v /var/run/docker.sock:/var/run/docker.sock -v D:\Docker\portainer:/data portainer/portainer-ce:latest
4. If you make an error during install or need to remove Portainer, you can run the following commands at the SSH prompt. As the Portainer image is set up with a mounted data directory (/volume1/docker/portainer), you can delete the Portainer container and re-create it, and the running configuration will remain persistent across different re-installations of the same container. However, you can reset the running configuration of Portainer by emptying the contents of the /volume1/docker/portainer or directory and restarting the container.
sudo docker container stop portainer sudo docker container rm portainer sudo docker image prune
5. If you want to connect to Portainer on a different network port than 9443, then change the first port number in the line below.. For example, to connect using port 12445. The second port number is the port being used inside the Portainer Docker image and cannot be changed without the developer rebuilding the image, however it does not affect traffic on the local network, so it should not be adjusted. Docker will pass all network traffic on port 12445 through to the internal container port of 9443 automatically.
-p 12445:9443 \
6. Open Portainer at https://DiskStation:9443/ or https://DiskStation:12445/ if you have changed the port
7. Create a Portainer login account, and then log into the WebUI Portal
8. If you registered to use the free Portainer Business Edition - enter the license code they emailed you on this page, and then submit
9. On the Quick Start - Environment Wizard page, select "Get Started" to connect to the local Docker service running on the Synology NAS
10. Then click on the "Local" environment to access the Synology Docker service
11. In the left menu, go to "Settings", then "Environments" - Click on "Local" on the right hand side
|Public IP:||Network IP Address or resolvable hostname|
12. Select "Update Environment"
PART 4 - Install / Set up Watchtower
Watchtower is an application that will monitor your running Docker containers and watch for changes to the images that those containers are running. If watchtower detects that an image has changed, it will automatically download the image, update the container, and restart the container with the original build configuration used to originally set up the container.
1. Go to Portainer Web Portal: https://DiskStation:9443/
2. Select the Synology Environment discussed in PART 3 above
3. In the left menu, select "Stacks", then "Add Stack" on right of screen
4. In the "Name" field, use: watchtower
5. In the "Web Editor", copy and paste the code below:
version: "3.5" services: watchtower: image: containrrr/watchtower:latest container_name: watchtower restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - WATCHTOWER_CLEANUP=true - WATCHTOWER_INCLUDE_RESTARTING=true - WATCHTOWER_INCLUDE_STOPPED=true - WATCHTOWER_REVIVE_STOPPED=false - WATCHTOWER_NO_RESTART=false - WATCHTOWER_TIMEOUT=30s - WATCHTOWER_SCHEDULE=0 0 4 * * * - WATCHTOWER_DEBUG=false - TZ=Australia/Brisbane network_mode: bridge
6. For "Enable access control:" Disable if not using role based access with Portainer portal.
7. Select "Deploy The Stack" - this will download the image, create the container, and set up the cron in your chosen time zone.
8. If you select "Containers", you will now see Watchtower listed with all the other Docker containers installed on the system - Portainer.
9. To set the correct time zone for yourself, refer to the Time Zone Database Name at the following link:
Time Zone Database Name: List of tz database time zones - Wikipedia
NOTE: The code above is actually a docker-compose.yaml configuration file in YAML format. Docker takes configuration commands via the CLI, or docker-compose YAML files can be used to configure Docker with much more complex setups. Portainer allows docker-compose configurations to be uploaded as files, or cut and pasted into the web editor for easy setup.
PART 5 - Install / Set up Portainer Agent:
Reference: Portainer Agent: Docker Standalone - Portainer Documentation
If you installed the free Portainer Business Edition and have additional computers running Docker, then you can install the Portainer Agent in the other Docker systems, and link them up to your Synology Portainer, and manage them all from a central portal.
1. To install Docker on Linux (Ubuntu / Debian etc...) systems, run the follow command at the CLI:
sudo apt-get install docker docker.io docker-compose
2. If Docker is installed on a new system, run the following command to install the Portainer Agent on this system:
Linux / Ubuntu OS:
sudo docker run -d \ --name portainer_agent \ --restart=always \ -p 9001:9001 \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/lib/docker/volumes:/var/lib/docker/volumes \ portainer/agent:latest
3. If you're running the Portainer Agent on another Synology Docker system, then the volumes will be different to above, and you will need to change the following line:
-v /var/lib/docker/volumes:/var/lib/docker/volumes \
-v /volume1/@docker/volumes:/var/lib/docker/volumes \
4. If you are uncertain which system you have, use the following command to locate the Docker Application Dir:
sudo docker info | grep -i dir
5. Log into Portainer on your main Synology NAS which has the first Portainer Portal:
Portainer Portal https://DiskStation:9443/
6. On the left hand menu, go to "Environments", then "Add Environment" on the right hand side.
7. On the "Quick Setup - Environment Wizard" page, select "Docker" then "Start Wizard".
8. Ignore the Agent, API, Socket or Edge Agent configurations, just fill in the following fields:
|Name:||docker-agent1 (or suitable name)|
|Environment Address:||Network IP Address or resolvable hostname (with port 9001)|
9. Press "Connect".
10. Click the "Portainer.IO" icon on top left and go to the home page, both Synology and the new Docker environments should be listed.
11. Select the new Docker environment in the list of environments.
12. On the left hand menu, go to "Environments" and select the new environment, and add the Public IP or Resolvable Hostname into the settings, and select "Update Environment".
13. Follow the steps in PART 4, to install Watchtower on this environment as well, so both environments automatically update the images and containers.
Now Start Using Your Docker Environments for Something!
Portainer 101 - How to deploy a container on Docker using Portainer
- Related resources
- Portainer Server: Docker Standalone - Portainer Documentation
Portainer Agent: Docker Standalone - Portainer Documentation
Portainer Docker-Compose: Stacks = docker-compose, the Portainer way
Portainer 101 - Deploying Containers:
Watchtower Options: Arguments - Watchtower
Open network ports on your Windows 11 firewall: