Ultimate Starter - Docker, Portainer, Portainer Agents, and Auto-Updating Everything with Watchtower

Tutorial Ultimate Starter - Docker, Portainer, Portainer Agents, and Auto-Updating Everything with Watchtower

This guide will help you set up Docker on your Synology NAS, or any other server / desktop you want to run it on, so you can manage your containerised applications and keep them updated automatically.

For those that aren't aware, Docker is a software platform which allows the development and running of applications in a cut-down virtual container. Normal virtualisation programs like VMware, VirtualBox and QEMU allow you to set up virtual machines, with their own operating systems and applications, but each of these VMs have a full operating system for each virtual guest, and the additional applications on top of that. However, Docker and Kubernetes virtualises only the applications, removing the overhead of additional operating systems for each of the virtual guests, and allows you to use only the minimal Docker applications needed to provide your requirements.

For example, if you wanted to run a web service which uses Apache and MySQL database, then you can set up a Docker container with a pre-built Apache / PHP image, connected to another Docker container with a pre-build MySQL database image, and in less that 30 seconds, you have a virtual / containerised LAMP stack. There are already millions of pre-build Docker images (Applications) already available for immediate download from the Internet, your hardest problem is choosing which ones to use; and that's dead easy depending on what you want to achieve.

This guide is everything you need in order to:

  • Set up Secure Shell Server (SSH), for remotely managing Synology NAS
  • Install / set up Docker package on your Synology NAS or any other computer
  • Install / set up Portainer, a web based management tool
  • Install / set up Watchtower, automatically update your images and containers
  • Install / set up Portainer Agent, to manage additional Docker and./ Kubernetes environments

NOTE: We will set up Portainer to manage multiple Docker environments, however we will not cover Docker Swarms in this guide.

At the time of writing, there are almost 10 million Docker images available for download, and you don't need a user login account in order to access / download them.

Docker Image Search: Docker Hub

  • Follow this guide to set up Windows Subsystem for Linux (WSL): Install WSL
  • Then download and install the official Docker Desktop client: Install Docker Desktop on Windows
  • Where there are any commands throughout this guide, remove "sudo" at the front prior to running on Windows OS.
  • Refer to this guide if you need to open network ports on your Windows 11 firewall, so you can access Portainer on port 9443 and 8000.
  • Skip through to Part 3

PART 1 - Set up Secure Shell Server (SSH):

1. Turn on SSH server for remote access: Go to "Control Panel" --> "Terminal & SNMP" --> "Terminal" - Select "Enable SSH Service" on port 22, and apply settings

2. For Windows users, download PuTTY: Download and install Putty, which as a Windows compatible SSH client, allowing you to remotely log into your NAS using SSH protocol

Putty Website: Download PuTTY: latest release (0.77)

3. Connect to your Synology NAS using SSH / PuTTY on port 22 (default), using your Synology username and password.

NOTE 1: You can only log in using SSH if you're using an account in the Synology administrators group.

NOTE 2: Even though the account is in the Synology administrators group, the account has basic privileges in the NAS operating system, and you will need to use "sudo" command to undertake several of the steps below, otherwise they won't have the privilege to complete successfully.

For Linux / Ubuntu OS:
sudo apt-get install openssh-server

PART 2 - Install / Set up Docker Package:

We need to connect to your Synology NAS using SSH to run some commands, and also setting up a dedicated user on your Synology so we can allow the Docker containers to access to the files on the Synology storage shares - we don't want the Docker application to run with Administrator privileges, so this will just be a basic user for file access.

1. To install Docker, open "Package Center", then search for "Docker" - In the results below, locate and install the Docker package.

2. During installation, chose the Storage Volume to install Docker, this will mostly likely be "Volume 1".

3. Start the Docker program after the installation is complete.

4. Docker should now be available in the Synology "Main Menu", click it to open the application to check it is available and running.

5. A shared folder called "docker" was create during installation, open "File Station" to check there is a new "docker" share.

6. Next, open "Control Packer" --> "User & Group", and select "Create" a new user account.

Description:Docker Service Account
Password:Something very long, you'll never log in with this account
Disallow password change:Ticked
Join Groups:Accept defaults
Folder Permissions:User Read/Write for "docker" Shared Folder
Assign User Quota:Accept defaults
Application Permissions:Accept defaults
User Speed Limits:Accept defaults

7. Complete the new user creation wizard, then check the new docker user exists in the "User & Group" program.

8. If you are using this guide to set up Docker / Portainer on a Linux distribution (Ubuntu / Debian etc), then run the following commands at the CLI to set up a dedicated "docker" system user account and install Docker on Linux:

For Linux / Ubuntu OS - Set up "docker" user and install Docker (Not for Synology users):
sudo addgroup --system docker
sudo adduser --system --no-create-home --ingroup docker docker
sudo usermod -G docker -a `whoami`
sudo apt-get install docker docker.io docker-compose

9. Use the following command to find the Docker Document Root - where images and containers will be stored; Docker will self manage this section, do not change.

sudo docker info | grep -i dir

Synology Default App Dir:/volume1/@docker (Assuming Docker is on Volume 1)
Linux / Ubuntu Default App Dir:/var/lib/docker

10. Some Docker images need to be run with User or Group ID of your docker user (PUID= PGID=), use the following command to identify the UID and GID of your new Docker user account:

sudo id docker
uid=1010(docker) gid=100(users) groups=100(users)

Therefore, your PUID=1010 and PGID=100

NOTE: PUID / PGID will vary from system to system, you can't use Docker configurations from the Internet and expect them to work, unless you adjust the PUID / PGID values to match your system.

PART 3 - Install / Set up Portainer:

Reference: Docker Standalone - Portainer Documentation

Ask any Synology user that has used Docker already on their NAS, and they'll all tell you how very limited the management portal is. It can't load docker-compose files, it won't allow you to use file paths outside the presented scope, and its limited when trying to map ports and volumes.. i.e. the docker socket can't be mapped.

The best way to use Docker on Synology, is to install the Docker package, install a web based management tool such as Portainer, and never log back into your Synology for Docker again - Portainer will allow you to use the full power of Docker, without the shortfalls of the Synology Docker tool.

To install and setup Portainer, you will need to SSH into your Synology as discussed in PART 1, and run the following commands manually. We only want to log into SSH and run sudo commands very rarely, as we have potential to make a mess of the Synology OS if you don't know what you're doing - so we'll only do the basics via SSH, then continue management via the web portal once Portainer is installed.

1. Use the following command to set up a persistent configuration / data folder for Portainer, and make the "docker" user the owner of the files.

sudo mkdir -p /volume1/docker/portainer
sudo chown -R docker /volume1/docker/*

Linux / Ubuntu OS:
sudo mkdir -p /opt/docker/portainer
sudo chown -R docker /opt/docker

Windows OS WLS:
mkdir D:\Docker\portainer

2. There are two versions of Portainer images which can be used to manage your Docker environment:

  • "portainer-ce" - Community Edition (Free, but limited to one Docker environment)
  • "portainer-ee" - Business Edition (Can manage up to five Docker nodes and has more features)

My personal choice is to run portainer-ee Business Edition by registering a free account; they will immediately email you a license to active Business Edition.

Register for free Portainer Business Edition at Docker and Kubernetes Management | Portainer

3. Cut and paste the following code and run it in your SSH / Powershell sessions. You will need to change "portainer-ce" to "portainer-ee" if you plan on using the Business Edition. FYI - It can be changed / updated at a later time.

Synology OS:
sudo docker run -d \
    --name portainer \
    --restart=always \
    -p 8000:8000 \
    -p 9443:9443 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /volume1/docker/portainer:/data \

Linux / Ubuntu OS:
sudo docker run -d \
    --name portainer \
    --restart=always \
    -p 8000:8000 \
    -p 9443:9443 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /opt/docker/portainer:/data \

Windows OS (PowerShell):
docker run -d --name portainer --restart=always -p 8000:8000 -p 9443:9443 -v /var/run/docker.sock:/var/run/docker.sock -v D:\Docker\portainer:/data portainer/portainer-ce:latest

4. If you make an error during install or need to remove Portainer, you can run the following commands at the SSH prompt. As the Portainer image is set up with a mounted data directory (/volume1/docker/portainer), you can delete the Portainer container and re-create it, and the running configuration will remain persistent across different re-installations of the same container. However, you can reset the running configuration of Portainer by emptying the contents of the /volume1/docker/portainer or directory and restarting the container.

sudo docker container stop portainer
sudo docker container rm portainer
sudo docker image prune

5. If you want to connect to Portainer on a different network port than 9443, then change the first port number in the line below.. For example, to connect using port 12445. The second port number is the port being used inside the Portainer Docker image and cannot be changed without the developer rebuilding the image, however it does not affect traffic on the local network, so it should not be adjusted. Docker will pass all network traffic on port 12445 through to the internal container port of 9443 automatically.

-p 12445:9443 \

6. Open Portainer at https://DiskStation:9443/ or https://DiskStation:12445/ if you have changed the port

7. Create a Portainer login account, and then log into the WebUI Portal

8. If you registered to use the free Portainer Business Edition - enter the license code they emailed you on this page, and then submit

9. On the Quick Start - Environment Wizard page, select "Get Started" to connect to the local Docker service running on the Synology NAS

10. Then click on the "Local" environment to access the Synology Docker service

11. In the left menu, go to "Settings", then "Environments" - Click on "Local" on the right hand side

Name:Synology RS1221+
Public IP:Network IP Address or resolvable hostname

12. Select "Update Environment"

PART 4 - Install / Set up Watchtower

Reference: Watchtower

Watchtower is an application that will monitor your running Docker containers and watch for changes to the images that those containers are running. If watchtower detects that an image has changed, it will automatically download the image, update the container, and restart the container with the original build configuration used to originally set up the container.

1. Go to Portainer Web Portal: https://DiskStation:9443/

2. Select the Synology Environment discussed in PART 3 above

3. In the left menu, select "Stacks", then "Add Stack" on right of screen

4. In the "Name" field, use: watchtower

5. In the "Web Editor", copy and paste the code below:

version: "3.5"
    image: containrrr/watchtower:latest
    container_name: watchtower
    restart: unless-stopped
      - /var/run/docker.sock:/var/run/docker.sock
      - WATCHTOWER_SCHEDULE=0 0 4 * * *
      - WATCHTOWER_DEBUG=false
      - TZ=Australia/Brisbane
    network_mode: bridge

6. For "Enable access control:" Disable if not using role based access with Portainer portal.

7. Select "Deploy The Stack" - this will download the image, create the container, and set up the cron in your chosen time zone.

8. If you select "Containers", you will now see Watchtower listed with all the other Docker containers installed on the system - Portainer.

9. To set the correct time zone for yourself, refer to the Time Zone Database Name at the following link:

Time Zone Database Name: List of tz database time zones - Wikipedia

NOTE: The code above is actually a docker-compose.yaml configuration file in YAML format. Docker takes configuration commands via the CLI, or docker-compose YAML files can be used to configure Docker with much more complex setups. Portainer allows docker-compose configurations to be uploaded as files, or cut and pasted into the web editor for easy setup.

PART 5 - Install / Set up Portainer Agent:

Reference: Portainer Agent: Docker Standalone - Portainer Documentation

If you installed the free Portainer Business Edition and have additional computers running Docker, then you can install the Portainer Agent in the other Docker systems, and link them up to your Synology Portainer, and manage them all from a central portal.

1. To install Docker on Linux (Ubuntu / Debian etc...) systems, run the follow command at the CLI:

sudo apt-get install docker docker.io docker-compose

2. If Docker is installed on a new system, run the following command to install the Portainer Agent on this system:

Linux / Ubuntu OS:
sudo docker run -d \
    --name portainer_agent \
    --restart=always \
    -p 9001:9001 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /var/lib/docker/volumes:/var/lib/docker/volumes \

3. If you're running the Portainer Agent on another Synology Docker system, then the volumes will be different to above, and you will need to change the following line:

    -v /var/lib/docker/volumes:/var/lib/docker/volumes \

    -v /volume1/@docker/volumes:/var/lib/docker/volumes \

4. If you are uncertain which system you have, use the following command to locate the Docker Application Dir:

sudo docker info | grep -i dir

5. Log into Portainer on your main Synology NAS which has the first Portainer Portal:

Portainer Portal https://DiskStation:9443/

6. On the left hand menu, go to "Environments", then "Add Environment" on the right hand side.

7. On the "Quick Setup - Environment Wizard" page, select "Docker" then "Start Wizard".

8. Ignore the Agent, API, Socket or Edge Agent configurations, just fill in the following fields:

Name:docker-agent1 (or suitable name)
Environment Address:Network IP Address or resolvable hostname (with port 9001)

9. Press "Connect".

10. Click the "Portainer.IO" icon on top left and go to the home page, both Synology and the new Docker environments should be listed.

11. Select the new Docker environment in the list of environments.

12. On the left hand menu, go to "Environments" and select the new environment, and add the Public IP or Resolvable Hostname into the settings, and select "Update Environment".

13. Follow the steps in PART 4, to install Watchtower on this environment as well, so both environments automatically update the images and containers.

Now Start Using Your Docker Environments for Something!

Portainer 101 - How to deploy a container on Docker using Portainer
Related resources
Portainer Server: Docker Standalone - Portainer Documentation
Portainer Agent: Docker Standalone - Portainer Documentation
Portainer Docker-Compose: Stacks = docker-compose, the Portainer way
Portainer 101 - Deploying Containers:
Watchtower Options: Arguments - Watchtower
Open network ports on your Windows 11 firewall:

Similar resources

Ultimate Starter - (PAGE 1) - Jellyfin, Jellyseerr, NZBGet, Torrents and *ARR Media Library Stack G
Docker-Compose - VPN Enabled Jellyfin, Jellyseerr, NZBGet, Transmission and *ARR Stack for Beginners
0.00 star(s) 0 ratings
Ultimate Starter - (PAGE 2) - Jellyfin, Jellyseerr, NZBGet, Torrents and *ARR Media Library Stack G
Docker-Compose - VPN Enabled Jellyfin, Jellyseerr, NZBGet, Transmission and *ARR Stack in 30 minutes
0.00 star(s) 0 ratings
Calibre: The one stop solution for all your e-book needs
5.00 star(s) 4 ratings
A one-of-a-kind resume builder that keeps your privacy in mind
0.00 star(s) 0 ratings
How to update a Docker container wwwampy
Tutorial for updating containers via Docker UI
0.00 star(s) 0 ratings
0.00 star(s) 0 ratings
Paperless-ng is an application which takes your scanned documents and makes them searchable via OCR
5.00 star(s) 2 ratings