When you’ve installed tons of Dockers, updating them becomes a chore — you need to manually check for new image versions and then go through the trouble of installing them yourself. Watchtower has been a fantastic tool to automate all those steps and update my containers, which is why it’s been my go-to app to do the dirty work. While I liked the automation and not having to think about updates anymore, this entirely hands-off approach recently started to become a liability. And the tool that proved to be a worthy replacement is none other than Diun.
My home NAS server doesn’t run critical infrastructure, of course, but I do care about uptime. A few containers have been configured in specific ways, sometimes with tweaks to customize performance. And all it takes is one unintended update to break something, or worse, quietly change expected behavior that I’d only notice at the worst possible time. Replacing Watchtower was about knowing when something was available before it changed anything on its own. Isn’t that the point of running Docker containers? To take control of your apps?
Related
Here’s how Docker can simplify your home server setup
Docker is a powerful tool for keeping everything on a single server.
And one fine day, I ran into just that. A container restarted with a new image that Watchtower installed, breaking a plugin I had set up manually. I didn’t lose any data, thankfully, but I lost time troubleshooting and getting frustrated. That was the tipping point for me to find an alternative that was just as convenient but didn’t mess with the workflow, which led me to Diun.
Why Diun is better for my workflow
And why it makes so much sense
Source: Diun
Diun (short for Docker Image Update Notifier) is a lightweight tool that does one thing well: it tells me when a new container image update is available. That’s it. It doesn’t pull the new image, halt running containers, or restart anything. It just sends me a notification.
This might sound like a step backward, but it’s exactly the kind of control I now need. Instead of waking up to broken services because something silently updated overnight, I get a heads-up on email (or Slack, Telegram, Discord — whatever you prefer). Then I decide if and when I want to apply the update. It lets me install updates during off-peak hours, say on weekends, when I have space to fix things if needed, not in the middle of a packed work week.
Setting up Diun takes a bit of tinkering on a Synology NAS, but it’s more straightforward on a Raspberry Pi or Windows machine with something like Docker Compose. I gave Diun access to the Docker socket and added a couple of labels to the containers I wanted it to watch. After that, it just worked. Every few hours, it checks registries — Docker Hub, AWS ECR, and others — looks for the latest tags, and notifies me if there’s something new. A big plus is that Diun’s resource usage is negligible, which is not a big deal for beefy systems, but significant for low-power deployments.
Related
7 Docker containers you should run on your Synology NAS
Turn your Synology NAS into a Docker hub.
Why Watchtower didn’t live up to the task anymore
It had to be retired
Watchtower still delivers — especially if you just want your containers to stay up to date without lifting a finger. It monitors tags, pulls updates, stops your containers, and restarts them with the same settings. That’s helpful, but the convenience comes with trade-offs. The biggest one, for me, is that updates happen automatically. That’s Watchtower’s core feature, but my experience shows the risk that comes with it.
Even a small mismatch, like backward incompatibility or incorrect versioning, can break things, depending on how your container is set up. A new image tag doesn’t mean backward compatibility. Some images don’t follow semantic versioning properly, and even when they do, things can break depending on your setup. I’ve had self-hosted tools lose themes or plugins after a silent update. It’s not always a disaster, but it’s always annoying.
Yes, Watchtower technically supports a “monitor-only” mode. You can use the –monitor-only flag or set the WATCHTOWER_MONITOR_ONLY=true variable. In theory, it just notifies you. But in practice, results are inconsistent, and people have seen updates happen anyway, even with the right config. That didn’t inspire much confidence in me.
Why Diun isn’t perfect
Even though it just works
As much as I prefer using Diun now, it has its trade-offs. It doesn’t update anything on its own by design. That means you have to track emails and apply updates manually — an inconvenience I’m fine with. If you forget, you risk running outdated containers. So now, the onus is on you.
Also, Diun only notifies you about new tags. It doesn’t show changelogs or version differences. You still have to visit Docker Hub to see what’s changed. That’s an extra step, but still manageable. And if you’re used to Watchtower’s “set it and forget it” style, Diun might feel like more work at first. It’s not complicated; just a little different from what you’re used to.
Related
7 Docker containers I use to boost my productivity
Docker containers that turned me into a productivity ninja
Diun is where I’ve settled
For now
Diun gave me back control over my NAS. I no longer worry that a background update will cause downtime or break something right when I need it. I get alerts, I review them, I decide what to do. That little change in approach has made my setup feel more stable these last few days. For those who want automation, Watchtower is still a solid choice. But if you prefer predictability and control like me, Diun will win you over. And if you’re looking to up your Docker container game, there are plenty of hidden options to explore.
QNAP TS-464
QNAP’s TS-464 is an impressive four-bay NAS with a striking design, powerful internal specs, and IR support for a remote control. If you’re looking for the best-equipped NAS for running Plex (or other media solutions) without spending a small fortune, this is the NAS for you.
