When you’ve installed tons of Dockers, updating them becomes a chore — you need to manually check for new image versions and then go through the trouble of installing them yourself. Watchtower has been a fantastic tool to automate all those steps and update my containers, which is why it’s been my go-to app to do the dirty work. While I liked the automation and not having to think about updates anymore, this entirely hands-off approach recently started to become a liability. And the tool that proved to be a worthy replacement is none other than Diun.

My home NAS server doesn’t run critical infrastructure, of course, but I do care about uptime. A few containers have been configured in specific ways, sometimes with tweaks to customize performance. And all it takes is one unintended update to break something, or worse, quietly change expected behavior that I’d only notice at the worst possible time. Replacing Watchtower was about knowing when something was available before it changed anything on its own. Isn’t that the point of running Docker containers? To take control of your apps?

And one fine day, I ran into just that. A container restarted with a new image that Watchtower installed, breaking a plugin I had set up manually. I didn’t lose any data, thankfully, but I lost time troubleshooting and getting frustrated. That was the tipping point for me to find an alternative that was just as convenient but didn’t mess with the workflow, which led me to Diun.

Why Diun is better for my workflow

And why it makes so much sense

Source: Diun

Diun (short for Docker Image Update Notifier) is a lightweight tool that does one thing well: it tells me when a new container image update is available. That’s it. It doesn’t pull the new image, halt running containers, or restart anything. It just sends me a notification.

This might sound like a step backward, but it’s exactly the kind of control I now need. Instead of waking up to broken services because something silently updated overnight, I get a heads-up on email (or Slack, Telegram, Discord — whatever you prefer). Then I decide if and when I want to apply the update. It lets me install updates during off-peak hours, say on weekends, when I have space to fix things if needed, not in the middle of a packed work week.

Setting up Diun takes a bit of tinkering on a Synology NAS, but it’s more straightforward on a Raspberry Pi or Windows machine with something like Docker Compose. I gave Diun access to the Docker socket and added a couple of labels to the containers I wanted it to watch. After that, it just worked. Every few hours, it checks registries — Docker Hub, AWS ECR, and others — looks for the latest tags, and notifies me if there’s something new. A big plus is that Diun’s resource usage is negligible, which is not a big deal for beefy systems, but significant for low-power deployments.

Why Watchtower didn’t live up to the task anymore

It had to be retired