Welcome to Richard's Blog

Category: Network and IT System

Automated Docker Updates with Watchtower and Ntfy Notifications (via Portainer)
Maintaining Docker containers is easy—in theory. In practice, keeping your stack up-to-date with the latest images can be tedious and time-consuming. Here’s a solution: Watchtower can update containers automatically, and with Ntfy, you get real-time notifications right on your phone or desktop whenever an update occurs!

Best of all: you can set it all up through Portainer’s GUI. In this tutorial, I’ll walk you through a complete setup: no command line required.

Why automate Docker updates?

Manual container updates aren’t just inconvenient, they can lead to missed security patches and downtime. Watchtower eliminates this pain, pulling new images and restarting containers automatically, all on a schedule you control.

But automation can be a little scary—how do you know what’s happening? That’s where Ntfy comes in. With just a few lines of configuration, Watchtower can send push notifications to your phone or browser. You’re always in the loop, wherever you are.

What you need
- Docker running on your server.
- Portainer set up for easy container management.
- (Optional) Ntfy self-hosted or use ntfy.sh free public service.
Step 1: Pick (or create) your ntfy topic

Think of a topic as a notification channel. For this setup, I’ll use watchtower-notify as my topic. You can pick whatever you like. If you want privacy, choose a hard-to-guess topic or set up authentication (see ntfy docs).

Step 2: Build your Watchtower stack

In Portainer:
1. Go to “Stacks” and click “Add Stack”.
2. Give your stack a name, e.g., watchtower.
3. Enter the following Docker Compose configuration, replacing the topic with yours:
  yaml version: "3" services: watchtower: image: containrrr/watchtower container_name: watchtower restart: unless-stopped environment: - WATCHTOWER_WATCHDOG=true - WATCHTOWER_CLEANUP=true - WATCHTOWER_NOTIFICATIONS=ntfy - WATCHTOWER_NOTIFICATION_NTFY_TOPIC=watchtower-notify - WATCHTOWER_NOTIFICATION_NTFY_URL=https://ntfy.sh volumes: - /var/run/docker.sock:/var/run/docker.sock
- If using a private ntfy topic with token:
  Add
  - WATCHTOWER_NOTIFICATION_NTFY_TOKEN=your-ntfy-token
  under environment.
1. Click Deploy the stack.
Step 3: Subscribe to your notifications

You’re almost done! To receive updates:
- On your phone: Install the Ntfy app (iOS or Android), and subscribe to your topic, e.g. watchtower-notify.
- In your browser: Visit ntfy.sh/your-topic-name.
When Watchtower pulls an updated image and restarts your containers, you’ll get a message right away!

What does a notification look like?

Example:

watchtower
The container xyz was updated and restarted.

You can fine-tune both your notification topic and Watchtower’s update schedule in your docker-compose.yml file.

Extras and Security
- Self-host ntfy for privacy (ntfy docs). Then change WATCHTOWER_NOTIFICATION_NTFY_URL in your stack.
- Keep your topic secret (long random strings) or enable access control.
- Use Watchtower’s environment variables to control its behavior (e.g., update interval, target containers, etc).
Conclusion

With Watchtower, Docker containers stay up-to-date, and with Ntfy, you’re always up-to-speed on every change. Combine both with Portainer’s user-friendly interface, and managing containers becomes almost effortless.

Did you try it? Have tips or questions? Let me know in the comments!

Resources:
Happy automating! 🚀
June 13, 2024
Ntfy: push notification for services.
I am using Ntfy for my SSH alert and watchtower update. It is pretty cool to have this feature, so I can know who is accessing my server without my authorization. And know my docker needs to be updated as well.

SSH Alert Example

Command this to open code,
```
nano /etc/pam.d/sshd
```
Please add this code to the bottom of the page.
```
session optional pam_exec.so /usr/local/bin/ntfy-ssh-login.sh
```
You should create a script file called /usr/local/bin/ntfy-ssh-login.sh
```
nano /usr/local/bin/ntfy-ssh-login.sh
```
Here code, make sure you change the server URL and username and password for nginx auth.
```
#!/bin/bash
# This is a PAM script hook that shows how to notify you when
# somebody logs into your server. Place at /usr/local/bin/ntfy-ssh-login.sh (with chmod +x!).

TOPIC_URL=yourntfydomain
NGINXUSER=yourusername
NGINXPASSWORD=yourpassword

if [ "${PAM_TYPE}" = "open_session" ]; then
  curl -u ${NGINXUSER}:${NGINXPASSWORD} -H tags:warning -H prio:high -d "SSH login to $(hostname): ${PAM_USER} from ${PAM_RHOST}" "${TOPIC_URL}"
fi
```
Then Now you save Ctrl +x then yes

Make sure you have chmod permissions. Here is the command.
```
chmod +x /usr/local/bin/ntfy-ssh-login.sh
```
Go try logging into another terminal and see if it notifications you, then try logging in again and see if it notifications you. 🙂

It works well. It shows the username and IP address, so the IT team can protect the account if they don’t have permission to access our server.
June 13, 2024
How to Set Up and Log In to Bitwarden Password Manager on a Self-Hosted Server
Step by step:
1. Download the Android apps “Bitwarden Password Manager” and for apple “Bitwarden Password Manager”
2. Open Bitwarden password app
3. Login in on → self-hosted
4. Server URL is Https://bitwarden.richardapplegate.io
5. Login to your account. If you don’t have one, ask Richard Applegate to open a registration. I have to close the register to be more secure and stay away from bots.
June 10, 2024