-
Notifications
You must be signed in to change notification settings - Fork 3
Installation
Images are published to both Docker Hub and GitHub Container Registry for linux/amd64 and linux/arm64.
docker run -d \
--name docker-sentinel \
--restart unless-stopped \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v sentinel-data:/data \
-p 8080:8080 \
-e SENTINEL_POLL_INTERVAL=6h \
willluck/docker-sentinel:latestOr using GHCR:
docker run -d \
--name docker-sentinel \
--restart unless-stopped \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v sentinel-data:/data \
-p 8080:8080 \
-e SENTINEL_POLL_INTERVAL=6h \
ghcr.io/will-luck/docker-sentinel:latest| Mount | Purpose |
|---|---|
/var/run/docker.sock |
Docker API access. Use :ro unless you need Sentinel to update containers. |
/data |
Persistent database and cluster certificates. Use a named volume. |
| Port | Purpose |
|---|---|
8080 |
Web dashboard and REST API (configurable via SENTINEL_WEB_PORT) |
9443 |
gRPC cluster port (only needed in cluster mode, configurable via SENTINEL_CLUSTER_PORT) |
The official image includes sentinel.self=true so Sentinel will not attempt to update itself. If you build your own image, add this label to your docker run command:
-l sentinel.self=trueservices:
sentinel:
image: willluck/docker-sentinel:latest
container_name: docker-sentinel
restart: unless-stopped
ports:
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- sentinel-data:/data
environment:
SENTINEL_POLL_INTERVAL: 6h
SENTINEL_DEFAULT_POLICY: manual
labels:
sentinel.self: "true"
volumes:
sentinel-data:Pre-built binaries are available from GitHub Releases for the following platforms:
| OS | Architecture | Binary name |
|---|---|---|
| Linux | amd64 | docker-sentinel-linux-amd64 |
| Linux | arm64 | docker-sentinel-linux-arm64 |
| Linux | arm/v7 | docker-sentinel-linux-arm-v7 |
| macOS | amd64 | docker-sentinel-darwin-amd64 |
| macOS | arm64 (Apple Silicon) | docker-sentinel-darwin-arm64 |
Download and run:
curl -LO https://github.com/Will-Luck/Docker-Sentinel/releases/latest/download/docker-sentinel-linux-amd64
chmod +x docker-sentinel-linux-amd64
./docker-sentinel-linux-amd64The binary connects to the Docker socket at /var/run/docker.sock by default. Override with SENTINEL_DOCKER_SOCK.
Requires Go 1.24+ and esbuild (installed automatically by the Makefile).
git clone https://github.com/Will-Luck/Docker-Sentinel.git
cd Docker-Sentinel
make buildThis bundles the frontend assets (JS/CSS via esbuild) and compiles the Go binary to bin/sentinel.
| Target | Description |
|---|---|
make build |
Bundle frontend and build the binary |
make frontend |
Bundle JS and CSS only (esbuild) |
make test |
Run tests with race detector |
make test-ci |
Run tests without race detector (for Alpine/musl) |
make lint |
Run golangci-lint |
make docker |
Build Docker image locally |
make docker
# Or manually:
docker build \
--build-arg VERSION=dev \
--build-arg COMMIT=$(git rev-parse --short HEAD) \
-t docker-sentinel:dev .The Dockerfile uses a two-stage build: golang:1.24-alpine for compilation, alpine:3.21 for the final image.
On first visit to the web UI, Sentinel presents a setup wizard. You must create an admin account before accessing the dashboard. This account is stored in the persistent database at /data/sentinel.db.
To disable authentication entirely (not recommended), set SENTINEL_AUTH_ENABLED=false.
- Configuration Reference for all environment variables
- Docker Labels for per-container update policies
- Web UI Guide for a tour of the dashboard
Getting Started
Using Sentinel
Multi-Host
Security
Reference