Web UI Guide
Walkthrough of every page in the Docker-Sentinel web interface.
Supports password and passkey (WebAuthn) authentication.
| Detail | Value |
|---|---|
| Rate limit | 5 attempts per IP per 5 minutes |
| Account lockout | 10 failures locks the account for 30 minutes |
| Passkey button | Appears when at least one passkey is registered for the account |
The main view. Container state updates in real time via Server-Sent Events (SSE). A live scan countdown timer shows time until the next scheduled scan.
Four clickable cards at the top; clicking a card applies the corresponding filter to the list.
| Card | Filters to |
|---|---|
| Total | All containers |
| Running | Running containers only |
| Updates Pending | Containers with an available update |
| Rate Limits | Containers affected by Docker Hub rate limits |
Pills filter by state (Running, Stopped, Updatable). Multiple pills combine. Sort options: alphabetical or by status.
Containers are grouped by Docker Compose project (from the com.docker.compose.project label). Stack order is configurable via drag-and-drop; ungrouped containers appear at the bottom.
| Column | Description |
|---|---|
| Name | Container name; click to open Container Detail |
| Image | Current image and tag |
| Policy | Active update policy (dropdown to change) |
| Status | Running / Exited / Updating; clickable badges for update and start/stop actions |
| Ports | Published port mappings with clickable links |
Status badges are interactive: hovering a running container shows a Stop badge, hovering a stopped container shows a Start badge. When an update is available, the badge becomes a clickable Update trigger.
Port mappings are shown as clickable chips. When Nginx Proxy Manager is configured in Connectors, port chips link to the proxy domain instead of the raw host:port. Containers with many ports show the first two with a "+N more" expander.
Click Manage to enter manage mode. Select multiple containers using the row checkboxes, then use the bulk action bar to change policy across all selected containers in one operation.
All pages support Light, Dark, and Auto (follows system preference) themes.
Lists pending updates for containers with manual policy. Shows current and available versions for each entry.
| Action | Effect |
|---|---|
| Approve | Pulls new image and recreates the container immediately |
| Reject | Dismisses this pending update |
| Ignore | Suppresses alerts for this specific version permanently |
Reached by clicking a container name on the Dashboard.
| Section | Content |
|---|---|
| Image Info | Current image, tag, digest, registry source badge |
| Available Versions | Version list from the registry |
| GHCR Alternative | One-click migration when a GHCR mirror is detected |
| Snapshots | Pre-update snapshots available for rollback |
| Policy Override | Per-container policy distinct from the global default |
| Notification Mode | Override notification behaviour for this container only |
| Lifecycle Hooks | View and manage pre/post update hook commands |
| Version History | Timestamped log of every update applied to this container |
Chronological log of every update Sentinel has applied. Each entry shows container name, old version, new version, timestamp, and outcome (success / failure). Filterable and searchable.
All system and user actions with timestamps. When authentication is enabled, records which user triggered each action. Searchable by container name, action type, or username.
Lists all Docker images on the host (or across all cluster hosts). Manage mode lets you select and remove unused images in bulk. Automatically filters to unused images when entering manage mode.
Divided into tabs:
| Setting | Description |
|---|---|
| Poll interval | How often Sentinel checks registries for new images |
| Grace period | Delay between detecting an update and acting on it |
| Default policy | Fallback for containers without a label override |
| Container filters | Include/exclude containers by name pattern |
| Cron schedule | Alternative to poll interval; accepts a cron expression |
:latest auto-update |
Whether digest changes on :latest tags trigger updates |
| Image cleanup | Remove old images after a successful update |
| Dependency-aware ordering | Topologically sort updates by sentinel.depends-on declarations |
Add, edit, test, and delete notification providers. Supported: Gotify, Slack, Discord, Ntfy, Telegram, Pushover, Email, MQTT, Apprise, Webhook. Each channel has per-event filtering. See Notifications.
Credential management for private registries. Docker Hub rate limit status is displayed here. Credentials are applied automatically when pulling image metadata.
Lifecycle hook management. Only visible when SENTINEL_HOOKS=true. Toggle hook persistence to labels.
TLS configuration and session settings.
Theme selector (Light, Dark, Auto), default group collapse behaviour, and dashboard column visibility toggles. Stored per-browser.
Running version, build date, uptime, Go runtime version, and memory statistics. Self-update trigger.
Only visible when SENTINEL_CLUSTER=true. Manages enrolled Agent hosts.
| Column | Description |
|---|---|
| Host | Hostname registered at enrolment |
| Status | Online / Offline / Draining |
| Last Seen | Timestamp of last Agent heartbeat |
| Actions | Drain, Revoke, Remove |
- Drain: pauses update triggers for the host while keeping it enrolled
- Revoke: invalidates the host certificate; Agent must re-enrol
- Remove: deletes the host record entirely
Click Generate Token to produce a one-time enrolment token for a new Agent.
Portainer and Nginx Proxy Manager integrations. Configure URLs and credentials to enable port-to-URL mapping and proxy host management from within Sentinel.
When Docker Swarm is active, Swarm services appear in a separate section on the dashboard with replica counts and published ports. Click a service name to view its detail page showing task distribution across nodes.