Dieser Inhalt ist noch nicht in deiner Sprache verfügbar.
Install ALTCHA Sentinel
ALTCHA Sentinel is a self-hosted application distributed as an OCI-compatible container image. It can be deployed on any container runtime that supports the Open Container Initiative (OCI) standard, including platforms like Docker, AWS ECS or Azure App Service.
The default configuration is optimized for quick, production-ready deployments that are secure and require no external databases or services. For users seeking compliance and minimal technical overhead, deployment to Azure App Service is recommended.
What’s included?
The official container image of ALTCHA Sentinel includes everything you need to start using Sentinel with all its features without external services or databases:
- Sentinel server
- Sentinel front-end application
- SQLite-backed primary database
- Redis-compatible database with persistency
- Machine learning engine for advanced classification
Technical Requirements
To install ALTCHA Sentinel on your infrastructure, ensure you have the following:
- A container runtime compatible with the OCI standard and capable of running Linux-based containers on AMD64 or ARM64 architectures (e.g., Azure App Services, AWS ECS, Kubernetes, Docker, Docker Compose, Docker Swarm, Podman)
- Support for persistent storage volumes for storing database data
- An instance with at least 2 vCPUs (or CPU cores) and at least 2 GB of RAM
External Data Sources
While Sentinel is designed to be self-contained and independent of external dependencies, some frequently updated data must be sourced externally:
- IP Resolvers – Provides IP geolocation data
- Data Sources – Supplies IP and email blacklists (requires no additional configuration)
Supported Runtimes
While it is possible to run the provided container image on any OCI-compatible runtime, we recommend using one of the following officially supported environments:
- Azure App Services (recommended for beginners)
- AWS ECS
- Kubernetes
- Docker Swarm or Docker Compose
The deployment runtime must support persistent storage volumes, unless used in a multi-instance configuration.
Container Image
The official OCI-compatible container image is multi-arch and hosted on the following registries:
GitHub Container Registry:
ghcr.io/altcha-org/sentinel
AWS ECR:
public.ecr.aws/n6m6b4n8/altcha-org/sentinel
Tencent Cloud (China):
ccr.ccs.tencentyun.com/altcha-org/sentinel
Supported architectures:
- AMD64 (x86-64)
- ARM64 (AArch64)
The image automatically selects the correct architecture based on the host system. For production environments, it is recommended to use an explicit version tag rather than latest
.
Exposed Ports
The container image exposes several ports. Only port 8080
should be accessible from the internet.
8080
— Main HTTP port for ALTCHA Sentinel
The following ports are for internal use only. Do not expose them publicly unless for debugging purposes:
6389
— Internal Redis-compatible database4080
— Internal database HTTP API (protocol currently undocumented)4001
and4002
— RQLite protocols used for distributed clustering
HTTPS (TLS Encryption)
To enable TLS encryption (HTTPS), configure a load balancer or reverse proxy with TLS termination. If you use one of the pre-configured deployment options, TLS encryption is enabled automatically:
- Azure App Services: Deploys an internet-facing gateway with TLS termination. Custom domain names are supported. For CDN and caching capabilities, deploy Azure Front Door separately.
- AWS ECS: Deploys an internet-facing Application Load Balancer (ALB). Custom domain names are supported.
For other deployment methods, we recommend using bunny.net, a global CDN operated by an EU-based company. Alternatively, you can use services such as Cloudflare.
To enable TLS encryption directly in Sentinel, set the HTTP2_CERT
and HTTP2_KEY
environment variables. This will also enable the HTTP/2 protocol.
Volumes
The container requires a persistent storage volume for database data, which must be mounted to the /data
directory:
volumes: - altcha_sentinel_data_volume:/data
Deployment Modes
ALTCHA Sentinel can be deployed in two modes: 1) single-instance or 2) multi-instance. The latter offers high-availability and fault-tolerance and is available only in the Enterprise plan.
Single-instance | Multi-instance | |
---|---|---|
Max. number of instances (nodes) | 1 | limit per license |
High availability | No | Yes |
Fault tolerance | No | Yes |
Scaling | Vertical | Horizontal |
Traffic | Low to moderate | High |