Install ALTCHA Sentinel

ALTCHA Sentinel is a self-hosted application distributed as a Docker image. It can be deployed on any Docker-compatible environment, including platforms like AWS ECS and Azure App Service.

The default configuration is optimized for quick, production-ready deployments that are secure and require no external databases or services. For users seeking compliance and minimal technical overhead, deployment to Azure App Service is recommended.

What’s included?

The official Docker image of ALTCHA Sentinel includes everything you need to start using Sentinel with all it’s features without external services or databases:

• Sentinel server
• Sentinel front-end application
• SQLite-backed primary database
• Redis-compatible database with persistancy
• Machine learning engine for advanced classification

Note

Sentinel operates independently with its built-in, optimized database system, including:

• Redis-compatible storage layer
• Raft-based distributed clustering

No external databases (Postgres, MySQL, etc.) are needed. In its minimal deployment, everything is contained within a single instance.

Technical Requirements

To install ALTCHA Sentinel on your infrastructure, ensure you have the following:

• A Docker-compatible runtime capable of running Linux-based containers on AMD64 or ARM64 architectures (e.g., Azure App Services, AWS ECS, Kubernetes, Docker Swarm, or Docker Compose)
• Support for persistent storage volumes in the Docker runtime for storing database data
• An instance with at least 2 vCPUs (or CPU cores) and at least 2 GB of RAM

External Data Sources

While Sentinel is designed to be self-contained and independent of external dependencies, some frequently updated data must be sourced externally:

• IP Resolvers – Provides IP geolocation data
• Data Sources – Supplies IP and email blacklists (requires no additional configuration)

Supported Runtimes

While it is possible to run the provided Docker image on any Docker-compatible runtime, we recommend using of the following officially supported runtimes:

• Azure App Services (recommend for beginners)
• AWS ECS
• Kubernetes
• Docker Swarm or Docker Compose

The deployment runtime must support persistant storage volumes, unless used in multi-instance deployment.

Container Image

The official Docker image is multi-arch compatible and hosted on:

GitHub Container Registry:

ghcr.io/altcha-org/sentinel

AWS ECR:

public.ecr.aws/n6m6b4n8/altcha-org/sentinel

Tencent Cloud (China):

ccr.ccs.tencentyun.com/altcha-org/sentinel

Supported architectures:

• AMD64 (x86-64)
• ARM64 (AArch64)

The image will automatically match your host system’s architecture. For production environments, we recommend specifying an explicit version tag rather than latest.

Exposed Ports

The Docker image exposes several ports. Only port 8080 should be accessible from the internet.

• 8080 — Main HTTP port for ALTCHA Sentinel

The following ports are for internal use only. Do not expose them publicly. Use only for debugging if necessary:

• 6389 — Internal Redis-compatible database
• 4080 — Internal database HTTP API (protocol currently undocumented)
• 4001 and 4002 — RQLite protocols used for distributed clustering

HTTPS (TLS Encryption)

To enable TLS encryption (HTTPS), configure a load balancer or reverse proxy with TLS termination. If you use one of our pre-configured deployment options, TLS encryption is enabled automatically:

• Azure App Services: Deploys an internet-facing gateway with TLS termination. Custom domain names are supported. For CDN and caching capabilities, deploy Azure Front Door separately.
• AWS ECS: Deploys an internet-facing Application Load Balancer (ALB). Custom domain names are supported.

For other deployment methods, we recommend using bunny.net, a global CDN operated by an EU-based company. Alternatively, you can use services such as Cloudflare.

To enable TLS encryption directly in Sentinel, set the HTTP2_CERT and HTTP2_KEY environment variables. This will also enable the HTTP/2 protocol.

Volumes

The container requires a persistent storage volume for database data, which must be mounted to the /data directory:

volumes:
  - altcha_sentinel_data_volume:/data

Deployment Modes

ALTCHA Sentinel can be deployed in two modes: 1) single-instance or 2) multi-instance. The later offers high-availability and fault-tollerance. The multi-instance deployment is available only in the Enterprise plan.

	Single-instance	Multi-instance
Max. number of instances (nodes)	1	limit per license
High availability	No	Yes
Fault tollerance	No	Yes
Scaling	Vertical	Horizontal
Traffic	Low to moderate	High

Related

• Integration Checklist
• Performance Tuning
• Clustering