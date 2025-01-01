Install ALTCHA Sentinel

ALTCHA Sentinel is a self-hosted application distributed as an OCI-compatible container image. It can be deployed on any container runtime that supports the Open Container Initiative (OCI) standard, including platforms like Docker, AWS ECS or Azure App Service.

The default configuration is optimized for fast, production-ready deployments that are secure and require no external databases or services, while still supporting fault-tolerant clustering with PostgreSQL, and Redis as underlying backends. For users seeking compliance and minimal technical overhead, deployment to Azure App Service is recommended.

What’s included?

The official container image of ALTCHA Sentinel includes everything you need to start using Sentinel with all its features without external services or databases:

Sentinel server

Sentinel front-end application

Machine learning engine for advanced classification

Optional clustering capabilities

Technical Requirements

To install ALTCHA Sentinel on your infrastructure, ensure you have the following:

A container runtime compatible with the OCI standard and capable of running Linux-based containers on AMD64 or ARM64 architectures (e.g., Azure App Services, AWS ECS, Kubernetes, Docker, Docker Compose, Docker Swarm, Podman)

Support for persistent storage volumes to store database data. Alternatively, use PostgreSQL as the database backend without requiring persistent volumes.

An instance with at least 2 vCPUs (or CPU cores) and at least 2 GB of RAM

External Data Sources

While Sentinel is designed to be self-contained and independent of external dependencies, some frequently updated data must be sourced externally:

IP Resolvers – Provides IP geolocation data

Data Sources – Supplies IP and email blacklists (requires no additional configuration)

Supported Runtimes

While it is possible to run the provided container image on any OCI-compatible runtime, we recommend using one of the following officially supported environments:

The deployment runtime must support persistent storage volumes, unless used in a multi-instance configuration with PostgreSQL.

Container Image

The official OCI-compatible container image is multi-arch and hosted on the following registries:

GitHub Container Registry:

ghcr.io/altcha-org/sentinel

AWS ECR:

public.ecr.aws/n6m6b4n8/altcha-org/sentinel

Tencent Cloud (China):

ccr.ccs.tencentyun.com/altcha-org/sentinel

Supported architectures:

AMD64 (x86-64)

ARM64 (AArch64)

The image automatically selects the correct architecture based on the host system. For production environments, it is recommended to use an explicit version tag rather than latest .

Exposed Ports

The container image exposes several ports. Only port 8080 should be accessible from the internet.

8080 — Main HTTP port for ALTCHA Sentinel

The following ports are for internal use only. Do not expose them publicly unless for debugging purposes:

6389 — Internal Redis-compatible database

4080 — Internal database HTTP API (protocol currently undocumented)

HTTPS (TLS Encryption)

To enable TLS encryption (HTTPS), configure a load balancer or reverse proxy with TLS termination. If you use one of the pre-configured deployment options, TLS encryption is enabled automatically:

Azure App Services: Deploys an internet-facing gateway with TLS termination. Custom domain names are supported. For CDN and caching capabilities, deploy Azure Front Door separately.

AWS ECS: Deploys an internet-facing Application Load Balancer (ALB). Custom domain names are supported.

For other deployment methods, we recommend using bunny.net, a global CDN operated by an EU-based company. Alternatively, you can use services such as Cloudflare.

To enable TLS encryption directly in Sentinel, set the HTTP2_CERT and HTTP2_KEY environment variables. This will also enable the HTTP/2 protocol.

Volumes

The container requires a persistent storage volume for database data (unless configured with PostgreSQL as database backend), which must be mounted to the /data directory:

volumes : - altcha_sentinel_data_volume:/data

Clustering

Sentinel supports clustering for fault-tolerant, high-availability deployments using PostgreSQL and Redis as underlying backends. For setup instructions, see the Clustering guide.

