Docker-Sentinel

May 8, 2026 ยท View on GitHub

Maintenance Mode

As of 2026-05-08, this project is in maintenance mode. v2.12.2 is the final feature release. Bug-fix PRs and security issues will still be reviewed. New features will not be added. See MAINTENANCE.md for the full policy.

CI Release License Go Go Report Card GHCR GitHub Downloads GHCR Pulls Docker Pulls

A container update orchestrator with a web dashboard, written in Go. Replaces Watchtower with per-container update policies, pre-update snapshots, automatic rollback, and real-time notifications.

Dashboard

Features

  • Per-container update policies via Docker labels: auto, manual, or pinned
  • Pre-update snapshots with automatic rollback if a container fails health checks after updating
  • Registry checks with digest comparison for mutable tags and semver tag discovery with constraint pinning
  • Web dashboard with SSE live updates, stack grouping, container controls, and mobile-responsive layout
  • Cluster mode for monitoring and updating containers across multiple Docker hosts from a single dashboard
  • 11 notification providers including Gotify, Slack, Discord, Ntfy, Telegram, Pushover, Email, MQTT, Apprise, and webhooks
  • Authentication with password, WebAuthn/passkeys, OIDC/SSO, and TOTP/2FA support
  • Maintenance windows with time-range expressions and per-container cron schedules
  • Lifecycle hooks with Docker-Guardian integration for coordinated maintenance labels
  • Prometheus metrics endpoint with an official Grafana dashboard template
  • Update queue for reviewing, approving, or rejecting pending updates with inline release notes
  • Configuration export/import for full settings backup and restore via the web UI

Quick Start

docker run -d \
  --name docker-sentinel \
  --restart unless-stopped \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \
  -v sentinel-data:/data \
  -p 8080:8080 \
  -e SENTINEL_POLL_INTERVAL=6h \
  willluck/docker-sentinel:latest

# Or from GitHub Container Registry:
# ghcr.io/will-luck/docker-sentinel:latest

Open http://localhost:8080 in your browser. On first visit you will be guided through the setup wizard to create an admin account.

Container Labels

Set per-container update behaviour with Docker labels like sentinel.policy, sentinel.semver-constraint, sentinel.cron, and others. See the Docker Labels wiki page for the full reference.

Update Lifecycle
  1. Scan containers and check policies
  2. Check registries for new digests or semver tags
  3. Queue updates (auto-policy proceeds immediately, manual-policy waits for approval)
  4. Snapshot the full container config, then pull the new image before stopping anything
  5. Update the container: stop, remove, recreate with identical config, start
  6. Validate after the grace period, and rollback from the snapshot if the container is unhealthy

Screenshots

DashboardManage Mode
Container DetailQueue
ClusterConnectors
ImagesSettings

Documentation

Full documentation is available in the Wiki, covering:

Building from Source

make build      # Build binary to bin/sentinel
make frontend   # Build JS/CSS bundles (esbuild)
make docker     # Build Docker image

Requires Go 1.24+, Node.js, and Docker.

Licence

Apache Licence 2.0. See LICENSE for details.