A container update orchestrator with a web dashboard, written in Go. Replaces Watchtower with per-container update policies, pre-update snapshots, automatic rollback, and real-time notifications.
- Per-container update policies via Docker labels:
auto,manual, orpinned - Pre-update snapshots with automatic rollback if a container fails health checks after updating
- Registry checks with digest comparison for mutable tags and semver tag discovery with constraint pinning
- Web dashboard with SSE live updates, stack grouping, container controls, and mobile-responsive layout
- Cluster mode for monitoring and updating containers across multiple Docker hosts from a single dashboard
- 11 notification providers including Gotify, Slack, Discord, Ntfy, Telegram, Pushover, Email, MQTT, Apprise, and webhooks
- Authentication with password, WebAuthn/passkeys, OIDC/SSO, and TOTP/2FA support
- Maintenance windows with time-range expressions and per-container cron schedules
- Lifecycle hooks with Docker-Guardian integration for coordinated maintenance labels
- Prometheus metrics endpoint with an official Grafana dashboard template
- Update queue for reviewing, approving, or rejecting pending updates with inline release notes
- Configuration export/import for full settings backup and restore via the web UI
docker run -d \
--name docker-sentinel \
--restart unless-stopped \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v sentinel-data:/data \
-p 8080:8080 \
-e SENTINEL_POLL_INTERVAL=6h \
willluck/docker-sentinel:latest
# Or from GitHub Container Registry:
# ghcr.io/will-luck/docker-sentinel:latestOpen http://localhost:8080 in your browser. On first visit you will be guided through the setup wizard to create an admin account.
Set per-container update behaviour with Docker labels like sentinel.policy, sentinel.semver-constraint, sentinel.cron, and others. See the Docker Labels wiki page for the full reference.
Update Lifecycle
- Scan containers and check policies
- Check registries for new digests or semver tags
- Queue updates (auto-policy proceeds immediately, manual-policy waits for approval)
- Snapshot the full container config, then pull the new image before stopping anything
- Update the container: stop, remove, recreate with identical config, start
- Validate after the grace period, and rollback from the snapshot if the container is unhealthy
|
 |
 |
 |
 |
 |
 |
 |
Full documentation is available in the Wiki, covering:
- Installation Guide
- Configuration Reference
- Docker Labels
- Web UI Guide
- REST API Reference
- Authentication & Security
- Notifications
- Cluster Mode
- Lifecycle Hooks
- Troubleshooting
make build # Build binary to bin/sentinel
make frontend # Build JS/CSS bundles (esbuild)
make docker # Build Docker imageRequires Go 1.24+, Node.js, and Docker.
Apache Licence 2.0. See LICENSE for details.