Skip to content

Walter On-Prem

Bring up a local Walter stack with a real CLI.

Download a tiny bootstrap script, resolve a supported Walter release, and land in the browser setup flow without memorizing Compose flags.

Quick install Upgrade guide

CLI-first install

walter-onprem writes .env.deploy, stores the deployment mode, refreshes the bundle safely, and starts the stack.

Browser-first setup

Walter handles bootstrap secrets automatically and lets you finish license, admin, and LLM setup in the browser after the stack comes up.

Manifest-driven upgrades

Operators can use versions, upgrade --patch, upgrade --minor, or pin an exact image when needed.

Quick path

curl -fsSL https://onprem.walterops.com/install/install-walter.sh | bash

That command:

  • downloads the right walter-onprem binary for the current machine
  • resolves the latest stable Walter release from the manifest
  • downloads the current on-prem bundle to ~/walter-onprem
  • verifies checksums before unpacking anything
  • asks which deployment mode you want and explains internal-tls vs public-tls
  • asks for the hostname or IP clients will use to reach Walter
  • for fresh internal-tls installs, asks whether to keep the default published host ports 80/443
  • reuses existing Docker auth or prompts for the GHCR username and token Walter provided separately
  • writes .env.deploy
  • pulls the configured Walter image
  • starts the stack with the mode and host you selected

After it finishes, open https://<the host you entered> and complete the in-browser setup flow.

Note

Registry credentials, license keys, and any customer-specific image access are communicated separately. The installer only prompts for the generic GHCR login and runtime choices. Bundle-managed public-tls expects standard public ports 80/443. If you need a non-default published HTTPS port, use internal-tls and pass --https-port.

Choose a deployment mode

Mode Best for URL
internal-tls Private networks that still want TLS https://<host>
public-tls Internet-facing deployments with Let's Encrypt https://<host>

Start with internal-tls for private deployments, then move to public-tls once your hostname and certificate path are ready.

If you want to inspect supported releases before installing, use the manual binary flow on the install page and run ./walter-onprem versions.