Skip to content

Walter On-Prem

Bring up a local Walter stack with a real CLI.

Download a tiny bootstrap script, resolve a supported Walter release, and land in the browser setup flow without memorizing Compose flags.

CLI-first install

walter-onprem writes .env.deploy, stores the deployment mode, refreshes the bundle safely, and starts the stack.

Browser-first setup

Walter handles bootstrap secrets automatically and lets you finish license, admin, and LLM setup in the browser after the stack comes up.

Usage budgets

Walter tracks weighted AI usage units so admins can cap deployment-wide consumption, add user overrides, and watch estimated LLM cost.

Manifest-driven upgrades

Operators can use versions, upgrade --patch, upgrade --minor, or pin an exact image when needed.

Quick path

curl -fsSL https://onprem.walterops.com/install/install-walter.sh | bash

That command:

  • downloads the right walter-onprem binary for the current machine
  • resolves the latest stable Walter release from the manifest
  • downloads the current on-prem bundle to ~/walter-onprem
  • verifies checksums before unpacking anything
  • asks which deployment mode you want and explains internal-tls vs public-tls
  • asks for the hostname or IP clients will use to reach Walter
  • for fresh internal-tls installs, asks whether to keep the default published host ports 80/443
  • reuses existing Docker auth or prompts for the GHCR username and token Walter provided separately
  • writes .env.deploy
  • pulls the configured Walter image
  • starts the stack with the mode and host you selected

After it finishes, open https://<the host you entered> and complete the in-browser setup flow.

Note

Registry credentials, license keys, and any customer-specific image access are communicated separately. The installer only prompts for the generic GHCR login and runtime choices. Bundle-managed public-tls expects standard public ports 80/443. If you need a non-default published HTTPS port, use internal-tls and pass --https-port.

Choose a deployment mode

Mode Best for URL
internal-tls Private networks that still want TLS https://<host>
public-tls Internet-facing deployments with Let's Encrypt https://<host>

Start with internal-tls for private deployments, then move to public-tls once your hostname and certificate path are ready.

If you want to inspect supported releases before installing, use the manual binary flow on the install page and run ./walter-onprem versions.