Walter On-Prem
Bring up a local Walter stack with a real CLI.
Download a tiny bootstrap script, resolve a supported Walter release, and land in the browser setup flow without memorizing Compose flags.
CLI-first install
walter-onprem writes .env.deploy, stores the
deployment mode, refreshes the bundle safely, and starts the stack.
Browser-first setup
Walter handles bootstrap secrets automatically and lets you finish license, admin, and LLM setup in the browser after the stack comes up.
Usage budgets
Walter tracks weighted AI usage units so admins can cap deployment-wide consumption, add user overrides, and watch estimated LLM cost.
Manifest-driven upgrades
Operators can use versions, upgrade --patch,
upgrade --minor, or pin an exact image when needed.
Quick path
curl -fsSL https://onprem.walterops.com/install/install-walter.sh | bash
That command:
- downloads the right
walter-onprembinary for the current machine - resolves the latest stable Walter release from the manifest
- downloads the current on-prem bundle to
~/walter-onprem - verifies checksums before unpacking anything
- asks which deployment mode you want and explains
internal-tlsvspublic-tls - asks for the hostname or IP clients will use to reach Walter
- for fresh
internal-tlsinstalls, asks whether to keep the default published host ports80/443 - reuses existing Docker auth or prompts for the GHCR username and token Walter provided separately
- writes
.env.deploy - pulls the configured Walter image
- starts the stack with the mode and host you selected
After it finishes, open https://<the host you entered> and complete the in-browser setup flow.
Note
Registry credentials, license keys, and any customer-specific image access are communicated separately. The installer only prompts for the generic GHCR login and runtime choices.
Bundle-managed public-tls expects standard public ports 80/443. If you need a non-default published HTTPS port, use internal-tls and pass --https-port.
Choose a deployment mode
| Mode | Best for | URL |
|---|---|---|
internal-tls |
Private networks that still want TLS | https://<host> |
public-tls |
Internet-facing deployments with Let's Encrypt | https://<host> |
Start with internal-tls for private deployments, then move to public-tls once your hostname and certificate path are ready.
If you want to inspect supported releases before installing, use the manual binary flow on the install page and run ./walter-onprem versions.