DMCDMC Bilgi Teknolojileri
Installation & System Requirements

30 minutes, three scenarios

On-premise on Linux + Docker / Podman, isolated air-gap environment, or Azure / AWS / GCP cloud — single-command bootstrap.sh installation, all production prerequisites in one page.

System requirements 5-minute quickstart
2026-05-20 · Sıfırdan Azure VM'de uçtan uca dry-run doğrulandı (12/12 container, 4 source, 4 motor sample data, 5/5 smoke endpoint)
v1.7.25 (2026-06-09) — performans · ölçek · i18n: Veri biriktikçe dashboard'u yavaşlatan query_stats şişmesi kalıcı çözüldü: backend startup'ta otomatik index oluşturma + yüksek-hacim koleksiyonlar için lisanstan bağımsız retention cap (RAW_SAMPLES_RETENTION_DAYS, varsayılan 3 gün) + workload aggregate zaman filtresi. Sonuç: Mongo CPU saturation → 504 timeout giderildi (yük altında endpoint <0.4 s). Frontend 11 sayfa TR/EN i18n (1205 anahtar, tam parite). Standalone collector emekliye ayrıldı (backend zaten tüm motorları topluyor; profiles: deprecated). 5 servis ACR prod namespace v1.7.25 hizalı.
v1.7.22 (2026-05-26) — install/ + PDF/Excel kurumsal kimlik: PDF "Get Info" + Excel Backstage "Custom Properties" artık DMC BİLGİ TEKNOLOJİLERİ YAZILIM DANIŞMANLIK SANAYİ VE TİCARET LİMİTED ŞİRKETİ ünvanlı (önceden "Anonymous"). KVKK / Privacy / DPA yasal sayfalarda tam unvan + adres. 5 servis (backend + frontend + collector + ingestor + advisor) ACR prod namespace tek tag'de hizalı. Static container IP (mongo 172.30.0.10, backend 172.30.0.20) + Motor connection 20 s timeout + 20 s mongo keepalive · Türkçe Unicode font (DejaVu) PDF'de baked · install/smoke.sh 7 kontrol noktası. Müşteri demo'sundaki 502/500 race penceresi sıfırlandı, raporlar tam kurumsal kimlikli.
A4 Yazdırılabilir Kurulum Kılavuzu

Adım adım dummy-friendly anlatım — kurum içi paylaşım için PDF olarak indirin. Plain-language installation walkthrough, A4 PDF.

TR · PDF EN · PDF Çoklu Linux Kılavuzu (TR · PDF)
BAYİ / SHOWCASE
Müşteri prospect demosu — kendi domain'inizde

PoC öncesi 4 motorlu showcase (SQL Server / PG / MySQL / Mongo + auto-login viewer + GuidedTour). bootstrap-customer-demo.sh tek script — 4 kritik blokeri (frontend build-arg, CORS+nginx, certbot, bundle DCE) 15 dakikada kapatır. DEMO_MODE=true → lisans bypass'li, sadece showcase, satış kanalı değildir.

Bayi Kılavuzu (TR · PDF) bootstrap script (GitHub) [email protected]
30dkSingle-command install
3Scenarios: on-prem / air-gap / cloud
7Supported Linux distributions
SLABackup + DR runbook
System Requirements

Right size, right cost

Server size scales linearly with monitored instance count + retention. The table below is derived from real production deployments; oversize 20% above upper bound is recommended.

Hardware requirements

Scenario vCPU RAM Disk (SSD) Notes
Development / Demo 24 GB30 GB At least one test DB instance is required (each tenant connects to its own source)
Small (≤10 instances) 48 GB50 GB Recommended production minimum
Medium (50 instances) 816 GB200 GB Assumes 30-day retention
Large (200 instances) 1632 GB500 GB Mongo replica set (3 nodes) recommended
Enterprise (500+ instances) 3264 GB1 TB+ HA topology required, separate load balancer

Disk consumption: 0.5–2 GB / instance / month (depends on collection frequency + retention).

Operating system support

Distribution Version Container Runtime Status
Ubuntu22.04 LTS, 24.04 LTSDocker 24+ veya Podman 4+Full support
Debian12 (Bookworm)Docker 24+Full support
RHEL9, 8.6+Podman 4+ (default) veya DockerFull support
Oracle Linux9, 8Podman 4+Full support
Rocky Linux9Podman 4+Full support
AlmaLinux9Podman 4+Full support
openSUSE Leap15.5+Docker 24+⚠️ Community tested
Amazon Linux2023Docker 24+⚠️ Community tested

In SELinux enforcing mode, RHEL/Oracle/Rocky/Alma may require additional tuning; SELINUX runbook is a separate document.

Network ports

Port Protocol Direction Purpose
80 / 443HTTPSCustomer → SentinelWeb UI via reverse proxy
3000HTTPLANFrontend Nginx (without reverse proxy)
8001HTTPLANBackend FastAPI
27017TCPlocalhost onlyMongoDB — external access CLOSED
1433 / 5432 / 3306 / 27017TCPSentinel → Target DBReach to monitored databases

In production only 80/443 are exposed; other ports must be blocked at the firewall.

Installation Scenarios

Three different paths, same bootstrap.sh

A · On-Premise

Linux + Docker / Podman

On-premise on Ubuntu/RHEL/Debian with Docker or Podman. Internet available; image pull from ACR. 5-15 minute install.

  • Docker install via apt/dnf
  • git clone + bootstrap.sh interactive wizard
  • Reverse proxy + SSL for production
B · Air-Gap

Isolated network

Two-host model for bank core network, government, defense, insurance — prepare images on stage, transfer via USB/SCP to target, bootstrap on target.

  • Stage host: docker save → tar file
  • Target host: docker load + bootstrap.sh
  • Ed25519-signed offline license
Air-gap detail page →
C · Bulut

Azure / AWS / GCP

Same container images on managed Linux VM or Kubernetes. The cloud provider's managed databases (Azure SQL, RDS, Cloud SQL) can be monitored.

  • Azure VM B4ms / AWS t3.xlarge / GCP e2-standard-4
  • Cloud load balancer 443 → Sentinel
  • Additional network rules for cloud DBs
Single Command Install

One command, production-ready in 5 minutes

Run this one command on your Linux server as root. During installation you will only be asked for an admin email + password. Everything else is automatic: Docker is installed if missing, images are anonymously pulled from the registry, MongoDB Replica Set is brought up, the admin user is created. No Azure account or other credentials required.

Single command — same on all major Linux distributions

# Sunucunuza SSH ile bağlanın, sonra: curl -fsSL https://sentineldb360.com/install.sh | sudo bash

Supported Linux distributions

install.sh uses Docker's official get.docker.com convenience script — the same single command works identically on all distributions below:

Distribution Version Single command Note
Ubuntu22.04 / 24.04 LTSMost-tested
Debian12 (Bookworm) / 13Identical to Ubuntu
RHEL8 / 9Docker via dnf
Rocky Linux8 / 9RHEL-compatible
AlmaLinux8 / 9RHEL-compatible
Oracle Linux8 / 9RHEL-compatible
CentOS Stream9 / 10RHEL upstream
Fedora38+Docker official support
Amazon Linux2023Common on EC2
SUSE / openSUSELeap 15.5+First run zypper install docker docker-compose
Alpine3.18+First run apk add docker docker-cli-compose
Arch / ManjarorollingFirst run pacman -S docker docker-compose

⚠ marked distributions: Install Docker via your package manager first, then run the same single command. install.sh detects existing Docker and skips installation. Architecture: AMD64 (x86_64) — for ARM64, an air-gapped tarball is required (contact DMC).

Non-interactive (CI / IaC / Ansible)

# Admin bilgilerini env üzerinden geçin — soru sorulmaz curl -fsSL https://sentineldb360.com/install.sh | \ sudo [email protected] \ SENTINEL_ADMIN_PASS='GüçlüParola123!' \ bash

All environment variables (optional override)

Variable Description Default
SENTINEL_MODEInstall mode: poc or productionpoc
SENTINEL_ADMIN_EMAILFirst admin email (asked interactively in interactive mode)
SENTINEL_ADMIN_PASSFirst admin password (min 12 chars; production: upper+lower+digit+symbol)
SENTINEL_LICENSE_KEYEd25519-signed JWT license (required in production)
SENTINEL_PUBLIC_IPPublic IP override (Azure/AWS metadata auto-detected)auto-detect
SENTINEL_VERSIONImage versionv1.7.25
SENTINEL_BASE_URLAsset host override (your own mirror for air-gap)SWA URL
SENTINEL_ACR_USERNAMEPrivate ACR pull username (with token)— (anonymous)
SENTINEL_ACR_PASSWORDPrivate ACR pull password/token— (anonymous)
SENTINEL_FIREWALL_AUTOOPENufw/firewalld auto-open ports (80, 3000, 8001)poc=yes, prod=no
SENTINEL_SKIP_DOCKER_INSTALLSkip Docker installation (assumed already installed)no
SENTINEL_KEEP_PLAINTEXT_PASSDo not remove ADMIN_PASSWORD from .env after seed (warning)no
INSTALL_DIRInstall root directory/opt/sentineldb360

PoC vs Production modes

Switch between two main modes via SENTINEL_MODE. PoC for testing/evaluation, production for production deployment.

Behavior PoC (default) Production
SENTINEL_LICENSE_KEYOptional (LICENSE_LOCAL_FALLBACK=true)Required (Ed25519 JWT)
14-day free full feature— (license required)
Docker install confirmationAutomatic (silent)Interactive confirm
Firewall auto-openufw/firewalld opensSysadmin manual (command suggested)
Password policyMin 12 characters12 + upper + lower + digit + symbol
Min CPU2 vCPU4 vCPU
Min RAM4 GB8 GB
OS allowlistUnknown distros pass with warningStrict (Ubuntu/Debian/RHEL/Rocky/Alma/Oracle/CentOS/Fedora/Amazon Linux)
Plaintext password removed after seed✓ (enforced)

Production example (for enterprise customers)

# DMC'den lisans satırı aldıktan sonra: curl -fsSL https://sentineldb360.com/install.sh | \ sudo SENTINEL_MODE=production \ SENTINEL_LICENSE_KEY='eyJhbGciOiJFZERTQSI...' \ [email protected] \ SENTINEL_ADMIN_PASS='GüçlüProdParola123!@' \ bash

Air-gapped + Private ACR (banks, government, critical infrastructure)

# Asset'leri kendi intranet mirror'unuzda servis edin (sentineldb360.com erişimi yok) # ACR yerine kendi private registry mirror'unuzu pull edin sudo \ SENTINEL_MODE=production \ SENTINEL_BASE_URL=https://intranet.kurum.com/sentinel \ SENTINEL_ACR_USERNAME=mirror-pull \ SENTINEL_ACR_PASSWORD="$(cat /etc/sentinel/acr-token)" \ SENTINEL_LICENSE_KEY="$(cat /etc/sentinel/license.jwt)" \ SENTINEL_FIREWALL_AUTOOPEN=no \ bash install.sh

install.sh 9 stages (~5-10 min total)

  1. System check — OS allowlist, x86_64 required, CPU/RAM (mode-based min), disk, swap/OOM warning, SELinux Enforcing detection, port conflict (80/3000/8001-8004 via ss), network reachability test.
  2. Docker — Existing version + compose v2.20+ check. If absent, installed from get.docker.com with sha256 verification (interactive confirm in production mode); install log to /tmp/.
  3. Asset download — 11 files HTTPS-downloaded to /opt/sentineldb360/, retry+critical file integrity check.
  4. Container Registry access — If private credentials provided, docker login; otherwise anonymous pull verification (test image pulled then removed).
  5. Admin user — Interactive email + password prompt (TTY hack works with curl | bash) or env vars. Production mode enforces password policy.
  6. License — Production: SENTINEL_LICENSE_KEY JWT format check (xxxx.yyyy.zzzz). PoC: LICENSE_LOCAL_FALLBACK=true automatic.
  7. Configuration.env.production generated (chmod 600, root:root): 256-bit JWT/SECRET/ENC, MongoDB password, public IP auto-detected. Firewall mode-based.
  8. Containers — ACR pull (~2.5 GB), MongoDB keyfile + data dirs, docker compose up -d.
  9. Health check — Backend /api/health waits up to 120s, frontend + site, MongoDB RS 3/3 (container_name independent: compose ps -q), idempotent admin user verification (create_admin.py), plaintext ADMIN_PASSWORD removed from .env.

Enterprise hardening features

install.sh v2 is hardened for banking/government/critical infrastructure. The following checks are automatic:

After installation

# Tarayıcı: ekrana yazılan URL'e gidin http://<sunucu-public-ip>:3000/login # Admin: kurulumda girdiğiniz e-posta + parola # Loglar sudo docker compose -f /opt/sentineldb360/docker-compose.prod.yml logs -f # Servis durumu sudo docker compose -f /opt/sentineldb360/docker-compose.prod.yml ps # Sürüm yükselt (örn v1.7.26 çıktığında) sudo sed -i 's|:v1.7.25|:v1.7.26|g' /opt/sentineldb360/docker-compose.prod.yml sudo docker compose -f /opt/sentineldb360/docker-compose.prod.yml pull sudo docker compose -f /opt/sentineldb360/docker-compose.prod.yml up -d

License model — 14 days free, no license required

✓ A 14-day free full-feature PoC starts running the moment installation completes — you do not need to acquire a license from DMC, register, or provide a credit card. install.sh automatically sets LICENSE_LOCAL_FALLBACK=true; all 116 compliance tabs, AI Insights, blocking analysis, security center — everything is available.

What is a JWT license?

After 14 days, you receive a JWT license from DMC for permanent use. JWT (RFC 7519) — JSON Web Token — is a small text file containing customer name, plan tier (Starter / Professional / Enterprise), instance limit, validity date. Ed25519-signed (modern asymmetric cryptography) — signed by DMC's private key, verified on your server with the public key.

To request a license (after PoC ends or earlier): [email protected] — specify instance count and plan preference, license string is issued same-day via email. Prices: /pricing.

Cloud Installation

Three major clouds — same container, different paths

SentinelDB360 is cloud-agnostic — the same Docker images run on every cloud. The only difference is VM provisioning + network configuration + managed DB monitoring permissions. The guides below are for 50-instance scenarios; Kubernetes is recommended for larger.

Microsoft Azure

B4ms (4 vCPU, 16 GB RAM)

Azure VM (Standard_B4ms) + Premium SSD 200GB + NSG (allow 80/443). Azure SQL DB / MI / SQL Server on VM can be monitored. Application Gateway or Front Door can be the reverse proxy.

  • No official Marketplace listing yet (P2 backlog)
  • Azure Container Registry (ACR) integration ready
  • Azure AD SSO optional (SAML 2.0 / OIDC)
  • Azure Key Vault → secrets_loader integration

Amazon Web Services

t3.xlarge (4 vCPU, 16 GB RAM)

EC2 (t3.xlarge) + gp3 EBS 200GB + Security Group (allow 80/443). RDS (PostgreSQL/MySQL/SQL Server) + Aurora + DocumentDB can be monitored. ALB / CloudFront reverse proxy.

  • No official AWS Marketplace listing (P2 backlog)
  • ECR private registry integration
  • IAM Identity Center (SSO) optional
  • AWS Secrets Manager → secrets_loader integration (boto3)

Google Cloud Platform

e2-standard-4 (4 vCPU, 16 GB RAM)

Compute Engine (e2-standard-4) + SSD persistent disk 200GB + Firewall (allow 80/443). Cloud SQL (PostgreSQL/MySQL/SQL Server) + AlloyDB can be monitored. Cloud Load Balancing reverse proxy.

  • No official GCP Marketplace listing (P2 backlog)
  • Artifact Registry integration
  • Cloud Identity (SSO) optional
  • Secret Manager API → secrets_loader integration

Kubernetes (large scale)

Kubernetes recommended for 200+ instance scenarios — backend horizontal scale (replicas 2-N), Ingestor horizontal scale via Redis Streams consumer groups, MongoDB replica set as StatefulSet. AKS / EKS / GKE all supported; Helm chart in preparation (P2-3 backlog: combined with MongoDB sharding).

ClusteringRecommended Node SizeNode CountNotes
AKSStandard_D4s_v53+Azure CNI + Premium SSD storage class
EKSm5.xlarge3+EBS gp3 storage class + ALB ingress
GKEe2-standard-43+SSD persistent disk + GCE ingress
Production Hardening

Not done yet — do these for production

Reverse Proxy + SSL

Nginx / Apache / IIS ARR examples

3 ready-to-use config files (nginx/, examples/) — HTTPS, WebSocket upgrade, gzip, security headers (HSTS, CSP, X-Frame-Options) included. Works with corporate PKI certificates.

Backup + DR

BACKUP_RESTORE.md runbook

mongodump + oplog tail + LVM snapshot + 3-month restore drill cycle. RTO 30min / RPO 1hr targets. Drill checklist + DR log template.

Systemd / Auto-start

2 systemd unit files

For containers to auto-start after server reboot: sentinel-sd360.service + sentinel-sd360-collector.service. Lingering enabled for rootless mode.

Secrets / Vault

AWS Secrets Manager / HashiCorp Vault

secrets_loader.py reads JWT_SECRET, MongoDB password, API keys from vault. Not plain text in container env — compliant with corporate security policy.

SSO / Identity

SAML 2.0 + OIDC

Azure AD, Okta, Google Workspace, ADFS support. SSO_PROVIDER=oidc or saml. MFA TOTP/SMS (pyotp) as additional layer.

Self-Observability

Prometheus + /healthz + log correlation

Corporate SRE team can monitor Sentinel itself from Grafana. /metrics endpoint, /healthz subsystem checks, X-Request-ID correlation, 15-minute dedup error mail.

Upgrade & Troubleshooting

Version upgrade, troubleshooting

Version upgrade procedure

  1. Take backupmongodump --out /opt/sentineldb360/backup-$(date +%F) (BACKUP_RESTORE.md)
  2. Pull new imagesdocker compose -f docker-compose.prod.yml pull
  3. Read CHANGELOG.md — migration script may be needed for breaking changes
  4. Restart servicesdocker compose -f docker-compose.prod.yml up -d
  5. Health checkcurl http://localhost:8001/api/health should return 200; rollback to previous tag if needed

Top 5 most common issues

Symptom Cause Fix
backend returns HTTP 503 MongoDB replica set not initiated Check docker logs mongo-init; manual rs.initiate()
/api/v2/insights not responding Azure OpenAI key invalid or Ollama down Check AI_DEFAULT_PROVIDER=ollama + OLLAMA_URL
User cannot login (401) JWT_SECRET changed or cookie domain wrong Clear browser cookies + check reverse proxy SetCookie domain
Disk filling up rapidly Retention too long or XEvent ring too large Admin → Retention to 30 days + db.metrics_ts.dataSize()
License error "expired" JWT exp passed or HWID changed (hardware swap) Email [email protected] → new license file + docker compose restart
Doğrulama Kanıtı

Sıfırdan Azure VM — tek komut, sorunsuz

2026-05-20 günü resource group baştan oluşturuldu, fresh Ubuntu 22.04 VM (Standard B4ms) üzerinde install/ paketi adımları manuel müdahale olmadan koştu. Tüm yaşanan ilk-kez sorunları kalıcı olarak ACR image'lara baked. Müşteri release bu noktadan itibaren "docker compose pull && up" tek satıra düştü.

Kontrol Beklenen Gerçekleşen
Container sayısı12/12 Up✓ 12/12 healthy
Bootstrap source ekleme4/4 success✓ MSSQL + PG + MySQL + Mongo
Sample data — Postgres pagila1000 film✓ 1000
Sample data — diğer 3 motorMySQL sakila + Mongo sample_mflix + MSSQL AdventureWorks✓ build-time pre-baked
GET /200✓ 200
GET /healthz200✓ 200
POST /api/auth/demo-login200 + cookie✓ 200, sd360_session set
GET /api/auth/me200 + viewer JSON✓ Demo Visitor (viewer)
POST /api/sources403 (read-only)✓ 403 (nginx enforce)
Branding leak (Nebim)YOK✓ title + meta temiz

Kalıcı çözüme bağlanan 11 ilk-kez sorunu

İlk dry-run'da yaşanan sorunlar tek tek tespit edildi; kaynak Dockerfile/compose/env'ye baked, ACR'a push edildi. Müşteri release'inde tekrar yaşanmaz.

#SorunKalıcı çözüm
1Postgres alpine apt-get not foundpostgres:16 (debian) + sample SQL build-time gömülü
2MySQL Oracle Linux apt-get not foundSQL dump lokal'de indirilip COPY ile image'a göm
3Mongo init runtime apt-get installJSON dosyaları build-time /samples/'a baked, init mongoimport
4Backend /opt/sentineldb360 PermissionErrorCompose env SETTINGS_DIR=/tmp/sentinel-settings
5Backend LICENSE_ADMIN_SECRET required.env.example'a eklendi + auto-generate komutu doc'ta
6Frontend nginx upstream frontend:3000 resolve failFrontend image port 80'de dinler — nginx.conf server frontend:80
7Bootstrap "Invalid credentials" (env_file eksik)Compose'a env_file: [.env] eklendi
8Pagila SQL role "postgres" does not existDockerfile 00-postgres-role.sql pre-init (CREATE ROLE)
9"for Nebim" hard-coded brandingfrontend/public/index.html + BrandingContext.js + backend mock data temizlendi
10Cookie Secure flag HTTP testte gönderilmiyorDemo için COOKIE_SECURE=false (production install =true kalır, Cloudflare HTTPS varsayar)
11ACR Docker Hub rate-limit (paralel build)Sıralı retry + rate-limit reset bekle; long-term: ACR Cache Rule + Docker Hub PAT

Demo ortamı erişim bilgisi

demo.sentineldb360.com ziyaret eden herkese aynı viewer kullanıcısıyla otomatik login yapılır — login formu çıkmaz, parola istenmez. Demo bütünlüğünü korumak için bu bilgiler read-only: nginx katmanında tüm yazma istekleri (POST/PUT/DELETE/PATCH) 403 ile reddedilir, ayrıca admin login akışı (POST /api/auth/login) DEMO_MODE'da bloklanır. Ziyaretçi source ekleyemez, kullanıcı yaratmayamaz, parola değiştiremez.

RolKimlikErişimDeğiştirilebilir mi?
Demo viewer (otomatik) [email protected]
parolasız — auto-login cookie ile		 Tüm read endpoint'ler + NOC + dashboard + WebSocket canlı metrikler ✗ Hayır
Bootstrap admin (sadece source ekleme için) [email protected]
.env.demo'da openssl rand -hex 32 ile üretilir, asla site'de paylaşılmaz		 Sadece sentinel-bootstrap one-shot container'ın 4 source eklemek için ✗ Hayır (DEMO_MODE'da login bloklu)

İstisna: POST /api/auth/demo-login (login bypass), POST /api/auth/logout (oturum sonlandır), POST /api/auth/refresh (token yenile). Bunların dışında hiçbir POST/PUT/DELETE/PATCH demoda kabul edilmez. Demo verisi (4 hazır DB) her VM restart'ında image'dan yeniden üretilir; ziyaretçi değişiklikleri kalıcı olmaz.

Müşteri tek-komut release

# 1) VM provisioning (Azure örneği — diğer cloud için aynı pattern)
az group create -n rgSentinel -l westeurope
az vm create -g rgSentinel -n sentinel --image Ubuntu2204 --size Standard_B2ms \
  --admin-username azureuser --generate-ssh-keys --assign-identity
az vm open-port -g rgSentinel -n sentinel --port 80 --priority 1010
az role assignment create --assignee $(az vm show -g rgSentinel -n sentinel --query identity.principalId -o tsv) \
  --scope $(az acr show --name dmcacr22819 --query id -o tsv) --role AcrPull

# 2) VM'de Docker + ACR login
ssh azureuser@<VM_IP>
curl -fsSL https://get.docker.com | sudo sh
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
az login --identity && az acr login --name dmcacr22819

# 3) install/ paketini taşı + secret üret + başlat
scp -r install/ azureuser@<VM_IP>:~/sentinel-prod/
cd ~/sentinel-prod
cp .env.prod.example .env.prod
for k in JWT_SECRET SECRET_KEY APP_ENC_KEY LICENSE_ADMIN_SECRET; do
  echo "$k=$(openssl rand -hex 32)" >> .env.prod
done
sudo mkdir -p /opt/sentineldb360/mongo-data && sudo chown -R 999:999 /opt/sentineldb360/mongo-data

docker compose -f docker-compose.prod.yml --env-file .env.prod pull
docker compose -f docker-compose.prod.yml --env-file .env.prod up -d

# 4) Smoke (3 dk sonra)
curl http://localhost/healthz   # → {"status":"ok"}
curl http://localhost/api/health # → 200
Detailed Guides

This page is summary — full guides on GitHub

7 markdown guide files shipped with SentinelDB360 cover every scenario step-by-step. Part of the P0 package shipped to customers.

File Scope Size
docs/INSTALL.mdConnected install (Linux + Docker / Podman) full guide~8 KB
docs/AIRGAP_INSTALL.mdAir-gap (offline) install, two-host model, USB transfer~13 KB
docs/BACKUP_RESTORE.mdBackup + DR runbook, 3-month drill cycle checklist~11 KB
docs/RUNBOOK.mdOperational runbook (alarm response, troubleshooting)~10 KB
docs/SECURITY.mdSecurity policy, vulnerability disclosure~5 KB
nginx/ + examples/3 reverse proxy examples (Nginx, Apache, IIS ARR) + 2 systemd units
bootstrap.shInteractive install wizard, prerequisite checks, .env generation

All guides in Turkish; additional SELinux, Kubernetes Helm chart, and LDAP/AD integration guides on 2026 P2 backlog.

From demo to production with the same bootstrap.sh

Let's review your architecture before installation — 30 minutes to draw the plan together.

Request installation support Air-gap detail