Sphere

Site-wide alert banners,
one DNS record

Maintenance windows, incidents, notices — pushed to every site you run, without redeploying anything.

SphereAlert is a self-hosted, Dockerized web app. Manage alerts from one dashboard; it writes a TXT record to each domain's DNS provider, and a tiny client script reads that record and renders the banner. Your DNS API keys never leave your box, and SphereAlert never phones home.

Deploy with Docker View on GitHub
ASP.NET Core 8 · C# Embedded SQLite AES-256-GCM credentials MIT · self-hosted
14DNS providers
3Alert slots per domain
Domains & alerts
1DNS record to change
Features

Operator-friendly alerting, end to end

From a single dashboard to every visitor's browser — no redeploys, no third parties.

📢

One dashboard, every site

Pick the domains, a level, and a slot, type a message, hit Send. The banner goes live on all of them at once.

🌐

Pushes via DNS

SphereAlert writes a TXT record to each domain's provider in parallel. Browsers read it over DNS-over-HTTPS on page load.

🎚️

Levels & slots

Five severity levels and three stackable slots per domain — info notices and critical incidents side by side.

⏱️

Auto-expiry scheduler

Set an end time and a background worker clears the alert automatically every 60 seconds.

🔒

Encrypted credentials

Provider API keys are encrypted at rest with AES-256-GCM before they touch the database, and never leave your box.

📜

Full audit trail

Every push, clear, and expiry is recorded in History — and even cleared records leave a timestamped note behind.

🧩

Drop-in client script

Add one CDN <script> tag, or use zip-injection to add it to every HTML file in your build automatically.

🛡️

Single-admin, private

One admin account, session-based auth, forced credential change on first login. No sign-up, no phone-home.

🐳

Runs anywhere

A .NET 8 container with embedded SQLite. docker compose up and you're live on port 7227.

How it works

From dashboard to banner in seconds

You manage alerts in one place; DNS does the distribution.

  1. 1

    Run the container

    Start SphereAlert and add your DNS provider credentials — encrypted before they hit the database.

  2. 2

    Add the client script

    Drop one <script> tag in the <head> of pages that should show alerts.

  3. 3

    Raise an alert

    Pick the domains, a level, and a slot, write a message (≤ 240 chars), and Send.

  4. 4

    SphereAlert writes DNS

    A small JSON payload is written to a TXT record at alert.<domain> on every selected provider, in parallel.

  5. 5

    Visitors see the banner

    Each page load reads the record over DNS-over-HTTPS and renders the banner. Timed alerts clear themselves.

  operator ──> SphereAlert ──> DNS provider API ──> TXT record at alert.<domain>
   (web UI)    (:7227)                                      │
                                                            ▼
                          visitor's browser  <──  sphere-alert.js reads it
                                renders banner
DNS Providers

Works with your DNS

Fourteen provider integrations — credentials are tested before you rely on them.

Credentials are encrypted with AES-256-GCM before they touch the database, and a Test button verifies they reach the provider's API.

Quick Start

Up and running in one command

SphereAlert listens on port 7227 in the container.

git clone https://github.com/kl3mta3/SphereAlert.git
cd SphereAlert
docker compose up -d --build

# Then open the dashboard
# http://<host>:7227/
services:
  spherealert:
    build: .
    ports:
      - "7227:7227"
    environment:
      - SPHEREALERT_DATA_DIR=/data
      - SPHEREALERT_LOG_LEVEL=Info
    volumes:
      - spherealert-data:/data
    restart: unless-stopped

volumes:
  spherealert-data:
<!-- Add inside the <head> of pages that should show alerts -->
<script src="https://cdn.jsdelivr.net/gh/kl3mta3/SphereAlert@main/js/sphere-alert.js"></script>
First login: open the app with admin / pass123.
⚠ You'll be required to set a new username and password before doing anything else.
spherealert-data

Named volume at /data — database, keyfile & logs. Survives rebuilds.

SPHEREALERT_DATA_DIR

Directory for the database, keyfile, and logs. Default /data.

SPHEREALERT_LOG_LEVEL

Info or Debug. Default Info.

The TXT record

A banner is just JSON in DNS

Each domain has three slots — alert, alert2, alert3 — rendered stacked. Each slot's TXT record is one JSON object.

{"l":2,"m":"Maintenance Sat 7am-9am","d":1,"s":0}
FieldRequiredMeaning
lyeslevel — 0 info, 1 low, 2 medium, 3 high, 4 critical
myesmessage text (≤ 240 chars)
dnodismissable — 1 yes (default), 0 no
snoforce scroll-on-hover — 1 yes, 0 auto (default)
  • 0 · Info
  • 1 · Low
  • 2 · Medium
  • 3 · High
  • 4 · Critical

Anything that isn't valid JSON renders no banner. Clearing or expiring an alert replaces the record with a Cleared <timestamp> note — so the record itself is an audit trail.

Documentation

Learn more

Full setup, usage, and architecture details live in the repository.

README & Quick start →

Install, configure, and push your first alert.

TXT record format →

The exact JSON payload SphereAlert writes to DNS.

Using SphereAlert →

Providers, domains, pushing alerts, and the client script.

Architecture →

Stack, auth, security, scheduler, and endpoints.

SphereSSL →

Sibling product — manage and auto-renew your own SSL certs.

Support & Issues →

Found a bug or want a provider? Open an issue or a PR.
License

Free and open

SphereAlert is released under the MIT License — fork it, study it, self-host it, and use it however you like.

Part of the Sphere family of self-hosted infrastructure tools. © 2026 Kenneth Lasyone.

Read the license

Put a banner on every site in seconds

Deploy SphereAlert with Docker and push your first alert today.

Get Started Star on GitHub