In today's web security landscape, choosing the right Web Application Firewall (WAF) is critical. SafeLine offers a free, open-source WAF that’s not only powerful but developer-friendly. It helps secure websites against a wide range of threats — with minimal setup.
This article walks you through the mgt service configuration in the docker-compose.yml file for the SafeLine, helping you understand how the core management component is structured.
What is docker-compose.yml?
docker-compose.yml is the backbone of Docker Compose, defining and managing multi-container Docker applications. With it, you can spin up, stop, and manage interdependent services using a single command.
Now let’s dive into how the mgt service is configured.
mgt Service Explained
The mgt service handles core system operations and orchestration for SafeLine. Here's a breakdown of its Compose configuration:
Basic Settings
container_name: safeline-mgt
- Gives the container a fixed name (
safeline-mgt) instead of Docker's default random names, making it easier to manage.
restart: always
- Ensures the container restarts automatically after a crash or reboot — improving availability.
image: ${IMAGE_PREFIX}/safeline-mgt:${IMAGE_TAG:?image tag required}
- Specifies the image to use, with version and registry prefix defined via environment variables (
IMAGE_PREFIX,IMAGE_TAG), usually stored in a.envfile.
Volume Mounts
volumes:
- /etc/localtime:/etc/localtime:ro
- Syncs container timezone with the host system.
- ${SAFELINE_DIR}/resources/mgt:/app/data
- Persists
mgtservice data to ensure it survives container restarts.
- ${SAFELINE_DIR}/logs/nginx:/app/log/nginx:z
- Maps Nginx logs from the container to the host for easier access and analysis.
- ${SAFELINE_DIR}/resources/sock:/app/sock
- Mounts socket files used for inter-service communication.
- /var/run:/app/run
- Provides runtime environment by exposing necessary host system directories.
Networking & Ports
ports:
- ${MGT_PORT:-9443}:1443
- Exposes the container’s
1443port to the host. Defaults to9443unlessMGT_PORTis defined in.env.
Health Check
healthcheck:
test: curl -k -f ...
- Runs a health check using
curlto verify the service is up and responsive.
Environment Variables
environment:
- MGT_PG=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce?sslmode=disable
- Defines the Postgres connection string for the
mgtservice. - The password is pulled from the
POSTGRES_PASSWORDenvironment variable in.env.
Dependencies
depends_on:
- postgres
- fvm
- Ensures that the
postgresandfvmservices start beforemgt, guaranteeing proper service startup order.
Logging Configuration
logging:
options:
max-size: "100m"
max-file: "5"
- Limits each log file to 100MB and keeps a maximum of 5 rotated files to avoid disk overuse.
Network Configuration
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.4
- Assigns a static IP address to the
mgtservice using a subnet prefix (SUBNET_PREFIX) defined in.env.
Summary
The mgt service is the brain of the SafeLine WAF setup. Its Docker Compose configuration ensures persistent data, smooth networking, secure database access, and reliable uptime — all essential for running a production-ready WAF.
Top comments (2)
That’s a great explanation of how the SafeLine WAF mgt service works in Docker Compose, very informative! Speaking of smart system setups, many homeowners and builders are now improving their building efficiency with flash batt wall systems Columbia, TN, which combine spray foam and fiberglass batts for better insulation, moisture control, and overall comfort. You can learn more about this hybrid solution at Upgrade Spray Foam Insulation.
Make sure that the postgres and fvm services start before mgt , fnfgo ensuring proper service startup order.