In today's web security landscape, choosing the right Web Application Firewall (WAF) is critical. SafeLine offers a free, open-source WAF that’s not only powerful but developer-friendly. It helps secure websites against a wide range of threats — with minimal setup.
This article walks you through the mgt
service configuration in the docker-compose.yml
file for the SafeLine, helping you understand how the core management component is structured.
What is docker-compose.yml
?
docker-compose.yml
is the backbone of Docker Compose, defining and managing multi-container Docker applications. With it, you can spin up, stop, and manage interdependent services using a single command.
Now let’s dive into how the mgt
service is configured.
mgt
Service Explained
The mgt
service handles core system operations and orchestration for SafeLine. Here's a breakdown of its Compose configuration:
Basic Settings
container_name: safeline-mgt
- Gives the container a fixed name (
safeline-mgt
) instead of Docker's default random names, making it easier to manage.
restart: always
- Ensures the container restarts automatically after a crash or reboot — improving availability.
image: ${IMAGE_PREFIX}/safeline-mgt:${IMAGE_TAG:?image tag required}
- Specifies the image to use, with version and registry prefix defined via environment variables (
IMAGE_PREFIX
,IMAGE_TAG
), usually stored in a.env
file.
Volume Mounts
volumes:
- /etc/localtime:/etc/localtime:ro
- Syncs container timezone with the host system.
- ${SAFELINE_DIR}/resources/mgt:/app/data
- Persists
mgt
service data to ensure it survives container restarts.
- ${SAFELINE_DIR}/logs/nginx:/app/log/nginx:z
- Maps Nginx logs from the container to the host for easier access and analysis.
- ${SAFELINE_DIR}/resources/sock:/app/sock
- Mounts socket files used for inter-service communication.
- /var/run:/app/run
- Provides runtime environment by exposing necessary host system directories.
Networking & Ports
ports:
- ${MGT_PORT:-9443}:1443
- Exposes the container’s
1443
port to the host. Defaults to9443
unlessMGT_PORT
is defined in.env
.
Health Check
healthcheck:
test: curl -k -f ...
- Runs a health check using
curl
to verify the service is up and responsive.
Environment Variables
environment:
- MGT_PG=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce?sslmode=disable
- Defines the Postgres connection string for the
mgt
service. - The password is pulled from the
POSTGRES_PASSWORD
environment variable in.env
.
Dependencies
depends_on:
- postgres
- fvm
- Ensures that the
postgres
andfvm
services start beforemgt
, guaranteeing proper service startup order.
Logging Configuration
logging:
options:
max-size: "100m"
max-file: "5"
- Limits each log file to 100MB and keeps a maximum of 5 rotated files to avoid disk overuse.
Network Configuration
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.4
- Assigns a static IP address to the
mgt
service using a subnet prefix (SUBNET_PREFIX
) defined in.env
.
Summary
The mgt
service is the brain of the SafeLine WAF setup. Its Docker Compose configuration ensures persistent data, smooth networking, secure database access, and reliable uptime — all essential for running a production-ready WAF.
Top comments (0)