Docker has become the go-to solution for deploying lightweight, portable applications—but out-of-the-box setups often lack critical security and performance tuning. In this guide, you’ll learn how to:
- Install and optimize Docker on CentOS
- Tune the system for stability and efficiency
- Secure your containers with SafeLine WAF, a free and powerful Web Application Firewall
Let’s get started.
Step-by-Step Docker Installation (CentOS)
1. Install Docker via Script
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
2. Add Aliyun Mirror Repo
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3. Install Required Dependencies
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
4. Remove Old Docker Versions
yum remove docker docker-client docker-common docker-latest docker-engine
5. List Available Versions
yum list docker-ce --showduplicates | sort -r
6. Install a Specific Version (Optional)
yum install docker-ce-19.03.13 docker-ce-cli-19.03.13 containerd.io
7. Or Install the Latest Version
yum -y install docker-ce
8. Start and Enable Docker
systemctl start docker
systemctl enable docker
Docker Optimization Tips
Move Docker Data to a New Directory
systemctl stop docker
mkdir -p /home/jamelli/docker/data/lib
rsync -r -avz /var/lib/docker /home/jamelli/docker/data/lib
Update the Docker service config:
cat <<EOF > /etc/systemd/system/docker.service.d/devicemapper.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --graph=/home/jamelli/docker/data/lib/docker
EOF
systemctl daemon-reload
systemctl restart docker
Configure Log Rotation
cat <<EOF > /etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
EOF
systemctl restart docker
Free Up Disk Space
Run these commands to clean up unused resources:
docker system df
docker system prune
docker system prune -a
docker system df -v
Useful Docker Commands
docker system df # Disk usage
docker image ls # List images
docker info # System details
docker stats # Live container metrics
docker logs -f <container> # Follow logs in real-time
Add SafeLine WAF to Secure Your Stack
Now that Docker is optimized, it's time to secure it. SafeLine WAF is a high-performance, open-source Web Application Firewall that protects against SQL injection, XSS, RCE, SSRF, brute-force attacks, and more.
1. Install SafeLine
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en
2. Open the Management Port
firewall-cmd --zone=public --add-port=9443/tcp --permanent
firewall-cmd --reload
Then visit:
https://<your-server-ip>:9443/
SafeLine: Your Docker Security Layer
SafeLine sits in front of your Dockerized apps, acting as a smart gatekeeper. It inspects traffic and blocks known attack patterns, all while maintaining high performance thanks to its Nginx-based architecture.
It’s a great fit for any modern DevSecOps pipeline—and it’s completely free.
Fix: Docker TLS Handshake Timeout
If pulling images fails with this error:
Error response from daemon: net/http: TLS handshake timeout
Add a registry mirror:
sudo vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
systemctl daemon-reload
systemctl restart docker
✅ Final Thoughts
By combining Docker and SafeLine WAF, you're not just deploying fast—you’re deploying securely. Whether you're building internal apps, SaaS platforms, or production APIs, this setup will help you run efficiently while minimizing exposure to real-world threats.
Top comments (0)