Introduction to SafeLine
SafeLine is a powerful open-source web application firewall designed to protect web applications from a variety of security threats. This guide walks you through deploying SafeLine using Docker Compose, configuring its environment file (.env
), and running the required command to retrieve admin account login details after deployment.
Directory Setup
Before deploying SafeLine, you need to set up a directory to store its configuration and resources. Replace <user>
with your actual system username.
mkdir -p /home/<user>/docker/safeline
cd /home/<user>/docker/safeline
For example, if your username is techdox
:
mkdir -p /home/techdox/docker/safeline
cd /home/techdox/docker/safeline
Fetching the Docker Compose File
Download the SafeLine Docker Compose file:
wget "https://waf.chaitin.com/release/latest/compose.yaml"
This file does not need editing, but you must create a .env
file for the deployment.
.env
File Configuration
Create a .env
file in the same directory as the Compose file. Below is an example .env
file:
SAFELINE_DIR=/home/<user>/docker/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=testing
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=chaitin
ARCH_SUFFIX=
RELEASE=
Explanation of Variables
-
SAFELINE_DIR
: Path to the SafeLine directory. Replace<user>
with your username. -
IMAGE_TAG
: Specifies the image version. Uselatest
for the most recent version. -
MGT_PORT
: Port for the SafeLine Management service. -
POSTGRES_PASSWORD
: Password for the PostgreSQL database. Replace with a strong password. -
SUBNET_PREFIX
: Subnet prefix for the Docker network. Adjust as needed to avoid conflicts with existing networks. -
IMAGE_PREFIX
: Docker image prefix (default:chaitin
). -
ARCH_SUFFIX
: Architecture-specific suffix (leave empty for default). -
RELEASE
: Release version (leave empty for stable).
Docker Compose Configuration Breakdown
Networks
networks:
safeline-ce:
name: safeline-ce
driver: bridge
ipam:
driver: default
config:
- gateway: ${SUBNET_PREFIX:?SUBNET_PREFIX required}.1
subnet: ${SUBNET_PREFIX}.0/24
driver_opts:
com.docker.network.bridge.name: safeline-ce
-
name
: Defines the network name. -
driver
: Specifies the bridge network driver. -
ipam
: Configures IP allocation for the network. -
gateway
: The gateway address for the network. -
subnet
: Defines the subnet (e.g.,172.22.222.0/24
). -
driver_opts
: Sets advanced driver options (e.g., bridge name).
Services
PostgreSQL
services:
postgres:
container_name: safeline-pg
restart: always
image: ${IMAGE_PREFIX}/safeline-postgres${ARCH_SUFFIX}:15.2
volumes:
- ${SAFELINE_DIR}/resources/postgres/data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=safeline-ce
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?postgres password required}
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.2
command: [postgres, -c, max_connections=600]
healthcheck:
test: pg_isready -U safeline-ce -d safeline-ce
-
POSTGRES_PASSWORD
: Password for the database. -
volumes
: Stores persistent PostgreSQL data. -
networks
: Assigns the service a static IP address (${SUBNET_PREFIX}.2
).
Management Service
mgt:
container_name: safeline-mgt
restart: always
image: ${IMAGE_PREFIX}/safeline-mgt-g${ARCH_SUFFIX}${RELEASE}:${IMAGE_TAG:?image tag required}
ports:
- ${MGT_PORT:-9443}:1443
volumes:
- ${SAFELINE_DIR}/resources/mgt:/app/data
healthcheck:
test: curl -k -f https://localhost:1443/api/open/health
depends_on:
- postgres
- fvm
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.4
-
ports
: Exposes the management service on the host at port 9443 by default. -
depends_on
: Ensures thepostgres
andfvm
services start first.
Detector Service
detect:
container_name: safeline-detector
restart: always
image: ${IMAGE_PREFIX}/safeline-detector-g${ARCH_SUFFIX}${RELEASE}:${IMAGE_TAG}
volumes:
- ${SAFELINE_DIR}/resources/detector:/resources/detector
environment:
- LOG_DIR=/logs/detector
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.5
-
volumes
: Mounts logs and detector resources.
Other Services
-
tengine
: Handles traffic and communicates with detector. -
luigi
: Supports management services. -
fvm
: File version management. -
chaos
: Adds chaos testing features.
Deployment Steps
- Prepare the Directory and Files
mkdir -p /home/<user>/docker/safeline
Create a
.env
file based on the example above.Fetch the Docker Compose file:
wget "https://waf.chaitin.com/release/latest/compose.yaml"
- Deploy Safeline:
docker compose up -d
- Retrieve Admin Login Details: After deployment, run the following command to retrieve the admin account details:
docker exec safeline-mgt resetadmin
This command will display the admin username and password.
Conclusion
By following this guide, you have successfully deployed SafeLine using Docker Compose.
You can now access the SafeLine management service via the port specified in the .env
file (default: 9443).
For any technical support, you can post the question directly on our forum: https://safepoint.cloud/discussion (Our technicians will receive a notification and reply shortly). Or you can also post it in our Discord community: https://discord.gg/dy3JT7dkmY (We’ll check messages there every day).
Disclaimer
This guide is provided as-is for informational purposes only.
The author and contributors are not responsible for any issues arising from the use of this guide.
Always ensure you follow best security practices and test thoroughly in your environment.
Original Source
This article is based on the original content available at:
https://docs.techdox.nz/safeline/
Top comments (0)