SafeLine is a free and open-source Web Application Firewall (WAF) that’s fast to deploy and easy to use. Whether you're running a personal website or managing cloud-native services, SafeLine helps protect your web apps against modern attacks—without needing to write a single line of code.
It filters and monitors all HTTP traffic between users and your application, shielding your services from a wide range of threats like:
- SQL Injection
- Cross-Site Scripting (XSS)
- Code/Command Injection
- CRLF, LDAP, XPath Injection
- RCE, XXE, SSRF
- Path Traversal
- Backdoors
- Brute-force attacks
- Web crawlers / scrapers
- CC attacks and more
But did you know that one of the most important parts of SafeLine is actually... a hidden file?
Let’s take a look at the .env file inside the SafeLine installation directory and break down what it does.
Sample .env File
SAFELINE_DIR=/data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=7Y2WuXYxWQfquUWzo8wE0xIPvrtTrRTS
REDIS_PASSWORD=vVIBGagmn9VW1M9ikttGlsgy8SovwGqM
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
What Each Variable Means
SAFELINE_DIR=/data/safeline
This defines the directory on the host machine where SafeLine stores its data and config files.
✅ Ensures data persists across container restarts.
IMAGE_TAG=latest
Specifies the Docker image version to use.
✅ Setting it to latest means Docker will always pull the most up-to-date image.
MGT_PORT=9443
Sets the port for the SafeLine web management UI.
✅ The default is 9443, and you can access the dashboard via https://<host>:9443.
POSTGRES_PASSWORD=...
Defines the password used by SafeLine to connect to its PostgreSQL database.
✅ This value should be kept secure.
REDIS_PASSWORD=...
Sets the password for the Redis instance used by SafeLine.
✅ Like PostgreSQL, Redis handles session and cache data.
SUBNET_PREFIX=172.22.222
Defines the subnet prefix used for Docker networking.
✅ It helps assign static IPs to individual containers in SafeLine.
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
Specifies the Docker image registry path from which SafeLine images are pulled.
✅ In this case, it's hosted on Huawei Cloud.
Customizing SafeLine
These values are the default settings, but you’re free to modify them as needed. Want to change the default port? Use a different subnet? Point to a private image registry? Just edit the .env file and restart your containers.
This gives you full control over how SafeLine runs in your environment—whether it’s a personal VPS or part of a large-scale cloud deployment.
Why This Matters
Most users ignore the .env file—but in SafeLine, it’s the central place to configure paths, credentials, networking, and image sources.
Understanding these variables allows you to:
- Avoid port conflicts
- Use custom passwords for better security
- Run SafeLine in air-gapped or enterprise environments
- Tune network settings for container communication
Take five minutes to review your .env—you might save hours down the road.
Top comments (0)