https://github.com/chaitin/safeline
一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术,作为反向代理接入,保护你的网站不受黑客攻击。
浏览器打开后台管理页面 https://<waf-ip>:9443。
compose.yml
networks:
safeline-ce:
name: safeline-ce # 定义该子网名称
driver: bridge # 该子网为网桥模式
ipam:
driver: default
config:
- gateway: ${SUBNET_PREFIX:?SUBNET_PREFIX required}.1 # 定义网关为 SUBNET_PREFIX.1,若按上文设置,此处为 172.22.222.1
subnet: ${SUBNET_PREFIX}.0/24
driver_opts:
com.docker.network.bridge.name: safeline-ce
services:
postgres:
container_name: safeline-postgres
restart: always # 容器启动失败或崩溃时自动重启
image: postgres:15.2
volumes: # 开启的映射文件夹
- ${SAFELINE_DIR}/resources/postgres/data:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
- POSTGRES_USER=safeline-ce
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?postgres password required}
networks: # 使用上文的 safeline-ce 网络,IP 为 172.22.222.2
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.2
cap_drop:
- net_raw
command: [postgres, -c, max_connections=200] # 设置 postgres 的最大连接数
redis:
container_name: safeline-redis
restart: always
image: redis:7.0.11
volumes:
- ${SAFELINE_DIR}/resources/redis/data:/data
- /etc/localtime:/etc/localtime:ro
command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD}
networks:
safeline-ce: # 使用上文的 safeline-ce 网络,ip 为172.22.222.3
ipv4_address: ${SUBNET_PREFIX}.3
cap_drop:
- net_raw
sysctls:
net.core.somaxconn: "511"
management:
container_name: safeline-mgt-api
restart: always
image: chaitin/safeline-mgt-api:${IMAGE_TAG:?image tag required}
volumes:
- ${SAFELINE_DIR?safeline dir required}/resources/management:/resources/management
- ${SAFELINE_DIR}/resources/nginx:/resources/nginx
- ${SAFELINE_DIR}/logs:/logs
- /etc/localtime:/etc/localtime:ro
ports:
- ${MGT_PORT:-9443}:1443
environment:
- MANAGEMENT_RESOURCES_DIR=/resources/management
- NGINX_RESOURCES_DIR=/resources/nginx
- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@127.0.0.1/safeline-ce
- MANAGEMENT_LOGS_DIR=/logs/management
networks:
safeline-ce: # 使用上文的 safeline-ce 网络,IP 为 172.22.222.4
ipv4_address: ${SUBNET_PREFIX}.4
cap_drop:
- net_raw
detector:
container_name: safeline-detector
restart: always
image: chaitin/safeline-detector:${IMAGE_TAG}
volumes:
- ${SAFELINE_DIR}/resources/detector:/resources/detector
- ${SAFELINE_DIR}/logs/detector:/logs/detector
- /etc/localtime:/etc/localtime:ro
environment:
- LOG_DIR=/logs/detector
networks:
safeline-ce: # 使用上文的 safeline-ce 网络,IP 为 172.22.222.5
ipv4_address: ${SUBNET_PREFIX}.5
cap_drop:
- net_raw
mario:
container_name: safeline-mario
restart: always
image: chaitin/safeline-mario:${IMAGE_TAG}
volumes:
- ${SAFELINE_DIR}/resources/mario:/resources/mario
- ${SAFELINE_DIR}/logs/mario:/logs/mario
- /etc/localtime:/etc/localtime:ro
environment:
- LOG_DIR=/logs/mario
- GOGC=100
- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-postgres/safeline-ce
- REDIS_URL=redis://:${REDIS_PASSWORD}@safeline-redis:6379/0
networks:
safeline-ce: # 使用上文的 safeline-ce 网络,IP 为172.22.222.6
ipv4_address: ${SUBNET_PREFIX}.6
cap_drop:
- net_raw
tengine:
container_name: safeline-tengine
restart: always
image: chaitin/safeline-tengine:${IMAGE_TAG}
volumes:
- ${SAFELINE_DIR}/resources/nginx:/etc/nginx
- ${SAFELINE_DIR}/resources/management:/resources/management
- ${SAFELINE_DIR}/resources/detector:/resources/detector
- ${SAFELINE_DIR}/logs/nginx:/var/log/nginx
- /etc/localtime:/etc/localtime:ro
- ${SAFELINE_DIR}/resources/cache:/usr/local/nginx/cache
- /etc/resolv.conf:/etc/resolv.conf
environment:
- MGT_ADDR=${SUBNET_PREFIX}.4:9002 # 配置 mgt-api 的 grpc 服务器地址,用于与 mgt-api 容器通信
ulimits:
nofile: 131072
network_mode: host # Tengine 直接使用宿主机网络
签名:这个人很懒,什么也没有留下!
