SafeLine WAF Installation: System Requirements & Setup Guide

System Requirements

Ensure your system meets the following specifications before proceeding with the SafeLine installation:

• OS: Linux
• CPU Architecture: x86_64 (must support the SSSE3 instruction set) or ARM64
• Software: Docker 20.10.14+ and Docker Compose 2.0.0+
• Minimum Resources: 1 CPU core, 1 GB RAM, 5 GB available disk space

Run the following commands to verify your environment:

uname -m                                    # Verify CPU architecture
cat /proc/cpuinfo | grep "processor"        # Check CPU core count
lscpu | grep ssse3                          # Confirm SSSE3 support (for x86_64)
docker version                              # Check Docker version
docker compose version                      # Check Docker Compose plugin version
docker-compose version                      # Check legacy Docker Compose version
free -h                                     # Verify available RAM
df -h                                       # Verify available disk space

Install SafeLine

Choose the installation method that best suits your environment:

• Automatic Install: A streamlined, single-command process. Recommended for most users.
• Manual Install: Offers granular control for those comfortable managing Linux and Docker configurations.
• Offline Install: Designed for air-gapped servers or environments without internet access.

Automatic Install

Execute the following command to begin the automated setup. The process typically completes in under three minutes.

bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/manager.sh)"

Once the script finishes, the SafeLine installation is complete and the management console is ready for use.

Manual Install

Follow these steps to manage the deployment process manually.

1. Install Docker
Refer to the official Docker documentation to install the engine on your specific Linux distribution (Ubuntu, CentOS, Debian, Fedora, etc.).

2. Create the SafeLine Directory

mkdir -p "/data/safeline"

This directory serves as the installation root. You may modify this path, but ensure the chosen partition has at least 5 GB of free space—higher traffic environments will require more.

3. Download the Compose File

cd "/data/safeline"
wget "https://waf-ce.chaitin.cn/release/latest/compose.yaml"

4. Configure Environment Variables

Create a .env file in your installation directory:

cd "/data/safeline"
touch ".env"

Open the .env file in a text editor and add the following configuration. Replace yourpassword with a strong alphanumeric string; avoid using special characters in this field.

SAFELINE_DIR=/data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
ARCH_SUFFIX=
RELEASE=
REGION=

Configuration Notes:

• ARM Servers: Set ARCH_SUFFIX=-arm.
• LTS Version: Set RELEASE=-lts.
• Image Registry: If your server is located outside of China, set IMAGE_PREFIX=chaitin to pull images directly from Docker Hub.

5. Start SafeLine

cd "/data/safeline"
docker compose up -d

SafeLine is active once the containers are running.

Offline Install

Follow these steps for servers without an external network connection.

1. Install Docker: Manually transfer and install the Docker binaries on the offline machine.
2. Download the Image Package: Download the required SafeLine images on a machine with internet access and move the package to the target server.
3. Load the Images:

cat image.tar.gz | gzip -d | docker load

4. Finalize Configuration: Follow steps 2 through 5 of the Manual Install guide above to complete the setup.

Access the Console

Open your web browser and navigate to https://<safeline-ip>:9443/. Ensure that port 9443 is open in your system firewall and accessible from your network.

First Login

The installation process generates an administrator account automatically. If the login credentials are not displayed at the end of the script, you can reset the admin password manually using the following command:

docker exec safeline-mgt resetadmin

This command will output a new random password for the admin user. Use these credentials to log in.

Next Steps

The SafeLine WAF deployment is now operational. To begin protecting your web traffic, add your application details via the management console. For more specific configuration details, refer to the [Add Protected Site](help.waf-ce.chaitin.cn/) documentation.