docker 部署safeline雷池

雷池教程文档:https://docs.waf-ce.chaitin.cn/zh/上手指南/安装雷池/手动安装
雷池 safeline内网地址:localhost:9443

创建数据持久化目录

1
mkdir -p /mnt/mydisk/home/safeline && cd /mnt/mydisk/home/safeline

下载docker-compose.yaml

1
cd /mnt/mydisk/home/safeline && wget https://waf-ce.chaitin.cn/release/latest/compose.yaml

创建配置文件

1
2
3
4
5
6
7
8
9
10
11
12
touch /mnt/mydisk/home/safeline/.env && \
cat > /mnt/mydisk/home/safeline/.env <<'EOF'
SAFELINE_DIR=/mnt/mydisk/home/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
ARCH_SUFFIX=
RELEASE=
REGION=
EOF

下载离线镜像包

1
wget https://demo.waf-ce.chaitin.cn/image.tar.gz

加载离线镜像

1
cat image.tar.gz | gzip -d | docker load

拉取并运行

1
cd /mnt/mydisk/home/safeline && docker-compose up -d

如果是 ARM 服务器需要把 ARCH_SUFFIX改成 -arm
ARCH_SUFFIX=-arm
如果是安装 LTS 版本需要把 RELEASE 改成 -lts
RELEASE=-lts

查看登陆密码

1
docker exec safeline-mgt resetadmin

Nginx 配置

后台地址:https://safeline.example.com:666

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
mkdir -pm 755 /etc/nginx/conf.d && \
touch /etc/nginx/conf.d/safeline.conf && \
cat <<'EOF' | sed '1!{/^[[:space:]]*#/d;/^[[:space:]]*$/d}' > /etc/nginx/conf.d/safeline.conf
## nginx 反向代理: safeline 雷池
server {
    ## 监听666端口,并启用SSL
    listen 666 ssl;
    listen [::]:666 ssl;

    ## 替换为你的域名
    server_name safeline.example.com;

    ## 指定 SSL 证书文件和私钥文件的路径
    ssl_certificate /etc/nginx/keyfile/cert.pem;  
    ssl_certificate_key /etc/nginx/keyfile/key.pem;  
    ## 设置支持的SSL‮议协‬版本
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    # 启用服‮器务‬端加密套件优先
    ssl_prefer_server_ciphers on;
    ## 设置加密套件,优先用‮强高‬度加密算法,并排‮匿除‬名加‮套密‬件和MD5散列算法
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        ## 指定反向代理的服务地址
        proxy_pass http://10.10.10.251:9443;  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_redirect off;
        ## 开启缓存
        proxy_buffering on;
        ## 使用 HTTP/1.1 协议通信
        proxy_http_version 1.1;
    }
        ## 错误处理
        charset utf-8; ## 添加这行来指定编码
        error_page 404 500 502 503 504 /50x.html;
        location = /50x.html {
            root   /var/www/html;
    }
}
EOF

sudo systemctl restart nginx