SafeLine is an open-source Web Application Firewall (WAF) developed by Chaitin Tech. It acts like a security guard for your website, filtering out malicious traffic before it reaches your server. In this guide, I’ll walk you through how to deploy SafeLine on a Linux server using Docker – from environment checks to installation and configuration. Let’s get started! 🛠️
✅ Environment Check – What You Need Before Installing
Make sure your server meets these minimum requirements:
- OS: Linux (x86_64 architecture)
- Docker: version 20.10.14 or higher
- Docker Compose: version 2.0.0 or higher
- Resources: at least 1 CPU core, 1 GB RAM, 5 GB free disk space
Run these commands to check your setup:
uname -m # Check system architecture
docker version # Check Docker version
docker compose version # Check Docker Compose version
cat /proc/cpuinfo | grep processor # CPU info
free -h # Memory info
df -h # Disk space
lscpu | grep ssse3 # Check CPU supports ssse3 instruction set
If Docker is not installed yet, please continue reading in Part 2 and scroll down to the Docker installation section. 👇
⚡ Installing SafeLine WAF
Recommended: One-Command Online Install
If your server has internet access, just run:
bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
If you want to speed up downloads on Huawei Cloud, run:
CDN=1 bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
To install the latest streaming detection mode, use:
STREAM=1 bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
🔐 Logging Into SafeLine
- Open your browser and visit:
https://<waf-ip>:9443 - Use the initial admin password printed in your terminal after installation.
Forgot the password? Reset it with:
docker exec safeline-mgt resetadmin
- Follow the on-screen instructions to scan the QR code with a TOTP app (like Google Authenticator), then enter the generated code to log in.
🌐 Configuring Your Website
SafeLine works as a reverse proxy, just like Nginx. Your website traffic first hits SafeLine, which inspects and filters requests before forwarding them to your backend server.
🏗️ Deployment Scenarios (Overview)
In the next article, we will cover detailed deployment scenarios, including recommended and alternative setups, along with advanced protection features.
You’ve completed the environment check, installation, and login steps!
👉 Continue reading in Part 2: Deployment Scenarios & Advanced Protection with SafeLine WAF
🤝 Join Our Community
For any technical support, you can post the question directly on our forum: https://safepoint.cloud/discussion (Our technicians will receive a notification and reply shortly).
Or you can also post it in our Discord community: https://discord.gg/dy3JT7dkmY (We’ll check messages there every day)
📢 Notes
This article is originally written by the author and follows CC 4.0 BY-SA license. Please keep the original link and this statement when sharing.
Original link: https://blog.csdn.net/m0_74375496/article/details/140550745
Top comments (4)
insane how much you gotta set up just for security - every time i do this stuff it feels like a puzzle. you think making it easier would mean folks actually keep their servers protected better or nah?
Totally get you — setting this up always feels like solving a riddle. And yeah, making it simpler could definitely help more folks keep their stuff secure. But I guess the challenge is balancing flexibility with ease of use. Curious how others handle this too.
yeah setting this up looks pretty chill, but honestly every time i deal with firewalls i end up second guessing myself - you think the real pain is in config or handling false alarms later down the road
Same here. Config is already a headache, but chasing down false positives later? That’s next-level frustrating. I’d say both are pain points, but at least with config, once it’s dialed in, it stays out of your way.