docker 部署safeline雷池
雷池教程文档:
https://docs.waf-ce.chaitin.cn/zh/上手指南/安装雷池/手动安装
雷池 safeline内网地址:
localhost:9443
创建数据持久化目录
1
|
mkdir -p /mnt/mydisk/home/safeline && cd /mnt/mydisk/home/safeline
|
下载docker-compose.yaml
1
|
cd /mnt/mydisk/home/safeline && wget https://waf-ce.chaitin.cn/release/latest/compose.yaml
|
创建配置文件
1
2
3
4
5
6
7
8
9
10
11
|
touch /mnt/mydisk/home/safeline/.env && cat > /mnt/mydisk/home/safeline/.env <<'EOF'
SAFELINE_DIR=/mnt/mydisk/home/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
ARCH_SUFFIX=
RELEASE=
REGION=
EOF
|
下载离线镜像包
1
|
wget https://demo.waf-ce.chaitin.cn/image.tar.gz
|
加载离线镜像
1
|
cat image.tar.gz | gzip -d | docker load
|
拉取并运行
1
|
cd /mnt/mydisk/home/safeline && docker-compose up -d
|
如果是 ARM 服务器需要把 ARCH_SUFFIX改成 -arm
ARCH_SUFFIX=-arm
如果是安装 LTS 版本需要把 RELEASE 改成 -lts
RELEASE=-lts
查看登陆密码
1
|
docker exec safeline-mgt resetadmin
|
nginx 反向代理
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
touch /etc/nginx/conf.d/safeline.conf && cat <<'EOF' | sed '1!{/^[[:space:]]*#/d;/^[[:space:]]*$/d}' > /etc/nginx/conf.d/safeline.conf
## nginx 反向代理: 雷池safeline
server {
## 监听666端口,并启用SSL
listen 666 ssl;
listen [::]:666 ssl;
## 替换为你的域名
server_name safeline.mobufan.eu.org;
## 指定 SSL 证书文件和私钥文件的路径
ssl_certificate /etc/nginx/keyfile/cert.pem;
ssl_certificate_key /etc/nginx/keyfile/key.pem;
location / {
## 指定反向代理的服务地址
proxy_pass https://localhost:9443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_redirect off;
proxy_buffering on; #开启缓存
# 使用 HTTP/1.1 协议与后端服务器通信
proxy_http_version 1.1;
client_max_body_size 20000m;
}
}
EOF
sudo systemctl restart nginx
|
