Looking to protect your APIs, web apps, or enterprise endpoints with a full-featured Web Application Firewall (WAF) without the headache? This guide walks you through installing SafeLine WAF in about 10 minutes, with practical tips for DevOps teams.
Whether you prefer automatic deployment or hands-on manual control, you'll be up and running quickly, with full visibility and security.
Why SafeLine?
Even if you’re already using a cloud WAF (Cloudflare, AWS WAF, etc.), SafeLine gives you control, privacy, and observability:
- Self-hosted: Your traffic never leaves your infrastructure.
- Complete log visibility: See every request and response.
- Custom rule control: Tailor policies to your endpoints.
- Advanced protection: Bot defense, rate-limiting, and full application security.
With minimal prerequisites, SafeLine can protect your endpoints in minutes.
Pre-Install Checklist
Ensure your server meets these minimum requirements:
- OS: Linux (64-bit)
- Architecture: x86_64 or ARM64
- Docker: ≥ 20.10.14
- Docker Compose: ≥ 2.0.0
- Resources: ≥ 1 CPU, 1 GB RAM, 5 GB disk, SSSE3 support
Verify with:
uname -m
docker version
docker compose version
free -h
df -h
lscpu | grep ssse3
Step 1: Automatic Install (Recommended)
Run the one-liner installer:
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en
Once finished, open your browser and access the Web UI to get started.
Step 2: Manual Install (Optional)
Prefer manual control? Follow these steps:
# Create directory for SafeLine data
mkdir -p /data/safeline
cd /data/safeline
# Download docker-compose file
wget "https://waf.chaitin.com/release/latest/compose.yaml"
# Create .env file
touch .env
Populate .env with:
SAFELINE_DIR=/data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=chaitin
ARCH_SUFFIX=
RELEASE=
MGT_PROXY=0
⚡ Tip: For ARM servers, set
ARCH_SUFFIX=-arm. For LTS release, setRELEASE=-lts.
Launch SafeLine:
docker compose up -d
Step 3: Access Web UI & Create Admin Account
Open:
https://<your-safeline-ip>:9443/
Reset and view admin credentials:
docker exec safeline-mgt resetadmin
You’ll get:
[SafeLine] Initial username: admin
[SafeLine] Initial password: ********
💡 Save these securely!
Step 4: Basic Setup for Protection
Once logged in:
- Add your domain/application
- Configure SSL/TLS (Let’s Encrypt or custom certificate)
- Navigate to Policies → Enable Bot Protect and set up Rate Limiting
- Review default rules and add custom ones, e.g.:
docker exec -it safeline-cli set-rule /api/login rate-limit 5
Step 5: Monitor & Tune
- Monitor logs in real-time:
tail -f /data/safeline/logs/nginx/safeline/access.log
- Tune rules based on traffic patterns
- Run load tests to verify performance
- Backup your configuration regularly
- Keep SafeLine updated for security patches and new features
Final Thoughts
Installing a WAF in 10 minutes might sound ambitious — but SafeLine makes it realistic.
You’re not just deploying software; you’re giving your team:
- Visibility: Know exactly what’s happening on your endpoints
- Control: Granular rules for each API and web page
- Security posture: Real protection against bots, attacks, and traffic spikes
After your initial setup, iterate, scale, and customize to your environment’s needs. Happy protecting!
SafeLine Resources
- Website: https://ly.safepoint.cloud/ShZAy9x
- Live Demo: https://demo.waf.chaitin.com:9443/statistics
- Discord: https://discord.gg/dy3JT7dkmY
- Docs: https://docs.waf.chaitin.com/en/home
- GitHub: https://github.com/chaitin/SafeLine
Top comments (0)