Effortless SafeLine Updates: One Script to Rule Them All

#websecurity #waf #safeline #cybersecurity

Keeping your SafeLine WAF installation up to date is critical for security, performance, and access to new features.

But manual updates can be tedious. Luckily, this all-in-one Bash script automates the process—from stopping containers to creating backups, pulling new images, and restarting services—so you can focus on building, not patching.

Why Use an Update Script?

This script handles everything for you:

Safely stops running containers before updates
Creates timestamped backups of your resources
Prunes old backups automatically
Fetches the latest compose.yaml from the official release
Pulls the latest Docker images
Restarts containers in detached mode quickly

Step 1: Save the Script

Create a file called update.sh inside your SafeLine installation directory:

#!/bin/bash
set -e

TARGET_DIR="/opt/safeline"
RES_DIR="$TARGET_DIR/resources"
BACKUP_DIR="$TARGET_DIR/backups"
KEEP_BACKUPS=14

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log_info()    { echo -e "${BLUE}ℹ️  $1${NC}"; }
log_success() { echo -e "${GREEN}✅ $1${NC}"; }
log_warn()    { echo -e "${YELLOW}⚠️  $1${NC}"; }
log_error()   { echo -e "${RED}❌ $1${NC}"; }

log_info "Switching to target directory: $TARGET_DIR"
cd "$TARGET_DIR" || { log_error "Directory $TARGET_DIR not found"; exit 1; }
[ -d "$RES_DIR" ] || { log_error "Resources directory $RES_DIR not found"; exit 1; }
mkdir -p "$BACKUP_DIR"

log_info "Stopping existing containers..."
docker compose down --remove-orphans
log_success "Containers stopped"

log_info "Waiting 5 seconds..."
sleep 5
log_success "Done waiting"

TS="$(date +%Y%m%d-%H%M%S)"
BACKUP_FILE="$BACKUP_DIR/resources-$TS.tar.gz"
log_info "Creating backup (ignoring resources/sock/): $BACKUP_FILE"
tar --exclude="resources/sock" -czf "$BACKUP_FILE" -C "$TARGET_DIR" resources
log_success "Backup created"

log_info "Pruning old backups, keeping latest $KEEP_BACKUPS..."
ls -1t -- "$BACKUP_DIR"/resources-*.tar.gz 2>/dev/null | sed -n "$((KEEP_BACKUPS+1)),\$p" | xargs -r rm -f --
log_success "Old backups pruned"

log_info "Fetching latest compose.yaml..."
wget -q -O compose.yaml "https://waf.chaitin.com/release/latest/compose.yaml"
log_success "compose.yaml updated"

log_info "Pulling latest Docker images..."
docker compose pull
log_success "Docker images updated"

log_info "Starting containers in detached mode..."
docker compose up -d
log_success "Containers are up and running 🚀"

log_success "Update process completed 🎉"

Step 2: Adjust Variables

TARGET_DIR: Path to your SafeLine installation
KEEP_BACKUPS: Number of recent backups to keep

Step 3: Make the Script Executable

chmod +x update.sh

Step 4: Run the Script

./update.sh

⚡ Tip: Schedule with cron for automated regular updates, or run manually when a new release drops.

Notes

Backups are stored in the backups directory within your SafeLine installation.
resources/sock/ is excluded as it contains temporary runtime files.
Rollback is easy: restore contents from a previous backup if needed.

With this script, keeping your SafeLine WAF fresh, secure, and performant becomes effortless.