Carrie

Posted on Jul 4

How to Deploy SafeLine WAF on a CyberPanel VPS

#cyberpanel #vulnerabilities #bugbounty #waf

SafeLine is a self-hosted Web Application Firewall (WAF) that operates independently from any specific control panel, including CyberPanel. This guide explains how to deploy SafeLine on a VPS where CyberPanel is already installed.

Compatibility Overview

SafeLine is not a plugin for CyberPanel.
It works as a reverse proxy, handling traffic before it reaches your CyberPanel-managed websites.
You can deploy SafeLine on the same VPS as CyberPanel, provided you avoid port conflicts.

Prerequisites

A VPS with CyberPanel pre-installed
Ubuntu 20.04 or 22.04 LTS (recommended)
CPU with SSSE3 support
Public IP address (or a domain pointing to the VPS)
Docker and Docker Compose installed

Installation Steps

1. Install Docker and Docker Compose

Install Docker:

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

Install Docker Compose:

sudo apt install docker-compose -y

2. Deploy SafeLine

Follow the official SafeLine documentation to deploy:

https://docs.waf.chaitin.com/en/GetStarted/Deploy

3. Configure Reverse Proxy Routing

To let SafeLine manage incoming requests:

Let SafeLine listen on ports 80/443 (you may need to stop CyberPanel's web server from using them).
Reconfigure CyberPanel (OpenLiteSpeed) to listen on alternate internal ports, such as 8080 and 8443.
In SafeLine, create an Application and set the upstream to point to 127.0.0.1:8080.

Example Setup

Component	Port
SafeLine WAF	80, 443 (public)
CyberPanel Web	8080 (internal)

DNS A record should point to the VPS IP where SafeLine is installed.

Notes

Make sure your domain resolves to the SafeLine server.
If you use HTTPS on your CyberPanel site, configure SSL passthrough or use SafeLine to terminate SSL.
OpenLiteSpeed's built-in firewall should not conflict with SafeLine if properly configured.

DEV Community