If you're ready to deploy a full‑featured Web Application Firewall (WAF) quickly and efficiently, this guide walks you through installing SafeLine WAF in about ten minutes.
Whether you’re protecting APIs, web apps, or enterprise endpoints — this self‑hosted roadmap will get you up and running fast.
Why SafeLine?
You might be using a cloud WAF today (e.g., Cloudflare, AWS WAF), but you want more control, visibility, and privacy. SafeLine offers:
- Self‑hosted deployment, so your traffic never leaves your infrastructure
- Complete log visibility and custom rule control
- Support for bot defense, rate‑limiting, and full application protection
With minimal prerequisites, you’ll have SafeLine up and protecting in minutes.
Pre‑Install Checklist
Make sure your server meets the minimum requirements:
- OS: Linux (64‑bit)
- Architecture: x86_64 or ARM64
- Docker version: 20.10.14 or higher
- Docker Compose version: 2.0.0 or higher
- At least 1 CPU core, 1 GB RAM, 5 GB disk space, and SSSE3 support
You can verify with:
uname -m
docker version
docker compose version
free -h
df -h
lscpu | grep ssse3
Step 1: Automatic Install (Recommended)
Run the one‑liner:
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en
After execution, your SafeLine instance should be installed. Head to your browser and access the Web UI right away.
Step 2: Manual Install (if preferred)
If you prefer to handle each step yourself:
# Create directory for SafeLine data
mkdir -p /data/safeline
cd /data/safeline
# Download docker‑compose file
wget "https://waf.chaitin.com/release/latest/compose.yaml"
# Create .env file
touch .env
Populate the .env file with:
SAFELINE_DIR=/data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=chaitin
ARCH_SUFFIX=
RELEASE=
MGT_PROXY=0
If you’re on an ARM server, set ARCH_SUFFIX=-arm. For LTS version, set RELEASE=-lts.
Then launch:
docker compose up -d
Step 3: Access Web UI & Create Admin Account
Open https://<your‑safeline‑ip>:9443/ in your browser.
To get credentials:
docker exec safeline-mgt resetadmin
You’ll see output like:
[SafeLine] Initial username: admin
[SafeLine] Initial password: ********
💡 Save these safely and log in via the UI.
Step 4: Basic Setup for Protection
Once logged in:
- Add your domain/application
- Configure SSL/TLS (Let’s Encrypt or custom cert)
- Navigate to “Policies” → Enable Bot Protect, set up Rate Limiting
- Review default rules, consider custom rules like blocking
.exeuploads or restricting/api/loginrate
Example rule:
docker exec -it safeline-cli set-rule /api/login rate-limit 5
What’s Next?
- Monitor logs:
tail -f /data/safeline/logs/nginx/safeline/access.log
- Tune your rules based on actual traffic and alerts
- Run load tests or real‑world traffic to verify performance
- Backup configuration and data
- Update SafeLine regularly for new features and security patches
Final Thoughts
Deploying a WAF in ten minutes might sound ambitious — but with SafeLine, it’s realistic. You’re not just installing a tool; you’re empowering your team with visibility, control, and security posture.
After your initial install, you can iterate, scale, and customize to your environment’s needs. Happy protecting!
SafeLine Website: https://ly.safepoint.cloud/ShZAy9x
Live Demo: https://demo.waf.chaitin.com:9443/statistics
Discord: https://discord.gg/dy3JT7dkmY
Doc: https://docs.waf.chaitin.com/en/home
Github: https://github.com/chaitin/SafeLine
Top comments (0)