This guide demonstrates how to deploy SafeLine WAF on CentOS 7 using an online setup first, followed by an offline installation. The target system is CentOS 7, suitable for security tasks such as in Kali Linux network defense environments.
Part 1: Online Installation and Preparation for Offline Deployment
1. Disable firewalld
systemctl stop firewalld
systemctl disable firewalld
2. Disable SELinux
Edit the configuration file:
vi /etc/selinux/config
Set the following:
SELINUX=disabled
Save and exit.
3. Configure YUM to Cache RPMs Locally
mkdir /root/MySafeLineWAFrpmPackages
vi /etc/yum.conf
Modify/add the following lines:
cachedir=/root/MySafeLineWAFrpmPackages
keepcache=1
4. Use a Domestic CentOS Mirror (for faster downloads)
cd /etc/yum.repos.d/
cp CentOS-Base.repo CentOS-Base.repo.backup
rm CentOS-Base.repo
vi CentOS-Base.repo
Paste the following repo configuration (using vault.centos.org for CentOS 7.9):
Then run:
yum clean all
yum makecache
5. Install Docker
5.1 Remove old versions:
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
5.2 Install Docker from Aliyun mirror:
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum -y install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl enable docker
docker --version
6. Install SafeLine
6.1 Load the SafeLine image
Transfer the SafeLine image (image.tar.gz) from an online machine and load it:
cat image.tar.gz | gzip -d | docker load
6.2 Create installation directory
mkdir -p "/data/safeline"
Ensure at least 5GB of free disk space.
6.3 Download Docker Compose file
cd "/data/safeline"
wget "https://waf-ce.chaitin.cn/release/latest/compose.yaml"
Back up this file for offline use later.
6.4 Create .env config file
cd "/data/safeline"
touch ".env"
Edit .env and paste the following:
SAFELINE_DIR=/data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
ARCH_SUFFIX=
RELEASE=
6.5 Start SafeLine
cd "/data/safeline"
docker compose up -d
7. Access the SafeLine Console
To reset the default admin password:
docker exec safeline-mgt resetadmin
You'll see output like:
[SafeLine] Initial username:admin
[SafeLine] Initial password:**********
[SafeLine] Done
Now visit the console at:
https://<your-ip>:9443/
Ensure port 9443 is open.
8. Create an Offline YUM Package Bundle
8.1 Install createrepo
yum install createrepo
8.2 Generate repodata
cd /root
createrepo MySafeLineWAFrpmPackages/
If packages are added later:
createrepo --update MySafeLineWAFrpmPackages/
8.3 Compress the package directory
cd /root
tar -zcvf MySafeLineWAFrpmPackages.tar.gz MySafeLineWAFrpmPackages
Part 2: Offline Installation
These steps are performed on a fully offline machine.
1. Transfer the RPM bundle
Copy the previously generated tarball to the offline machine:
scp MySafeLineWAFrpmPackages.tar.gz root@<offline-ip>:/root/
Then extract it:
cd /root
tar -zxvf MySafeLineWAFrpmPackages.tar.gz
2. Disable firewalld
systemctl stop firewalld
systemctl disable firewalld
3. Disable SELinux
vi /etc/selinux/config
Set to:
SELINUX=disabled
4. Backup and Replace YUM Repos
cd /etc/yum.repos.d/
mkdir backup
mv * backup
vi localhost-yum.repo
Paste the following:
[localhost-base]
name=localhost-base
baseurl=file:///root/MySafeLineWAFrpmPackages
gpgcheck=0
enabled=1
Then run:
yum clean all
yum makecache
yum repolist
5. Install Docker Offline
5.1 Remove old Docker versions
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
5.2 Install Docker with local RPMs
yum install -y yum-utils device-mapper-persistent-data lvm2
yum -y install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl enable docker
docker --version
6. Install SafeLine Offline
6.1 Load image
cat image.tar.gz | gzip -d | docker load
6.2 Create directory
mkdir -p "/data/safeline"
6.3 Upload the previously saved compose.yaml file to /data/safeline
6.4 Create .env file with the same content as online setup
6.5 Start SafeLine
cd "/data/safeline"
docker compose up -d
6.6 Reset admin password
docker exec safeline-mgt resetadmin
Output will include:
[SafeLine] Initial username:admin
[SafeLine] Initial password:<random_password>
7. Access Console
Once installed, access the web interface at:
https://<your-ip>:9443/
Ensure port 9443 is open to external access.
Done!
Your offline SafeLine WAF instance is now fully deployed on CentOS 7.
Top comments (0)