Abstract:
In modern cybersecurity, choosing the right web application firewall is crucial. SafeLine Community Edition is free and easy to use. It provides comprehensive protection for websites, helping them defend against various cyberattacks.
The compose.yml
file is the core file of Docker Compose, used to define and manage multiple Docker containers. Through this file, users can start, stop, and manage multiple related containers with simple commands.
Explanation of the MGT Configuration
The MGT service is responsible for managing and coordinating the main operations of the system. Below is a detailed explanation of the Compose configuration.
Configuration Details
Basic Settings
container_name: safeline-mgt
This names the container assafeline-mgt
, replacing Docker's default random name, which facilitates subsequent management and identification.restart: always
Sets the container's restart policy to always, ensuring the container automatically restarts after exiting for any reason, enhancing service availability.image: ${IMAGE_PREFIX}/safeline-mgt:${IMAGE_TAG:?image tag required}
Specifies the image address used by the container, whereIMAGE_PREFIX
andIMAGE_TAG
are environment variables. These are typically defined in the.env
file, allowing for dynamic control of the image version and repository prefix through parameters.
Volume Mounts
/etc/localtime:/etc/localtime:ro
Mounts the host's/etc/localtime
file to the container in read-only mode, ensuring that the container's timezone matches the host's.${SAFELINE_DIR}/resources/mgt:/app/data
Persists the data directory for the MGT service, ensuring that data is not lost when the container restarts.${SAFELINE_DIR}/logs/nginx:/app/log/nginx:z
Maps the container's nginx log directory to the host for easier viewing and analysis of logs.${SAFELINE_DIR}/resources/sock:/app/sock
Mounts the sock file directory to support inter-service communication./var/run:/app/run
Maps the local directory required for the container's operation, providing the necessary runtime environment.
Network and Ports
-
ports: ${MGT_PORT:-9443}:1443
Maps the host port to the container's port 1443, defaulting to 9443. If
MGT_PORT
is not specified in the.env
file, the default value will be 9443.
Health Check
- test: curl -k -f https://localhost:1443/api/open/health Configures the health check test command, confirming the service status by sending a curl request to the service's health check endpoint.
Environment Variables
-
MGT_PG=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce?sslmode=disable
Sets the address for the MGT service to connect to the Postgres database.
POSTGRES_PASSWORD
is an environment variable typically defined in the.env
file.
Dependencies
-
depends_on:
-
postgres
-
fvm
Indicates that the MGT service depends on thepostgres
andfvm
services, which need to start first to ensure proper operation.
-
Logging Management
-
logging:
options:- max-size: "100m" Limits the maximum size of a single log file to 100MB. When a log file reaches this size, a new log file is automatically created.
- max-file: "5" Sets the upper limit for the number of log files to 5. Older log files will be deleted once this limit is exceeded, helping control disk space used by logs.
Network Configuration
-
networks:
- safeline-ce:
-
ipv4_address: ${SUBNET_PREFIX}.4
Specifies a static IP address for the MGT service, configured with the subnet prefix from
${SUBNET_PREFIX}
and the suffix.4
for the service's specific IP.
Top comments (0)