This content originally appeared on DEV Community and was authored by Sharon
In today’s cybersecurity landscape, choosing the right Web Application Firewall (WAF) is essential. SafeLine stands out as a free, open source, and powerful WAF that helps websites defend against a wide range of web attacks.
SafeLine is deployed using Docker, and at the heart of its deployment is the docker-compose.yml file. This file defines and manages multiple containers, making it easy to start, stop, and orchestrate them using simple commands.
In this post, we’ll focus on the configuration of one service—fvm—from the SafeLine Compose file. We’ll explain every setting in detail to help you understand how it works and how to customize it.
Sample Configuration: fvm Service
fvm:
container_name: safeline-fvm
restart: always
image: ${IMAGE_PREFIX}/safeline-fvm:${IMAGE_TAG}
volumes:
- /etc/localtime:/etc/localtime:ro
logging:
options:
max-size: "100m"
max-file: "5"
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.8
Configuration Breakdown
fvm
This is the service name. It’s referenced within the docker-compose.yml file and is also used as an alias for the container. Other services on the same Docker network can communicate with it using this name.
1. container_name
container_name: safeline-fvm
- This sets the container’s name to
safeline-fvm, replacing the random name Docker would assign by default. - A custom container name makes it easier to identify and manage containers in logs and during troubleshooting.
2. restart
restart: always
- This sets the container’s restart policy.
-
alwaysmeans Docker will automatically restart the container no matter why it exited, even after a system reboot.
3. image
image: ${IMAGE_PREFIX}/safeline-fvm:${IMAGE_TAG}
- This defines which Docker image to use for the container.
-
${IMAGE_PREFIX}and${IMAGE_TAG}are environment variables, typically defined in a.envfile or passed in at runtime. - This setup allows flexible control over the image source and version (e.g., changing registry or upgrading to a new tag).
4. volumes
volumes:
- /etc/localtime:/etc/localtime:ro
- Docker volumes allow persistent storage or mounting host files into the container.
- This line mounts the host’s
/etc/localtimefile into the container to ensure consistent timezone settings between the host and the container. -
:romakes the mount read-only, preventing the container from modifying the host file.
5. logging
logging:
options:
max-size: "100m"
max-file: "5"
- Configures log rotation for the container.
-
max-size: "100m"means each log file is capped at 100MB. -
max-file: "5"keeps a maximum of 5 log files.
-
- When the size limit is reached, Docker creates a new log file, and once the limit is exceeded, the oldest file is deleted.
- This helps limit disk space usage and keeps logs manageable in long-running environments.
6. networks
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.8
- Specifies the Docker network the container connects to.
-
safeline-ceis a user-defined network in the same Compose file. - The
ipv4_addresssetting assigns a static IP to the container.-
${SUBNET_PREFIX}is an environment variable (e.g.,172.20.0) that defines the subnet. -
.8assigns a unique address within that subnet.
-
- Static IPs are useful for inter-container communication, especially when some services rely on fixed addresses.
Summary
This breakdown of the fvm service in SafeLine’s Docker Compose file provides a deeper understanding of how each option works. With this knowledge, you can confidently:
- Customize your SafeLine deployment
- Maintain consistent environments
- Troubleshoot issues more effectively
SafeLine’s modular, container-based architecture brings enterprise-grade WAF features to developers and teams for free. Stay tuned for more in-depth configuration guides on other SafeLine components.
Join SafeLine Community
This content originally appeared on DEV Community and was authored by Sharon