官方文档点击跳转
什么是雷池
雷池(SafeLine)是长亭科技耗时近 10 年倾情打造的 WAF,核心检测能力由智能语义分析算法驱动。
什么是 WAF
WAF 是 Web Application Firewall 的缩写,也被称为 Web 应用防火墙。
区别于传统防火墙,WAF 工作在应用层,对基于 HTTP/HTTPS 协议的 Web 系统有着更好的防护效果,使其免于受到黑客的攻击。
安装
下载 雷池社区版镜像包
并传输到需要安装雷池的服务器上,我新增了/nwa/leichi目录,执行以下命令加载镜像
cd /nwa/leichi
cat leichi.tar.gz | gzip -d | docker load
shell中执行以下命令创建并进入雷池安装目录
mkdir -p safeline && cd safeline # 创建 safeline 目录并且进入
新建compose.yaml在 safeline 目录中
networks:safeline-ce:name: safeline-cedriver: bridgeipam:driver: defaultconfig:- gateway: ${SUBNET_PREFIX:?SUBNET_PREFIX required}.1subnet: ${SUBNET_PREFIX}.0/24driver_opts:com.docker.network.bridge.name: safeline-ceservices:postgres:container_name: safeline-pgrestart: alwaysimage: swr.cn-east-3.myhuaweicloud.com/chaitin-safeline/postgres:15.2volumes:- ${SAFELINE_DIR}/resources/postgres/data:/var/lib/postgresql/data- /etc/localtime:/etc/localtime:roenvironment:- POSTGRES_USER=safeline-ce- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?postgres password required}networks:safeline-ce:ipv4_address: ${SUBNET_PREFIX}.2command: [postgres, -c, max_connections=600]healthcheck:test: pg_isready -U safeline-ce -d safeline-cemgt:container_name: safeline-mgtrestart: alwaysimage: ${IMAGE_PREFIX}/safeline-mgt:${IMAGE_TAG:?image tag required}volumes:- /etc/localtime:/etc/localtime:ro- ${SAFELINE_DIR}/resources/mgt:/app/dataports:- ${MGT_PORT:-9443}:1443healthcheck:test: curl -k -f https://localhost:1443/api/open/healthenvironment:- MGT_PG=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce?sslmode=disabledepends_on:- postgres- fvmdns:- 119.29.29.29- 223.5.5.5- 180.76.76.76- 1.2.4.8- 114.114.114.114- 8.8.8.8logging:options:max-size: "100m"max-file: "10"networks:safeline-ce:ipv4_address: ${SUBNET_PREFIX}.4detect:container_name: safeline-detectorrestart: alwaysimage: ${IMAGE_PREFIX}/safeline-detector:${IMAGE_TAG}volumes:- ${SAFELINE_DIR}/resources/detector:/resources/detector- ${SAFELINE_DIR}/logs/detector:/logs/detector- /etc/localtime:/etc/localtime:roenvironment:- LOG_DIR=/logs/detectornetworks:safeline-ce:ipv4_address: ${SUBNET_PREFIX}.5mario:container_name: safeline-mariorestart: alwaysimage: ${IMAGE_PREFIX}/safeline-mario:${IMAGE_TAG}volumes:- ${SAFELINE_DIR}/resources/mario:/resources/mario- ${SAFELINE_DIR}/logs/mario:/logs/mario- /etc/localtime:/etc/localtime:roenvironment:- LOG_DIR=/logs/mario- GOGC=100- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-celogging:options:max-size: "100m"max-file: "10"networks:safeline-ce:ipv4_address: ${SUBNET_PREFIX}.6tengine:container_name: safeline-tenginerestart: alwaysimage: ${IMAGE_PREFIX}/safeline-tengine:${IMAGE_TAG}volumes:- /etc/localtime:/etc/localtime:ro- /etc/resolv.conf:/etc/resolv.conf:ro- ${SAFELINE_DIR}/resources/nginx:/etc/nginx- ${SAFELINE_DIR}/resources/detector:/resources/detector- ${SAFELINE_DIR}/logs/nginx:/var/log/nginx- ${SAFELINE_DIR}/resources/cache:/usr/local/nginx/cacheenvironment:- TCD_MGT_API=https://${SUBNET_PREFIX}.4:1443/api/open/publish/server- TCD_SNSERVER=${SUBNET_PREFIX}.5:8000# deprecated- SNSERVER_ADDR=${SUBNET_PREFIX}.5:8000ulimits:nofile: 131072network_mode: hostluigi:container_name: safeline-luigirestart: alwaysimage: ${IMAGE_PREFIX}/safeline-luigi:${IMAGE_TAG}environment:- MGT_IP=${SUBNET_PREFIX}.4volumes:- /etc/localtime:/etc/localtime:ro- ${SAFELINE_DIR}/resources/luigi:/app/datalogging:options:max-size: "100m"max-file: "10"depends_on:- detect- mgtnetworks:safeline-ce:ipv4_address: ${SUBNET_PREFIX}.7fvm:container_name: safeline-fvmrestart: alwaysimage: ${IMAGE_PREFIX}/safeline-fvm:${IMAGE_TAG}volumes:- /etc/localtime:/etc/localtime:rologging:options:max-size: "100m"max-file: "10"networks:safeline-ce:ipv4_address: ${SUBNET_PREFIX}.8bridge:container_name: safeline-bridgerestart: alwaysimage: ${IMAGE_PREFIX}/safeline-bridge:${IMAGE_TAG}command:- /app/bridge- serve- -n- unix- -a- /app/run/safeline.sockvolumes:- /etc/localtime:/etc/localtime:ro- /var/run:/app/runlogging:options:max-size: "100m"max-file: "10"networks:safeline-ce:ipv4_address: ${SUBNET_PREFIX}.9depends_on:- mgt
复制并shell执行以下命令,生成雷池运行所需的相关环境变量
cat >> .env <<EOF
SAFELINE_DIR=$(pwd)
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=chaitin
EOF
docker compose up -d #生成容器
docker compose down # 停止并移除所有容器
云服务器打开9443端口
https://ip:9443
docker exec safeline-mgt resetadmin 查看账号密码
登录,认证手机下载一个auth这种的扫一下
添加站点
它是作为反向代理来使用的默认是80我也不会改,说下它的工作场景
用户A访问域名正常没雷池------>NG----->自己的网站展示
用户A访问域名正常-------->雷池------>NG----->自己的网站展示
流量就通过雷池的过滤把正常的返回给我们自己的NG上防止sql注入等危害
场景
我现在2台服务器,1台N用来部署雷池,1台M是专门弄网站的,M里2个NG,一个80,一个9091
现在上面的配置输入
*
80
上游服务器 如下
http://M的ip:9091
用户A访问域名正常---->NG80解析域名代理-------->雷池------>NG91----->自己的网站展示
由于我域名解析在NG80就懒得换别的方式了
如果就1台服务器,80给雷池,ng给9091,雷池那443证书给上,就可以少掉一个代理,用户直接到雷池再到Ng
 ——参数绑定与参数验证)
![[Cocos Creator 3.5赛车游戏] 第4节 创建汽车节点](http://pic.xiahunao.cn/[Cocos Creator 3.5赛车游戏] 第4节 创建汽车节点)
)
Jetpack Compose 布局模型)