mirror of
https://github.com/chaitin/SafeLine.git
synced 2026-02-07 17:23:24 +08:00
zclaiqcc
@@ -1,6 +1,3 @@
|
||||
build:
|
||||
hugo -D && echo '[success] please copy public dir to home page server'
|
||||
|
||||
serve:
|
||||
hugo server --bind 0.0.0.0 -D
|
||||
pnpm i && pnpm build
|
||||
|
||||
|
||||
1
homepage/public/release/latest/compose.yaml
Symbolic link
1
homepage/public/release/latest/compose.yaml
Symbolic link
@@ -0,0 +1 @@
|
||||
../../../../compose.yaml
|
||||
1
homepage/public/release/latest/setup.sh
Symbolic link
1
homepage/public/release/latest/setup.sh
Symbolic link
@@ -0,0 +1 @@
|
||||
../../../../setup.sh
|
||||
@@ -86,7 +86,7 @@ export default function DrawerAppBar(props: Props) {
|
||||
sx={{ textAlign: "center" }}
|
||||
selected={pathname.startsWith("/posts/")}
|
||||
component={Link}
|
||||
href="/posts/introduction/"
|
||||
href="/posts/guide_introduction/"
|
||||
>
|
||||
<ListItemText primary="技术文档" />
|
||||
</ListItemButton>
|
||||
@@ -197,7 +197,7 @@ export default function DrawerAppBar(props: Props) {
|
||||
color: pathname.startsWith("/posts/") ? "primary.main" : "#fff",
|
||||
}}
|
||||
component={Link}
|
||||
href="/posts/introduction/"
|
||||
href="/posts/guide_introduction/"
|
||||
>
|
||||
技术文档
|
||||
</Box>
|
||||
|
||||
@@ -12,10 +12,10 @@ const MainLayout: FC<IProps> = ({ children }) => {
|
||||
return (
|
||||
<>
|
||||
<Head>
|
||||
<title>长亭雷池 WAF</title>
|
||||
<title>长亭雷池 WAF 社区版</title>
|
||||
<meta
|
||||
name="description"
|
||||
content="长亭雷池 Web 应用防火墙 | 长亭雷池 WAF"
|
||||
content="长亭雷池 Web 应用防火墙 | 长亭雷池 WAF"
|
||||
/>
|
||||
<meta name="keywords" content="WAF,雷池,长亭,社区版" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
@@ -28,14 +28,14 @@ const SideLayout: FC<SideLayoutProps> = ({ children, list }) => {
|
||||
setOpen(!open);
|
||||
};
|
||||
return (
|
||||
<Box sx={{ display: { xs: "block", sm: "flex" } }}>
|
||||
<Box sx={{ display: { xs: "block", sm: "flex" }, height:'100%' }}>
|
||||
<Box
|
||||
sx={{
|
||||
position: "fixed",
|
||||
top: 0,
|
||||
left: 0,
|
||||
width: 240,
|
||||
pt: "100px",
|
||||
pt: "80px",
|
||||
height: "100%",
|
||||
backgroundColor: "#f8f9fc",
|
||||
// boxShadow: "inset 0px 0px 16px 0px rgba(0, 145, 255, 1)",
|
||||
@@ -45,7 +45,7 @@ const SideLayout: FC<SideLayoutProps> = ({ children, list }) => {
|
||||
>
|
||||
{list.map((menu) => (
|
||||
<Box sx={{ pl: "40px", lineHeight: "32px" }} key={menu.category}>
|
||||
<Box sx={{ color: "text.auxiliary", mb: "6px" }}>
|
||||
<Box sx={{ color: "text.auxiliary", mb: "6px", mt: "20px" }}>
|
||||
{menu.category}
|
||||
</Box>
|
||||
{menu.list.map((item) => (
|
||||
|
||||
7
homepage/src/static/md/about_ce.md
Normal file
7
homepage/src/static/md/about_ce.md
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
title: "社区版 vs 企业版"
|
||||
category: "关于雷池"
|
||||
weight: 1
|
||||
---
|
||||
|
||||
# 社区版 vs 企业版
|
||||
7
homepage/src/static/md/about_changelog.md
Normal file
7
homepage/src/static/md/about_changelog.md
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
title: "版本更新记录"
|
||||
category: "关于雷池"
|
||||
weight: 3
|
||||
---
|
||||
|
||||
# 版本更新记录
|
||||
7
homepage/src/static/md/about_syntaxanalysis.md
Normal file
7
homepage/src/static/md/about_syntaxanalysis.md
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
title: "智能语义分析技术"
|
||||
category: "关于雷池"
|
||||
weight: 1
|
||||
---
|
||||
|
||||
# 智能语义分析技术
|
||||
@@ -1,65 +1,10 @@
|
||||
---
|
||||
title: "常见问题排查"
|
||||
category: "上手指南"
|
||||
title: "配置问题"
|
||||
category: "常见问题排查"
|
||||
weight: 10
|
||||
---
|
||||
## docker compose 还是 docker-compose?
|
||||
|
||||
`docker compose`(带空格)是 V2 版本,Go 写的。`docker-compose` 是 V1 版本,Python 写的,已经不维护了。
|
||||
|
||||
我们推荐使用 V2 版本的 `docker compose`,V1 可能会有兼容性等问题。
|
||||
|
||||
[docker/compose](https://github.com/docker/compose/) 中提到:
|
||||
|
||||
> For a smooth transition from legacy docker-compose 1.xx, please consider installing [compose-switch](https://github.com/docker/compose-switch) to translate `docker-compose ...` commands into Compose V2's `docker compose ....` . Also check V2's `--compatibility` flag.
|
||||
|
||||
其他参考:[https://stackoverflow.com/questions/66514436/difference-between-docker-compose-and-docker-compose](https://stackoverflow.com/a/66516826)
|
||||
|
||||
## 安装部署
|
||||
|
||||
### 机器运行的最低配置
|
||||
|
||||
最低 1C1G 能运行,具体需要多少配置取决于你的业务流量特征,比如 QPS、网络吞吐等等,暂时没有详细的 datasheet 性能参考。
|
||||
|
||||
### ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
|
||||
|
||||
如描述,你需要启动 docker daemon 才能执行相关的命令。尝试 `systemctl start docker` 或者手动启动 `Docker Desktop` (MacOS 或者 Windows 用户)
|
||||
|
||||
As shown, you shall start docker first. Try `systemctl start docker` or manually start your docker desktop for MacOS/Windows users.
|
||||
|
||||
### docker not found, unable to deploy
|
||||
|
||||
如描述,你需要安装 `docker`。尝试 `curl -fLsS https://get.docker.com/ | sh` 或者 [Install Docker Engine](https://docs.docker.com/engine/install/)
|
||||
|
||||
### docker compose v2 not found, unable to deploy
|
||||
|
||||
如描述,你需要安装 `docker compose v2`。尝试 `[Install Docker Compose](https://docs.docker.com/compose/install/)`
|
||||
|
||||
### safeline-tengine 出现 Address already in use
|
||||
|
||||
`docker logs -f safeline-tengine` 容器日志中看到 `Address already in use` 信息。
|
||||
|
||||
端口冲突,根据报错信息中的端口号,排查是哪个服务占用了,手动处理冲突。
|
||||
|
||||
### safeline-postgres 出现 Operation not permitted
|
||||
|
||||
`docker logs -f safeline-postgres` 容器日志中看到 `Operation not permitted` 报错
|
||||
|
||||
可能是您的 docker 版本过低,升级 docker 到最新版本尝试一下。
|
||||
|
||||
### 如何自定义 SafeLine 安装路径?
|
||||
|
||||
基于最新的 `compose.yaml`,你可以手动修改 `.env` 文件的 `SAFELINE_DIR` 变量。
|
||||
|
||||
### 如何修改 SafeLine 后台管理的默认端口?本机 `:9443` 已经被别的服务占用了
|
||||
|
||||
基于最新的 `compose.yaml`,你可以手动添加 `MGT_PORT` 变量到 `.env` 文件。
|
||||
|
||||
## 登录问题
|
||||
|
||||
### OTP 认证码登录失败
|
||||
|
||||
TOTP 是基于时间生成和校验的,请检查你的服务器时间是否同步。
|
||||
# 配置问题
|
||||
|
||||
## 站点配置问题
|
||||
|
||||
58
homepage/src/static/md/faq_install.md
Normal file
58
homepage/src/static/md/faq_install.md
Normal file
@@ -0,0 +1,58 @@
|
||||
---
|
||||
title: "无法安装"
|
||||
category: "常见问题排查"
|
||||
weight: 1
|
||||
---
|
||||
|
||||
# 无法安装
|
||||
|
||||
## docker compose 还是 docker-compose?
|
||||
|
||||
`docker compose`(带空格)是 V2 版本,Go 写的。`docker-compose` 是 V1 版本,Python 写的,已经不维护了。
|
||||
|
||||
我们推荐使用 V2 版本的 `docker compose`,V1 可能会有兼容性等问题。
|
||||
|
||||
[docker/compose](https://github.com/docker/compose/) 中提到:
|
||||
|
||||
> For a smooth transition from legacy docker-compose 1.xx, please consider installing [compose-switch](https://github.com/docker/compose-switch) to translate `docker-compose ...` commands into Compose V2's `docker compose ....` . Also check V2's `--compatibility` flag.
|
||||
|
||||
其他参考:[https://stackoverflow.com/questions/66514436/difference-between-docker-compose-and-docker-compose](https://stackoverflow.com/a/66516826)
|
||||
|
||||
|
||||
|
||||
|
||||
## ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
|
||||
|
||||
如描述,你需要启动 docker daemon 才能执行相关的命令。尝试 `systemctl start docker` 或者手动启动 `Docker Desktop` (MacOS 或者 Windows 用户)
|
||||
|
||||
As shown, you shall start docker first. Try `systemctl start docker` or manually start your docker desktop for MacOS/Windows users.
|
||||
|
||||
## docker not found, unable to deploy
|
||||
|
||||
如描述,你需要安装 `docker`。尝试 `curl -fLsS https://get.docker.com/ | sh` 或者 [Install Docker Engine](https://docs.docker.com/engine/install/)
|
||||
|
||||
## docker compose v2 not found, unable to deploy
|
||||
|
||||
如描述,你需要安装 `docker compose v2`。尝试 `[Install Docker Compose](https://docs.docker.com/compose/install/)`
|
||||
|
||||
### safeline-tengine 出现 Address already in use
|
||||
|
||||
`docker logs -f safeline-tengine` 容器日志中看到 `Address already in use` 信息。
|
||||
|
||||
端口冲突,根据报错信息中的端口号,排查是哪个服务占用了,手动处理冲突。
|
||||
|
||||
## safeline-postgres 出现 Operation not permitted
|
||||
|
||||
`docker logs -f safeline-postgres` 容器日志中看到 `Operation not permitted` 报错
|
||||
|
||||
可能是您的 docker 版本过低,升级 docker 到最新版本尝试一下。
|
||||
|
||||
## 如何自定义 SafeLine 安装路径?
|
||||
|
||||
基于最新的 `compose.yaml`,你可以手动修改 `.env` 文件的 `SAFELINE_DIR` 变量。
|
||||
|
||||
## 如何修改 SafeLine 后台管理的默认端口?本机 `:9443` 已经被别的服务占用了
|
||||
|
||||
基于最新的 `compose.yaml`,你可以手动添加 `MGT_PORT` 变量到 `.env` 文件。
|
||||
|
||||
|
||||
13
homepage/src/static/md/faq_login.md
Normal file
13
homepage/src/static/md/faq_login.md
Normal file
@@ -0,0 +1,13 @@
|
||||
---
|
||||
title: "无法登录"
|
||||
category: "常见问题排查"
|
||||
weight: 2
|
||||
---
|
||||
|
||||
# 无法登录
|
||||
|
||||
## 登录问题
|
||||
|
||||
### OTP 认证码登录失败
|
||||
|
||||
TOTP 是基于时间生成和校验的,请检查你的服务器时间是否同步。
|
||||
7
homepage/src/static/md/faq_other.md
Normal file
7
homepage/src/static/md/faq_other.md
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
title: "其他问题"
|
||||
category: "常见问题排查"
|
||||
weight: 10
|
||||
---
|
||||
|
||||
# 其他问题
|
||||
7
homepage/src/static/md/faq_protection.md
Normal file
7
homepage/src/static/md/faq_protection.md
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
title: "防护不生效"
|
||||
category: "常见问题排查"
|
||||
weight: 3
|
||||
---
|
||||
|
||||
# 防护不生效
|
||||
17
homepage/src/static/md/guide_config.md
Normal file
17
homepage/src/static/md/guide_config.md
Normal file
@@ -0,0 +1,17 @@
|
||||
---
|
||||
title: "配置防护站点"
|
||||
category: "上手指南"
|
||||
weight: 4
|
||||
---
|
||||
|
||||
# 配置防护站点
|
||||
|
||||
|
||||
|
||||
|
||||
`<font color=grey>`💡 TIPS: 添加后,执行 `curl -H "Host: <域名>" http://<WAF IP>:<端口>` 应能获取到业务网站的响应。`</font>`
|
||||
|
||||
# 将网站流量切到雷池
|
||||
|
||||
- 若网站通过域名访问,则可将域名的 DNS 解析指向雷池所在设备
|
||||
- 若网站前有 nginx 、负载均衡等代理设备,则可将雷池部署在代理设备和业务服务器之间,然后将代理设备的 upstream 指向雷池
|
||||
29
homepage/src/static/md/guide_install.md
Normal file
29
homepage/src/static/md/guide_install.md
Normal file
@@ -0,0 +1,29 @@
|
||||
---
|
||||
title: "安装雷池"
|
||||
category: "上手指南"
|
||||
weight: 2
|
||||
---
|
||||
|
||||
# 安装雷池
|
||||
|
||||
### 机器运行的最低配置
|
||||
|
||||
最低 1C1G 能运行,具体需要多少配置取决于你的业务流量特征,比如 QPS、网络吞吐等等,暂时没有详细的 datasheet 性能参考。
|
||||
|
||||
### 1. 确保机器上正确安装 [Docker](https://docs.docker.com/engine/install/) 和 [Compose V2](https://docs.docker.com/compose/install/)
|
||||
|
||||
```shell
|
||||
docker info # >= 20.10.6
|
||||
docker compose version # >= 2.0.0
|
||||
```
|
||||
|
||||
### 2. 部署安装
|
||||
|
||||
```shell
|
||||
mkdir -p safeline && cd safeline
|
||||
# 下载并执行 setup
|
||||
curl -fLsS https://waf-ce.chaitin.cn/release/latest/setup.sh | bash
|
||||
|
||||
# 运行
|
||||
sudo docker compose up -d
|
||||
```
|
||||
7
homepage/src/static/md/guide_introduction.md
Normal file
7
homepage/src/static/md/guide_introduction.md
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
title: "雷池简介"
|
||||
category: "上手指南"
|
||||
weight: 1
|
||||
---
|
||||
|
||||
# 雷池简介
|
||||
11
homepage/src/static/md/guide_login.md
Normal file
11
homepage/src/static/md/guide_login.md
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
title: "登录雷池"
|
||||
category: "上手指南"
|
||||
weight: 3
|
||||
---
|
||||
|
||||
# 登录雷池
|
||||
|
||||
浏览器打开后台管理页面 `https://<waf-ip>:9443`。根据界面提示,使用 **支持 TOTP 的认证软件** 扫描二维码,然后输入动态口令登录:
|
||||
|
||||
|
||||
13
homepage/src/static/md/guide_test.md
Normal file
13
homepage/src/static/md/guide_test.md
Normal file
@@ -0,0 +1,13 @@
|
||||
---
|
||||
title: "测试防护效果"
|
||||
category: "上手指南"
|
||||
weight: 5
|
||||
---
|
||||
|
||||
# 测试防护效果
|
||||
|
||||
试试这些攻击方式:
|
||||
|
||||
- 浏览器访问 `http://<IP或域名>:<端口>/webshell.php`
|
||||
- 浏览器访问 `http://<IP或域名>:<端口>/?id=1%20AND%201=1`
|
||||
- 浏览器访问 `http://<IP或域名>:<端口>/?a=<script>alert(1)</script>`
|
||||
23
homepage/src/static/md/guide_upgrade.md
Normal file
23
homepage/src/static/md/guide_upgrade.md
Normal file
@@ -0,0 +1,23 @@
|
||||
---
|
||||
title: "升级雷池"
|
||||
category: "上手指南"
|
||||
weight: 6
|
||||
---
|
||||
|
||||
# 升级雷池
|
||||
|
||||
**WARN: 雷池 SafeLine 服务会重启,流量会中断一小段时间,根据业务情况选择合适的时间来执行升级操作。**
|
||||
|
||||
```
|
||||
# 查看 `IMAGE_TAG`
|
||||
cat .env | grep IMAGE_TAG
|
||||
# 把 IMAGE_TAG 修改为 latest 或者某个特定版本,比如 1.1.0
|
||||
sed -i "s/IMAGE_TAG=.*/IMAGE_TAG=latest/g" .env
|
||||
|
||||
# 检查 `compose.yaml`
|
||||
# docker 镜像的命名空间调整到了 `chaitin`,部分旧版本配置是使用的 `chaitinops`
|
||||
sed -i "s/chaitinops/chaitin/g" compose.yaml
|
||||
|
||||
# 根据环境情况自行使用 `docker compose` 或者 `docker-compose`
|
||||
docker compose down && docker compose pull && docker compose up -d
|
||||
```
|
||||
@@ -1,67 +0,0 @@
|
||||
---
|
||||
title: "快速部署"
|
||||
category: "上手指南"
|
||||
weight: 2
|
||||
---
|
||||
### 1. 确保机器上正确安装 [Docker](https://docs.docker.com/engine/install/) 和 [Compose V2](https://docs.docker.com/compose/install/)
|
||||
|
||||
```shell
|
||||
docker info # >= 20.10.6
|
||||
docker compose version # >= 2.0.0
|
||||
```
|
||||
|
||||
### 2. 部署安装
|
||||
|
||||
```shell
|
||||
mkdir -p safeline && cd safeline
|
||||
# 下载并执行 setup
|
||||
curl -fLsS https://waf-ce.chaitin.cn/release/latest/setup.sh | bash
|
||||
|
||||
# 运行
|
||||
sudo docker compose up -d
|
||||
```
|
||||
|
||||
#### 升级
|
||||
|
||||
**WARN: 雷池 SafeLine 服务会重启,流量会中断一小段时间,根据业务情况选择合适的时间来执行升级操作。**
|
||||
|
||||
```
|
||||
# 查看 `IMAGE_TAG`
|
||||
cat .env | grep IMAGE_TAG
|
||||
# 把 IMAGE_TAG 修改为 latest 或者某个特定版本,比如 1.1.0
|
||||
sed -i "s/IMAGE_TAG=.*/IMAGE_TAG=latest/g" .env
|
||||
|
||||
# 检查 `compose.yaml`
|
||||
# docker 镜像的命名空间调整到了 `chaitin`,部分旧版本配置是使用的 `chaitinops`
|
||||
sed -i "s/chaitinops/chaitin/g" compose.yaml
|
||||
|
||||
# 根据环境情况自行使用 `docker compose` 或者 `docker-compose`
|
||||
docker compose down && docker compose pull && docker compose up -d
|
||||
```
|
||||
|
||||
## 🕹️ 快速使用
|
||||
|
||||
### 1. 登录
|
||||
|
||||
浏览器打开后台管理页面 `https://<waf-ip>:9443`。根据界面提示,使用 **支持 TOTP 的认证软件** 扫描二维码,然后输入动态口令登录:
|
||||
|
||||
|
||||
|
||||
### 2. 添加站点
|
||||
|
||||
|
||||
|
||||
`<font color=grey>`💡 TIPS: 添加后,执行 `curl -H "Host: <域名>" http://<WAF IP>:<端口>` 应能获取到业务网站的响应。`</font>`
|
||||
|
||||
### 3. 将网站流量切到雷池
|
||||
|
||||
- 若网站通过域名访问,则可将域名的 DNS 解析指向雷池所在设备
|
||||
- 若网站前有 nginx 、负载均衡等代理设备,则可将雷池部署在代理设备和业务服务器之间,然后将代理设备的 upstream 指向雷池
|
||||
|
||||
### 4. 开始防护👌
|
||||
|
||||
试试这些攻击方式:
|
||||
|
||||
- 浏览器访问 `http://<IP或域名>:<端口>/webshell.php`
|
||||
- 浏览器访问 `http://<IP或域名>:<端口>/?id=1%20AND%201=1`
|
||||
- 浏览器访问 `http://<IP或域名>:<端口>/?a=<script>alert(1)</script>`
|
||||
@@ -1,41 +0,0 @@
|
||||
---
|
||||
title: "产品介绍"
|
||||
category: "上手指南"
|
||||
weight: 1
|
||||
---
|
||||
# 产品介绍
|
||||
|
||||
一款简单、好用的 WAF 工具。基于[长亭科技](https://www.chaitin.cn)王牌的 🤖️智能语义分析算法🤖️ 打造,专为社区设计。
|
||||
|
||||
## ✨ Demo
|
||||
|
||||
### 🔥🔥🔥 体验地址:[https://demo.waf-ce.chaitin.cn:9443/](https://demo.waf-ce.chaitin.cn:9443/)
|
||||
|
||||
有一台运行在环境上 `http://127.0.0.1:8889` 的服务可以作为上游服务器测试使用。
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## 📖 FAQ
|
||||
|
||||
有任何问题请先查阅我们的 [FAQ 文档](FAQ.md)。
|
||||
|
||||
比如:
|
||||
|
||||
- [docker compose or docker-compose?](FAQ.md#docker-compose-还是-docker-compose)
|
||||
- [站点如何配置](FAQ.md#站点配置问题)
|
||||
- [配置完成之后,还是没有成功访问到上游服务器](FAQ.md#配置完成之后还是没有成功访问到上游服务器)
|
||||
|
||||
## 🏘️ 联系我们
|
||||
|
||||
1. 您可以通过 GitHub Issue 直接进行 Bug 反馈和功能建议
|
||||
2. 扫描下方二维码可以加入雷池社区版用户讨论群进行详细讨论
|
||||
|
||||
<img src="/images/wechat.png" width="30%" />
|
||||
|
||||
## ✨ CTStack
|
||||
|
||||
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/CT%20Stack-2.png" width="30%" />
|
||||
|
||||
雷池 SafeLine 现已加入 [CTStack](https://stack.chaitin.com/tool/detail?id=717) 社区
|
||||
@@ -1 +0,0 @@
|
||||
../../../setup.sh
|
||||
@@ -43,12 +43,13 @@ const dealWithData: (data: MenuItem[]) => GroupItem[] = (data) => {
|
||||
cur?.list.push(ele);
|
||||
}
|
||||
});
|
||||
let categorys = ["上手指南", "常见问题排查", "关于雷池"];
|
||||
return list.map((item) => {
|
||||
return {
|
||||
category: item.category,
|
||||
list: item.list.sort((a, b) => a.weight - b.weight),
|
||||
};
|
||||
});
|
||||
}).sort((a,b)=> categorys.indexOf(a.category) - categorys.indexOf(b.category));
|
||||
};
|
||||
|
||||
export const getPostsGroup = () => {
|
||||
|
||||
Reference in New Issue
Block a user