SafeLine WAF Installation Reference: SafeLine WAF Installation
Prerequisites:
- An SSL certificate (e.g., a
.crt
file and a.key
file).
Configuration Overview
In this guide, I'll walk you through configuring HTTP to HTTPS redirection for your web application when using SafeLine WAF. My web application and WAF are hosted on the same server, so I'll show you how to avoid port conflicts and set up redirection correctly.
1. Modify Your Application's Nginx Port
Since both the WAF and your web application are on the same server, you'll need to change the port that your application's Nginx server listens on to avoid conflicts. The default ports 80 (HTTP) and 443 (HTTPS) should be used by SafeLine WAF, so your application needs to use a different port, such as 8000.
To identify available ports on your server, you can use the following command:
netstat -an | grep LISTEN | grep -v unix
Then, update your Nginx configuration to listen on the new port:
- Modify the Nginx configuration file to change the listening port from 80 to your chosen port (e.g., 8000).
- Reload the Nginx configuration to apply the changes:
nginx -t
nginx -s reload
2. Add Protection Sites in SafeLine WAF
Next, you'll add both HTTP and HTTPS sites in SafeLine WAF.
For HTTP:
- Port: 80
- Upstream Server:
127.0.0.1:8000
(This should point to your web application. Modify it according to your setup.)
For HTTPS:
- Port: 443
- Enable SSL and upload your SSL certificate files.
- The upstream server should be the same as the one used for the HTTP site.
After configuring, submit the changes.
3. Modify SafeLine WAF’s Nginx Forwarding Configuration
To enable HTTP to HTTPS redirection, you need to modify SafeLine WAF's default Nginx proxy configuration, typically found at:
/data/safeline/resources/nginx/sites-enabled
In the configuration file for port 80, add the following line to redirect HTTP traffic to HTTPS:
rewrite ^(.*)$ https://$host$1 permanent;
Finally, reload the SafeLine Nginx configuration to apply these changes:
docker exec -it safeline-tengine /usr/sbin/nginx -t # Test the configuration
docker exec -it safeline-tengine /usr/sbin/nginx -s reload # Reload the configuration
- Test in Your Browser
Now, visit http://your-site
in your browser.
You should see that the request is automatically redirected to https://your-site
.
Give it a try now!
Website: https://waf.chaitin.com
Demo:https://demo.waf.chaitin.com:9443