Author: Zhichanerdaye
Introduction
Previously, we covered how to deploy SafeLine WAF using PVE. The main reason for using PVE was to isolate SafeLine from other services, especially Synology NAS, to enhance security.
By request, this article will guide you through deploying SafeLine WAF on Synology NAS using Docker.
My Environment
- Synology 920+ (DSM 7.2)
- Deployment Environment: Docker
- A pair of diligent hands and a smart brain
Step 1: Deploying SafeLine
Create a folder named SafeLine on your Synology NAS (folder name can be customized, but ensure consistency in path mapping).
Download the installation package: https://wwzb.lanzouw.com/b0sx5z7gf (Password: bpuf).
Extract the package—ensure empty folders are correctly placed, or installation may fail.
- Edit the
.envfile in Notepad, modifying only:SAFELINE_DIR (set this to match your mapped path), MGT_PORT (set your admin panel access port, e.g., 9443)
AFELINE_DIR=your mapped path, e.g., /volume1/docker/SafeLine
IMAGE_TAG=latest
MGT_PORT=your admin panel access port, e.g., 9443
POSTGRES_PASSWORD=R031uaOo5jdxJen5FJhQMzimV5jiyMAX
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
- Upload all files into the SafeLine folder.
- Open Synology Container Manager (Docker) → “Projects” → “Add” → Select SafeLine folder.
- Choose “Use an existing docker-compose.yml” → Click OK → Proceed with default settings.
- Enable “Start project immediately” → Click “Finish”.
- Wait for the container to pull images and deploy (this may take some time).
- Once completed, 7 service containers will be deployed automatically.
Step 2: Accessing SafeLine WAF
- Open your browser and go to https://:9443 (replace with your actual NAS IP and chosen port).
Note: If the page doesn’t load, wait a bit or double-check your settings.
- Resetting Admin Password Enable SSH on Synology NAS: Control Panel → Terminal & SNMP → Enable SSH → Save
Open Windows PowerShell and connect via SSH:
ssh admin_user@192.168.xx.xx -p 6666
Note:
- The "erdaye" part is your Synology administrator username, which can be in Chinese.
- The number after -p is the port you set in the previous step.
- Make sure not to remove the three spaces in the command: ssh [space] erdaye@192.168.31.6 [space] -p [space] 6666 Press Enter, and when prompted, enter your Synology administrator password.
Important: Password input will not be displayed; just type it and press Enter.
If the password is correct, a few lines of text similar to the ones shown in the image will appear, and the displayed username will change. If nothing appears, please repeat the previous steps.
Type sudo -i and press Enter. Then, enter your password again and press Enter. This will grant you “root” user privileges.
Type docker exec safeline-mgt resetadmin and press Enter to reset the password. Once the output appears as shown below, the password reset is complete.
- Copy the generated password and log in to the SafeLine console. Remember to disable SSH afterward.
Step 3: Configuring SafeLine WAF
Access the SafeLine WAF console using the IP address you set earlier with port 9443:
https://192.168.31.83:9443
If a security warning appears, click Advanced and proceed to access the page.
Log in using the admin credentials you reset earlier.
For additional configuration, refer to the official documentation.
Step 4: Upgrading SafeLine WAF
- Open the Docker project for SafeLine, click Actions → Clear and wait for the pprocess to complete.
- Click
Buildto initiate the upgrade.
Now, SafeLine WAF is successfully deployed on your Synology NAS! 🚀
Top comments (0)