injectlib/SafeLine
1
0
Fork 0
mirror of https://github.com/chaitin/SafeLine.git synced 2025-11-26 03:45:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: injectlib:v3.14.0
Branches Tags
injectlib:main injectlib:mcp-patch injectlib:dev injectlib:SLCE-374 injectlib:release-6.0.3 injectlib:website-en injectlib:select_subnet injectlib:release-5.3.2 injectlib:release-5.3.1 injectlib:revert-799-release-5.3.0 injectlib:release-5.3.0 injectlib:release-5.2.0 injectlib:feat-add-river-ip injectlib:release-5.1.0 injectlib:release-5.0.0 injectlib:feat-license injectlib:R-4.4.2 injectlib:update_docs injectlib:update_the_doc injectlib:update-docs-config
injectlib:v9.2.7 injectlib:v9.2.0 injectlib:v9.1.0 injectlib:v9.0.0 injectlib:v8.10.0 injectlib:v8.9.0 injectlib:v8.6.0 injectlib:v8.7.0 injectlib:v8.8.1 injectlib:v8.5.0 injectlib:v8.4.0 injectlib:v8.2.0 injectlib:v8.3.0 injectlib:v7.6.2 injectlib:v8.0.0 injectlib:v8.1.0 injectlib:v7.5.0 injectlib:v7.3.0 injectlib:v7.1.0 injectlib:v7.0.1 injectlib:v6.10.2 injectlib:v6.9.0 injectlib:v6.8.0 injectlib:v6.6.0 injectlib:v6.4.1 injectlib:v6.5.0 injectlib:v6.4.0 injectlib:v6.3.0 injectlib:v6.2.3 injectlib:v6.2.4 injectlib:v6.2.1 injectlib:v6.2.2 injectlib:v6.2.0 injectlib:v6.1.2 injectlib:v6.1.0 injectlib:v6.0.3 injectlib:v6.0.2 injectlib:v6.0.1 injectlib:v6.0.0 injectlib:v5.6.2 injectlib:v5.6.1 injectlib:v5.6.0 injectlib:v5.5.2 injectlib:v5.5.1 injectlib:v5.5.0 injectlib:v5.4.0 injectlib:v5.3.3 injectlib:v5.3.2 injectlib:v5.3.1 injectlib:v5.2.0 injectlib:v5.1.0 injectlib:v5.0.0 injectlib:v4.4.2 injectlib:v4.4.1 injectlib:v4.4.0 injectlib:v4.3.3 injectlib:v4.3.2 injectlib:v4.3.1 injectlib:v4.3.0 injectlib:v4.2.0 injectlib:v4.1.1 injectlib:v4.1.0 injectlib:v4.0.2 injectlib:v4.0.1 injectlib:v4.0.0 injectlib:v4.0.0-beta.3 injectlib:v4.0.0-beta.2 injectlib:v4.0.0-beta.1 injectlib:v3.16.1 injectlib:v3.15.3 injectlib:v3.15.2 injectlib:v3.14.1 injectlib:v3.14.0 injectlib:v3.13.2 injectlib:v3.10.1 injectlib:v3.10.0 injectlib:v3.9.0 injectlib:v3.8.2 injectlib:v3.8.1 injectlib:v3.7.3 injectlib:v3.7.2 injectlib:v3.7.1 injectlib:v3.6.3 injectlib:v3.5.1 injectlib:v3.5.0 injectlib:v3.4.1 injectlib:v3.4.0 injectlib:v3.3.0 injectlib:v3.2.0 injectlib:v3.1.0 injectlib:v3.0.1 injectlib:v3.0.0 injectlib:v2.6.0 injectlib:v2.5.0 injectlib:v2.4.0 injectlib:v2.3.2 injectlib:v2.3.1 injectlib:v2.3.0 injectlib:v2.2.0 injectlib:v2.1.2 injectlib:v2.1.1 injectlib:v2.1.0 injectlib:v2.0.1 injectlib:v2.0.0 injectlib:v1.10.0 injectlib:v1.9.0 injectlib:v1.8.2 injectlib:v1.8.1 injectlib:v1.8.0 injectlib:v1.7.1 injectlib:v1.7.0 injectlib:v1.6.0 injectlib:v1.5.1 injectlib:v1.5.0 injectlib:v1.4.0 injectlib:v1.3.0 injectlib:v1.2.0 injectlib:v1.1.0 injectlib:v1.0.2 injectlib:v1.0.1 injectlib:v1.0.0
...
compare: injectlib:feat-license
Branches Tags
injectlib:main injectlib:mcp-patch injectlib:dev injectlib:SLCE-374 injectlib:release-6.0.3 injectlib:website-en injectlib:select_subnet injectlib:release-5.3.2 injectlib:release-5.3.1 injectlib:revert-799-release-5.3.0 injectlib:release-5.3.0 injectlib:release-5.2.0 injectlib:feat-add-river-ip injectlib:release-5.1.0 injectlib:release-5.0.0 injectlib:feat-license injectlib:R-4.4.2 injectlib:update_docs injectlib:update_the_doc injectlib:update-docs-config
injectlib:v9.2.7 injectlib:v9.2.0 injectlib:v9.1.0 injectlib:v9.0.0 injectlib:v8.10.0 injectlib:v8.9.0 injectlib:v8.6.0 injectlib:v8.7.0 injectlib:v8.8.1 injectlib:v8.5.0 injectlib:v8.4.0 injectlib:v8.2.0 injectlib:v8.3.0 injectlib:v7.6.2 injectlib:v8.0.0 injectlib:v8.1.0 injectlib:v7.5.0 injectlib:v7.3.0 injectlib:v7.1.0 injectlib:v7.0.1 injectlib:v6.10.2 injectlib:v6.9.0 injectlib:v6.8.0 injectlib:v6.6.0 injectlib:v6.4.1 injectlib:v6.5.0 injectlib:v6.4.0 injectlib:v6.3.0 injectlib:v6.2.3 injectlib:v6.2.4 injectlib:v6.2.1 injectlib:v6.2.2 injectlib:v6.2.0 injectlib:v6.1.2 injectlib:v6.1.0 injectlib:v6.0.3 injectlib:v6.0.2 injectlib:v6.0.1 injectlib:v6.0.0 injectlib:v5.6.2 injectlib:v5.6.1 injectlib:v5.6.0 injectlib:v5.5.2 injectlib:v5.5.1 injectlib:v5.5.0 injectlib:v5.4.0 injectlib:v5.3.3 injectlib:v5.3.2 injectlib:v5.3.1 injectlib:v5.2.0 injectlib:v5.1.0 injectlib:v5.0.0 injectlib:v4.4.2 injectlib:v4.4.1 injectlib:v4.4.0 injectlib:v4.3.3 injectlib:v4.3.2 injectlib:v4.3.1 injectlib:v4.3.0 injectlib:v4.2.0 injectlib:v4.1.1 injectlib:v4.1.0 injectlib:v4.0.2 injectlib:v4.0.1 injectlib:v4.0.0 injectlib:v4.0.0-beta.3 injectlib:v4.0.0-beta.2 injectlib:v4.0.0-beta.1 injectlib:v3.16.1 injectlib:v3.15.3 injectlib:v3.15.2 injectlib:v3.14.1 injectlib:v3.14.0 injectlib:v3.13.2 injectlib:v3.10.1 injectlib:v3.10.0 injectlib:v3.9.0 injectlib:v3.8.2 injectlib:v3.8.1 injectlib:v3.7.3 injectlib:v3.7.2 injectlib:v3.7.1 injectlib:v3.6.3 injectlib:v3.5.1 injectlib:v3.5.0 injectlib:v3.4.1 injectlib:v3.4.0 injectlib:v3.3.0 injectlib:v3.2.0 injectlib:v3.1.0 injectlib:v3.0.1 injectlib:v3.0.0 injectlib:v2.6.0 injectlib:v2.5.0 injectlib:v2.4.0 injectlib:v2.3.2 injectlib:v2.3.1 injectlib:v2.3.0 injectlib:v2.2.0 injectlib:v2.1.2 injectlib:v2.1.1 injectlib:v2.1.0 injectlib:v2.0.1 injectlib:v2.0.0 injectlib:v1.10.0 injectlib:v1.9.0 injectlib:v1.8.2 injectlib:v1.8.1 injectlib:v1.8.0 injectlib:v1.7.1 injectlib:v1.7.0 injectlib:v1.6.0 injectlib:v1.5.1 injectlib:v1.5.0 injectlib:v1.4.0 injectlib:v1.3.0 injectlib:v1.2.0 injectlib:v1.1.0 injectlib:v1.0.2 injectlib:v1.0.1 injectlib:v1.0.0

176 Commits
v3.14.0 ... feat-licen

Author SHA1 Message Date
xiaobing.wang
d87249c35b feat: update license 2024-03-13 17:38:46 +08:00
yrluke
8a6bbf5ae6 feat: make default use the huawei cloud 2024-03-11 11:37:41 +08:00
ethan
060c3963d2 fix: changelog 2024-03-09 12:14:26 +08:00
ethan
b0ff869012 feat: release 4.4.2 2024-03-09 11:14:40 +08:00
dundunHa
2307d1bc2f feat: release v4.4.1 2024-03-07 17:57:10 +08:00
张华杰
5ab03f318a 修复bug 2024-03-07 17:40:51 +08:00
张华杰
062da58867 新增云托管文档 2024-03-07 17:40:51 +08:00
张华杰
5643069f99 修改 2024-03-07 17:40:51 +08:00
张华杰
004164a4c4 修改文档 2024-03-07 17:40:51 +08:00
yrluke
1da8bbd3ba Merge pull request #726 from xbingW/main 
修改文档
 2024-03-06 16:14:08 +08:00
xbingW
a0656da78d Merge branch 'chaitin:main' into main 2024-03-06 16:08:29 +08:00
ct-jaryn
ce98cfebfe Update 05-upgrade.md 2024-03-06 16:08:17 +08:00
张华杰
84706be801 修改 2024-03-06 16:08:17 +08:00
张华杰
22aa38ea6b 修改文档 2024-03-06 16:08:17 +08:00
dundunHa
c078203533 feat: release v4.4.0 2024-02-29 14:13:09 +08:00
dundunHa
b374a952ea feat: release v4.4.0 2024-02-29 14:10:03 +08:00
delong.wang
134c9ed686 Merge pull request #717 from xbingW/main 
文档:增加购买专业版内容
 2024-02-29 10:21:45 +08:00
xbingW
c9ec8061a6 Merge branch 'chaitin:main' into main 2024-02-29 10:18:47 +08:00
张华杰
e9f03d7579 增加购买专业版内容 2024-02-29 10:18:30 +08:00
delong.wang
4d5b93c350 Merge pull request #716 from xbingW/main 
feat: 专业版购买
 2024-02-29 09:33:06 +08:00
xiaobing.wang
a12ac7a1e5 feat: 专业版购买 2024-02-28 21:27:06 +08:00
delong.wang
f20d604d73 Merge pull request #715 from xbingW/main 
fix:  wrong url
 2024-02-28 14:25:17 +08:00
xiaobing.wang
a76808ddd9 fix: wrong url 2024-02-28 14:19:10 +08:00
delong.wang
c645d6abc8 Merge pull request #711 from Herries/fe-update-versions 
feat: update service info
 2024-02-28 10:17:17 +08:00
lanlan
d7a412bab1 feat: update service info 2024-02-27 18:58:44 +08:00
delong.wang
5313a354a5 Merge pull request #697 from Herries/fe-update-versions 
feat: 更新官网的企业版说明信息
 2024-02-26 11:03:57 +08:00
lanlan
680d0684bf feat: 更新官网的企业版说明信息 2024-02-26 10:51:49 +08:00
delong.wang
3e758a40cf Merge pull request #691 from Herries/fe-update-versions 
feat: 添加专业版
 2024-02-23 09:50:52 +08:00
lanlan
f447a350e4 fix: update function name 2024-02-22 19:34:55 +08:00
lanlan
3f3279a738 feat: 添加专业版 2024-02-22 19:22:40 +08:00
delong.wang
f44a4563e0 feat: update versino to 4.3.3 2024-02-22 18:36:55 +08:00
delong.wang
805131074d Merge pull request #690 from xbingW/main 
调整位置
 2024-02-22 18:00:32 +08:00
xbingW
8faba5721e Merge branch 'chaitin:main' into main 2024-02-22 17:49:01 +08:00
张华杰
d7bd04d82d 调整位置 2024-02-22 17:48:50 +08:00
delong.wang
0e4ad790c1 Merge pull request #688 from xbingW/main 
fix: 修改错别字 (#12)
 2024-02-22 11:31:22 +08:00
ct-jaryn
20d30498f0 修改错别字 (#12) 
* 修改错别字
 2024-02-22 11:28:46 +08:00
delong.wang
5d5085020e feat: update v4.3.2 version 2024-02-18 18:00:06 +08:00
delong.wang
4228ad811d feat: upgrade latest version 2024-02-05 18:09:25 +08:00
delong.wang
6ef0a622e7 feat: add v4.3.1 change log 2024-02-05 18:06:59 +08:00
delong.wang
fb930f83cd style: format image indent in docs 2024-02-04 13:50:34 +08:00
delong.wang
8e6ffcc97e fix: remove black dot of image items in changelog page 2024-02-04 11:02:46 +08:00
delong.wang
f33dbb5c2b feat: update 4.3.0 doc 2024-02-02 17:19:53 +08:00
delong.wang
70f3e60ea9 Merge pull request #652 from dhsifss/main 
feat: compose add bridge
 2024-02-02 15:47:02 +08:00
姚凯
eb926212c8 feat: compose add bridge 2024-02-02 10:26:48 +08:00
delong.wang
7a535aa59f Merge pull request #650 from xbingW/main 
修复错误
 2024-02-01 19:18:53 +08:00
张华杰
e2c2abdc3c 修复错误 2024-02-01 19:15:50 +08:00
yrluke
20fdfef58f Merge pull request #639 from chaitin/update_docs 
doc: more clear
 2024-01-24 13:48:53 +08:00
yrluke
c03749402a doc: more clear 2024-01-24 13:48:07 +08:00
delong.wang
57b99170f7 feat: skip 4.2.0, upgrade to 4.2.1 2024-01-19 20:44:15 +08:00
delong.wang
f60c5f3ed1 feat: skip 4.2.0, upgrade to 4.2.1 2024-01-19 20:36:52 +08:00
delong.wang
769ea14e52 feat: add 4.2.0 version doc 2024-01-19 17:59:54 +08:00
delong.wang
025d13670a feat: add waf login page 2024-01-19 15:34:04 +08:00
delong.wang
d069ed0c3d feat: update rec version 2024-01-19 15:33:23 +08:00
delong.wang
64c61d42f9 Merge pull request #625 from xbingW/main 
调整文档内容
 2024-01-17 16:07:40 +08:00
张华杰
0d1dde0205 调整文档内容 2024-01-17 16:04:10 +08:00
yrluke
97e6499d94 Merge pull request #618 from chaitin/update_the_doc 
doc: update the down detail
 2024-01-15 17:37:04 +08:00
yrluke
3b2bfa56f3 doc: update the down detail 2024-01-15 17:36:36 +08:00
yrluke
9a01aaeafd Merge pull request #617 from chaitin/update_doc_detail 
fix: fix the line number wrong
 2024-01-15 16:46:20 +08:00
yrluke
64dea93318 fix: fix the line number wrong 2024-01-15 16:45:30 +08:00
yrluke
6401f3aba8 Merge pull request #616 from chaitin/update_doc 
feat: add the index `open access.log`
 2024-01-15 15:31:08 +08:00
yrluke
086c62a3ba feat: add the index open access.log 2024-01-15 15:30:50 +08:00
dundunHa
1b31d3229a feat: release v4.1.1 2024-01-11 18:58:48 +08:00
dundunHa
591e3598e6 feat: release v4.1.0 2024-01-11 17:40:37 +08:00
delong.wang
0fbc727e0c feat: update rec version 2024-01-11 11:30:01 +08:00
yrluke
e91f2d40d4 Merge pull request #598 from chaitin/update_doc_compose 
Update doc compose
 2024-01-11 11:18:38 +08:00
yrluke
097c8f7676 feat: use the huawei cloud 2024-01-11 11:18:06 +08:00
yrluke
150eec4585 doc: update the container name in doc 2024-01-11 11:16:56 +08:00
dundunHa
ead80a58d7 chore: changelog 2024-01-09 19:05:55 +08:00
yrluke
a960361348 Merge pull request #587 from xbingW/main 
修改文档图片
 2024-01-09 17:11:05 +08:00
张华杰
c80aff05bc 修改图 2024-01-09 17:08:46 +08:00
张华杰
694c5e35bd 与官网统一 2024-01-09 17:08:46 +08:00
delong.wang
c236378f01 feat: update version 4.0.2 2024-01-06 15:34:57 +08:00
yrluke
3e75e7c6b6 Update upgrade.sh 
fix: use the right command
 2024-01-05 22:03:13 +08:00
delong.wang
2bff3ecf9d fix: qps missing in dashboard 2024-01-05 21:57:08 +08:00
yrluke
6651db33a7 fix: rollback the SUBNET_PREFIX 2024-01-05 20:13:35 +08:00
yrluke
e7bccbaf6e fix: add the image prefix to offline 2024-01-05 20:10:39 +08:00
yrluke
bc91a9834f feat: use the right compose.yml 2024-01-05 19:52:32 +08:00
yrluke
81edced29d fix: when change the cdn is 0 is fail 2024-01-05 19:32:02 +08:00
dundunHa
1ef873dcc3 chore: changelog 2024-01-05 19:30:48 +08:00
yrluke
8d49f7045d feat: fix the wrong condition 2024-01-05 19:16:47 +08:00
yrluke
dad3deb482 doc: update the install and upgrade 2024-01-05 19:04:47 +08:00
dundunHa
cd13c08a2f feat: release 4.0.0 2024-01-05 19:02:37 +08:00
yrluke
045ec5f44e feat: add the huawei image repo 2024-01-05 18:56:38 +08:00
yrluke
094211f28f feat: use the right image tag 2024-01-05 18:47:29 +08:00
yrluke
93c9739292 feat: merge the stream and latest and upload the huawei compose 2024-01-05 18:43:39 +08:00
delong.wang
3a468d6af5 feat(doc): remove docs related with beta version 2024-01-05 18:39:57 +08:00
delong.wang
77adc02bd9 feat: add mixed crawler ip pool 2024-01-04 18:07:10 +08:00
delong.wang
7ccea91046 Merge pull request #561 from nmgliangwei/main 
Update upgrade.sh
 2024-01-04 16:23:09 +08:00
delong.wang
6f264ce8d3 Merge pull request #569 from safe1ine/patch-1 
Update README.md
 2024-01-04 16:19:31 +08:00
safe1ine
b108b6feff Update README.md 2024-01-04 16:17:48 +08:00
delong.wang
1692fff007 fix: missing npm depens in lock file 2024-01-04 15:12:03 +08:00
delong.wang
4f503d358a feat: add crawler ip group data 2024-01-04 14:51:49 +08:00
delong.wang
6c44959c49 feat: change feature description about basic version 2024-01-02 18:27:02 +08:00
梁伟
e0fe48bebf Update upgrade.sh 
beta支持升级
 2023-12-30 12:05:46 +08:00
delong.wang
f23da8a9b9 feat: upgrade recommanded version 2023-12-28 16:35:16 +08:00
delong.wang
fcdcf124d5 feat: change release log 2023-12-28 15:36:15 +08:00
dundunHa
fea6a0efa9 feat: release 4.0.0-beta.3, update compose.yml 2023-12-28 14:58:38 +08:00
dundunHa
9f22ad048c feat: release 4.0.0-beta.3 2023-12-28 14:30:07 +08:00
delong.wang
ac7c858520 feat: update recommand version 2023-12-28 11:29:15 +08:00
delong.wang
5d0a7f7a90 Merge pull request #545 from xbingW/main 
添加 bing 支持
 2023-12-27 17:59:19 +08:00
delong.wang
d4eeee14da feat: replace env name SNSERVER_ADDR with TCD_SNSERVER 2023-12-27 15:15:56 +08:00
dundunHa
09019fe38b feat: release 4.0.0-beta.2 2023-12-22 15:01:30 +08:00
dundunHa
bec7c51e9e feat: release 4.0.0-beta.2 2023-12-22 14:21:48 +08:00
delong.wang
9aceca264c fix: postgres alpine image has time error 2023-12-21 18:27:01 +08:00
xiaobing.wang
8ef0770db2 feat: add bing verify 2023-12-21 16:40:10 +08:00
dundunHa
ef8d0eefc4 feat: release 4.0.0-beta.1 2023-12-21 16:37:36 +08:00
xiaobing.wang
1c67f1acc8 feat: add bing verify 2023-12-21 16:36:49 +08:00
delong.wang
8e5d3a11a9 feat: use "-stream" mode in beta version 2023-12-21 16:28:47 +08:00
delong.wang
55fd344735 Merge pull request #544 from xbingW/main 
添加谷歌验证
 2023-12-21 16:11:52 +08:00
xbingW
5a9a24d01f Merge branch 'chaitin:main' into main 2023-12-21 16:09:35 +08:00
xiaobing.wang
e59fe81244 feat: add google verify 2023-12-21 16:08:10 +08:00
delong.wang
ed6795b4cc feat: add beta version upgrade tips 2023-12-21 15:55:25 +08:00
delong.wang
d65df2a57f feat: remove useless mounted dir 2023-12-21 14:39:15 +08:00
delong.wang
574e600974 fix: compose.yaml config error 2023-12-21 12:28:58 +08:00
delong.wang
e1d0b4058b feat: remove redis password gen funcs 2023-12-21 12:06:45 +08:00
delong.wang
397091015b fix: disable postgres ssl link mode 2023-12-21 12:06:08 +08:00
delong.wang
341806a3bd fix: change safline-postgres container name in compose.yaml 2023-12-21 11:56:33 +08:00
delong.wang
d25144fe9d fix: latest upgrade process should't stop mgt/fvm containers 2023-12-20 17:56:54 +08:00
delong.wang
7a980b4b34 feat: remove fvm image mounted dir 2023-12-20 17:56:09 +08:00
dundunHa
2c75cf70d5 feat: change upgrade.sh remove mgt-api,fvm-manager 2023-12-20 17:47:16 +08:00
delong.wang
24e55faeb8 feat: add beta version install shell 2023-12-20 17:00:59 +08:00
delong.wang
78e73497b0 feat: update 502/504 page styles 2023-12-20 11:02:29 +08:00
delong.wang
12e6ede7be feat: use github as default assets resource 2023-12-19 12:23:34 +08:00
delong.wang
d91b651273 Merge pull request #523 from xbingW/main 
更新官网
 2023-12-15 15:59:45 +08:00
xbingW
1fb34fc49a Merge branch 'chaitin:main' into main 2023-12-15 15:51:41 +08:00
dundunHa
39e93fad1c feat: change release v3.16.1 log 2023-12-15 14:41:40 +08:00
dundunHa
413453a1e7 feat: change release v3.16.1 date 2023-12-15 14:32:23 +08:00
dundunHa
9312ef2f48 feat: change release v3.16.1 log 2023-12-15 14:32:00 +08:00
dundunHa
f8d5861e5a feat: change release v3.16.1 log 2023-12-15 14:30:44 +08:00
dundunHa
99b09d8597 feat: change release v3.16.1 log 2023-12-15 14:30:22 +08:00
dundunHa
c9c9544d22 feat: release v3.16.1 2023-12-15 14:23:07 +08:00
xiaobing.wang
e7a7976774 feat: add sitemap 2023-12-14 10:59:29 +08:00
xbingW
a215268a10 Merge branch 'chaitin:main' into main 2023-12-14 10:57:11 +08:00
lanlan
88bfec45cd feat(websit): mobile page style optimization 2023-12-14 10:56:49 +08:00
lanlan
6d1c328402 feat(website): add robots.txt and sitemap.xml 2023-12-14 10:56:49 +08:00
lanlan
2259c9984e feat(website): update issue api 2023-12-14 10:56:49 +08:00
xiaobing.wang
50373094ad feat: update issue api 2023-12-14 10:56:49 +08:00
delong.wang
5930692edc feat: update 5xx page 2023-12-14 10:43:58 +08:00
xbingW
58d57ee33a Merge pull request #6 from ct-jaryn/main 
少量修改
 2023-12-14 10:42:44 +08:00
张华杰
9c987a4bc7 少量修改 2023-12-14 10:28:49 +08:00
yrluke
ef5269f634 Merge pull request #505 from xbingW/main 
增加 /api/exist 接口
 2023-12-08 18:28:13 +08:00
xiaobing.wang
9166f87178 feat: add /api/exist 2023-12-08 17:49:44 +08:00
xiaobing.wang
8963fdd7bf feat: add /api/exist 2023-12-08 16:57:14 +08:00
dundunHa
77f94765c6 chore: modify changelog 2023-12-08 14:18:54 +08:00
dundunHa
34e08e7918 feat: add 502 page image 2023-12-08 11:45:16 +08:00
dundunHa
dc4fb861ef feat: release v3.15.3 2023-12-08 11:23:26 +08:00
dundunHa
5e86861510 feat: release v3.15.2 2023-12-07 18:07:26 +08:00
dundunHa
088d502d4b feat: release v3.15.1 2023-12-07 17:27:30 +08:00
delong.wang
93ccb1e1f6 feat: update 502/504 page 2023-12-07 16:10:41 +08:00
dundunHa
4abcbc03ae feat: release v3.15.0 2023-12-07 15:33:30 +08:00
delong.wang
44487b3a8b feat: add default 504 page, fix few translations 2023-12-07 14:42:41 +08:00
delong.wang
f4dbf3bde5 feat: new 502 page 2023-12-07 11:38:00 +08:00
delong.wang
bcdd0be188 feat: support english language in block page 2023-12-07 10:56:46 +08:00
delong.wang
c0b0bc6547 feat: rename index.html to denied.html 2023-12-07 10:47:17 +08:00
delong.wang
09505941db Merge pull request #490 from xbingW/main 
官网更新
 2023-12-04 10:29:13 +08:00
xbingW
162f76a737 Merge pull request #4 from xbingW/website 
Website
 2023-12-01 19:22:02 +08:00
dundunHa
e2bcabff20 feat: release v3.14.1 2023-12-01 19:19:02 +08:00
delong.wang
eaac017f82 fix: redis is cursed when upgrade to 3.14.0 2023-12-01 19:19:02 +08:00
delong.wang
ed838e6052 feat: update v3.14.0 compose.yaml 2023-12-01 19:19:02 +08:00
delong.wang
8814a0bb6f feat: update to v3.14.0 2023-12-01 19:19:02 +08:00
delong.wang
f8c63f7d86 feat: format compose.yaml 2023-12-01 19:19:02 +08:00
xbingW
124ec73684 Merge pull request #3 from ct-jaryn/main 
调整
 2023-12-01 19:18:49 +08:00
张华杰
2dbe8cd35e 调整 2023-12-01 19:09:57 +08:00
xbingW
f896a21a9d Merge pull request #2 from ct-jaryn/main 
增加视频暂停功能
 2023-12-01 18:41:03 +08:00
张华杰
e59e1da238 增加视频暂停功能 2023-12-01 18:29:39 +08:00
lanlan
34c830d7cd feat: 移动端页面适配 2023-12-01 17:19:19 +08:00
xiaobing.wang
3df9012906 fix: refresh cache 2023-12-01 16:59:56 +08:00
xbingW
6850295f78 Merge pull request #1 from ct-jaryn/main 
调整和优化
 2023-12-01 16:59:18 +08:00
张华杰
ced4a0f4a0 优化更新 2023-12-01 13:25:55 +08:00
张华杰
045577348f 文档优化,突出了云监测的福利 2023-12-01 13:25:06 +08:00
lanlan
b6297f289e feat(website): add star count api and update text 2023-11-30 19:39:52 +08:00
dundunHa
2becd43537 feat: release v3.14.1 2023-11-30 18:51:38 +08:00
delong.wang
1b58308ba6 fix: redis is cursed when upgrade to 3.14.0 2023-11-30 18:03:36 +08:00
张华杰
37cbd0d4dd 调整和优化 2023-11-30 15:13:17 +08:00
delong.wang
9d51bc9ea3 feat: update v3.14.0 compose.yaml 2023-11-30 14:39:53 +08:00
xiaobing.wang
6504339a03 feat: add star count 2023-11-29 15:05:14 +08:00
120 changed files with 13267 additions and 977 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -2,5 +2,6 @@
.DS_Store
*.zip
*.tar
*.tar.gz
build.sh
compose.yml

197
CHANGELOG.md
View File

@@ -1,17 +1,206 @@
# SAFELINE-CE CHANGELOG
### [3.14.0] - 2023-11-30
## [4.4.2] - 2024-03-09
#### 新增
### 修复
- 修复 FVM 服务在某些情况下 TCP 连接异常升高的问题
## [4.4.1] - 2024-03-07
### 优化
- 专业版支持在明亮主题和黑金主题之间切换
- 优化人机验证([#693](https://github.com/chaitin/SafeLine/issues/693),云端更新,历史版本也生效)
- 降低旋转图片的误差要求
- 图片不容易对齐时,支持刷新图片
- 修复一些低版本浏览器转不动图片的问题
- 删除某些特别难对齐的图片
- 优化一些界面 UI 和交互细节
### 修复
- 修复防护配置某些极端情况下会失效的问题
- 修复向 luigi 发大量日志后CPU 占用畸高不下的问题
- 修复升级或重启后限频可能失效,直到修改任意防护配置的问题
- 修复站点选择证书后再直接关闭 SSL证书管理处 “使用站点” 仍然显示该站点的问题([#656](https://github.com/chaitin/SafeLine/issues/656)
- 修复攻击事件页面中,允许把 IP 加入至内置 IP 组的问题
- 修复其他一些已知问题
## [4.4.0] - 2024-02-29
### 新增
- 支持升级至专业版,包含内容:
- 自定义拦截页面
- 商用地理位置库
- 额外补充规则
- 节点负载均衡
- 专属黑金主题
### 优化
- 大幅优化频率限制的即时性,解决限频延迟时间过长的问题
## [4.1.1] - 2024-01-11
### 修复
- 修复 IP 组在线订阅失败时会保存错误内容的问题
## [4.1.0] - 2024-01-11
### 新增
- 拦截日志一键复制为 cURL [#531](https://github.com/chaitin/SafeLine/issues/531)
### 优化
- IP 组若为在线订阅,显示更新时间([#574](https://github.com/chaitin/SafeLine/issues/574)
- 优化 safeline-fvm 容器重启速度,重启时间减少 10s
- 优化 safeline-mgt 容器镜像层数,从 39 层下降到 24 层
### 修复
- 修复日志列表 IP 来源地区未翻译国家编号的问题([#578](https://github.com/chaitin/SafeLine/issues/578)
- 修复英文翻译问题([#591](https://github.com/chaitin/SafeLine/issues/591)
- 修复雷池管理后台证书更新后未自动重启问题
## [4.0.2] - 2024-01-06
### 修复
- 管理后台 mgt 启动时提示证书异常
- 统计页面中 QPS 数据统计方法由窗口时间5s改为按秒计算平均值
## [4.0.1] - 2024-01-05
### 修复
- safeline-luigi 容器打印与功能无关的错误日志
- 统计页面中不显示 QPS 数据
## [4.0.0] - 2024-01-05
### 新增
- 完整支持 **流式语义分析检测**,包含 协议解析、解码、模式匹配 三个阶段的改造,解决经典 “大包绕过” 问题
- IP 组支持通过 URL 在线订阅内容([#414](https://github.com/chaitin/SafeLine/issues/414)
- 新增 “搜索引擎爬虫 IP”包含 Google、Bing、百度、360 的爬虫 IP[#374](https://github.com/chaitin/SafeLine/issues/374)、[#399](https://github.com/chaitin/SafeLine/issues/399)
- 出厂预置 “搜索引擎爬虫白名单” 和 “长亭社区恶意 IP 情报黑名单”,方便配置
### 优化
- 支持类 ChatGPT 应用的流式 HTTP 响应([#513](https://github.com/chaitin/SafeLine/issues/513)
- 在 证书管理 编辑证书后,若证书正被站点使用,自动重启 nginx 使新证书生效([#534](https://github.com/chaitin/SafeLine/issues/534)
- safeline-fvm 容器体积减小 60%
- safeline-mgt 服务减少宿主机文件依赖
- safeline-mgt 服务日志全部写入 docker 标准输出,默认仅输出启动信息和错误日志,减小磁盘占用
- safeline-mgt 服务、safeline-tengine 服务支持运行时日志输出范围设置,方便问题调试
- 更新 compose.yaml 文件配置,移除非必要环境变量配置,规范环境变量名称,移除非必要卷配置
- 增加新统计服务 safeline-luigi为更精细的统计能力做准备
- 优化若干 UI 交互、文字描述、英文翻译的细节(感谢国际友人的帮助)
- 修复 3.16 以及之前版本的一些问题:
- safeline-tcd 启动时因启动顺序导致输出错误提示
- http 强制跳转到 https 功能未生效
- 修复 4.0.0-beta.x 版本中的一些问题:
- 登录雷池失败,提示 HTTP/2 协议错误([#564](https://github.com/chaitin/SafeLine/issues/564)
- 升级脚本未正常检测到雷池安装目录([#561](https://github.com/chaitin/SafeLine/pull/561),感谢热心网友 nmgliangwei
- safeline-mgt 持续输出版本号错误日志
- 拦截页面未显示时间
## [4.0.0-beta.3] - 2023-12-28
### 优化
- 支持类 ChatGPT 应用的流式 HTTP 响应([#513](https://github.com/chaitin/SafeLine/issues/513)
- 更新流式检测引擎到 20231228 版本
### 修复
- 修复由于服务启动顺序导致输出非必要的错误日志
## [4.0.0-beta.2] - 2023-12-22
### 修复
- 修复 safeline-tcd 启动时因启动顺序导致输出错误提示信息
- 修复 safeline-mgt 在 beta 版本下持续输出版本号错误日志
- 修复 http 强制跳转到 https 功能未生效问题
### 优化
- 更新流式检测引擎版本到 20231222 版本
## [4.0.0-beta.1] - 2023-12-21
### 新增
- 完整支持 **流式语义分析检测**,包含 协议解析、解码、模式匹配 三个阶段的改造,解决经典 “大包绕过” 问题
### 优化
- safeline-fvm 容器体积减小 60%
- safeline-mgt 服务减少宿主机文件依赖
- safeline-mgt 服务日志全部写入 docker 标准输出,默认仅输出启动信息和错误日志,减小磁盘占用
- safeline-mgt 服务、safeline-tengine 服务支持运行时日志输出范围设置,方便问题调试
- 更新 compose.yaml 文件配置,移除非必要环境变量配置,规范环境变量名称,移除非必要卷配置
- 增加新统计服务 safeline-luigi为更精细的统计能力做准备
- 美化 502/504 页面
- 优化频率限制配置的英文翻译(感谢国际友人的提示)
## [3.16.1] - 2023-12-15
### 新增
- 右上角增加 “更多工具”,方便快速访问牧云主机助手、百川网站监测等常用运维管理工具
### 优化
- 登录时若验证码错误,不再自动清空内容,方便修改([#449](https://github.com/chaitin/SafeLine/issues/449)
- 精简 docker 镜像文件safeline-mgt-api 体积减小 90%
- 获取站点的 Favicon 和标题时,增加浏览器 UserAgent避免被上游服务拒绝
- 数据统计页 4xx 和 5xx 错误率的默认显示方式从 “-%” 改为 “0%” [#517](https://github.com/chaitin/SafeLine/issues/517)
- 优化控制台和 502 、504 页面的一些样式细节
- 未登录时,不显示任何前端页面内容,避免被报告安全问题
## [3.15.3] - 2023-12-08
### 修复
- 修复 403 拦截页面没有展示拦截页面附加说明的问题
## [3.15.2] - 2023-12-07
### 新增
- 新增 502、504 页面。网站服务器异常、配置有误时,能给网站用户提供更清晰友好的说明
- 拦截页面支持英文,根据客户端语言自动切换
### 优化
- 单个 IP 组内的 IP 数量,增加 1w 行的上限。避免更新配置时系统异常
- 修复创建或修改站点时,端口占用检查没有生效的问题
- 略微提高流量检测和配置修改时的执行效率
## [3.14.1] - 2023-11-30
### 修复
- 修复日志服务 CPU 占用过高问题
## [3.14.0] - 2023-11-30
### 新增
- 增加黑白名单正则表达式校验,避免 “_url_” 这类错误正则
- 事件列表固定表头 ([#443](https://github.com/chaitin/SafeLine/issues/443))
#### 优化
### 优化
- 移除 redis 依赖,减少运行容器数量
#### 修复
### 修复
- 修复黑白名单 CIDR 格式校验提示文案未翻译的问题
- 修复 safeline-tengine 容器提示缺少 MGT_API 的问题 ([#468](https://github.com/chaitin/SafeLine/issues/468))

37
Dockerfile
View File

@@ -1,15 +1,15 @@
FROM golang:1.21 as go-builder
WORKDIR /work
COPY backend .
ENV GOPROXY=https://goproxy.cn,direct
RUN go mod tidy
COPY backend/go.mod .
COPY backend/go.sum .
RUN go mod download
COPY backend .
RUN CGO_ENABLED=0 go build -a -v -ldflags="-w" -o server .
FROM node:20.5-alpine
ARG telemetry
RUN apk update
RUN apk add nginx supervisor curl
@@ -17,12 +17,6 @@ RUN echo -e "
server { \n\
listen 80; \n\
\n\
location /api/count { \n\
proxy_pass $telemetry; \n\
} \n\
location /api/exist { \n\
proxy_pass $telemetry; \n\
} \n\
location /api/ { \n\
proxy_pass http://localhost:8080; \n\
} \n\
@@ -31,11 +25,26 @@ server {
} \n\
location /blazehttp { \n\
root /app/; \n\
try_files \$uri =404; \n\
try_files \$uri =404; \n\
} \n\
location /release { \n\
root /app/; \n\
try_files \$uri =404; \n\
try_files \$uri =404; \n\
} \n\
location /sitemap.xml { \n\
root /srv/website/public; \n\
} \n\
location /sitemap-0.xml { \n\
root /srv/website/public; \n\
} \n\
location /robots.txt { \n\
root /srv/website/public; \n\
} \n\
location /googlef97f8402f9139518.html { \n\
root /srv/website/public; \n\
} \n\
location /BingSiteAuth.xml { \n\
root /srv/website/public; \n\
} \n\
location / { \n\
rewrite /posts/guide_introduction /docs/ permanent; \n\
@@ -94,13 +103,13 @@ COPY --from=go-builder /work/server /srv/server
COPY documents /srv/documents
WORKDIR /srv/documents
RUN npm i; npm run build
RUN npm ci; npm run build
# npm run serve
ENV TARGET=http://localhost:8080
COPY website /srv/website
WORKDIR /srv/website
RUN npm i; npm run build
RUN npm ci; npm run build
# npm start
COPY release /app/release

8
FAQ.md
View File

@@ -24,9 +24,9 @@ As shown, you shall install `docker` first. Try `curl -fLsS https://get.docker.c
As shown, you shall install `docker compose v2`. Try `[Install Docker Compose](https://docs.docker.com/compose/install/)`
### safeline-postgres: Operation not permitted
### safeline-pg: Operation not permitted
`docker logs -f safeline-postgres` with error `Operation not permitted`
`docker logs -f safeline-pg` with error `Operation not permitted`
Upgrade your docker engine and retry.
@@ -94,9 +94,9 @@ As shown, you shall start docker first. Try `systemctl start docker`.
端口冲突,根据报错信息中的端口号,排查是哪个服务占用了,手动处理冲突。
### safeline-postgres 出现 Operation not permitted
### safeline-pg 出现 Operation not permitted
`docker logs -f safeline-postgres` 容器日志中看到 `Operation not permitted` 报错
`docker logs -f safeline-pg` 容器日志中看到 `Operation not permitted` 报错
可能是您的 docker 版本过低,升级 docker 到最新版本尝试一下。

266
LICENSE.md
View File

@@ -1,59 +1,241 @@
## 软件许可
# 软件许可协议
许可证(以下简称“许可证”)适用于您所获取的软件(以下简称“软件”),请您在使用本软件前仔细阅读以下条款。使用本软件表示您同意并接受本许可证的条款。
软件许可协议(以下简称"本协议")是您与北京长亭科技有限公司(以下简称"长亭")订立的具有法律约束力的协议,约束您对长亭发布的雷池社区版软件(以下简称"雷池")的安装与使用。**请您在使用本软件前仔细阅读以下条款,特别是免除或者限制责任的条款。安装、使用本软件表示您同意并接受本协议的条款。如果您不同意本协议条款,您应当立即卸载并停止使用雷池。**
1. **版权声明**
本产品的所有代码、镜像、文件其版权均属于北京长亭科技有限公司。
**【协议的有效期】** 本协议将持续有效,直至您卸载和删除您下载或控制的雷池社区版软件的所有副本。
2. **使用许可**
在遵守本许可证条款的前提下,您有权在单一设备上安装、运行本软件,仅用于个人非商业目的。
**【协议的修改与更新】** 长亭将不时对本协议予以更新,更新内容一经正式发布即成为本协议不可分割的组成部分。**在更新内容发布后继续使用雷池即表示您同意新的条款;如果您不同意新的条款,您应当卸载并停止使用雷池。**
3. **禁止事项**
您不得对本软件进行以下行为:
a) 破解、逆向工程、反编译、反汇编等行为;
b) 二次包装、修改、改编、复制、翻译、再许可或制作衍生作品;
c) 用于商业用途或任何盈利活动;
d) 未经授权的传播、分发、出售、出租本软件;
e) 将本软件与侵犯他人知识产权或违反法律法规的内容、行为结合。
**【术语的翻译】** 如果长亭为您提供了这些条款的英文版本的翻译,您同意该翻译仅为您提供方便,并且这些条款的英文版本将同样约束您与长亭的关系。如果这些条款的中文版本与英文版本之间存在任何矛盾,以中文版本为准。
4. **保留权利**
本软件的版权归原作者所有,除本许可证明确授权外,所有其他权利均由原作者保留。未经原作者明确授权,您不得行使本许可证未明确授权的其他权利。如超出授权使用,原作者保留追究法律责任的权利。
**【许可范围】**
5. **免责声明**
本软件按“现状”提供,不提供任何形式的保证,包括但不限于对适销性、适用于特定用途、无侵权等方面的保证。原作者对于因使用本软件而造成的任何损失、损害、诉讼等不承担责任。
1. 在遵守本协议条款的前提下,您有权在单一设备上安装、运行本软件。
6. **终止条款**
本许可证自您接受之日起生效,直至终止。如您未遵守本许可证的任何条款,原作者有权随时终止本许可证。一旦许可证终止,您必须停止使用本软件,并销毁您拥有或控制的所有副本。
2. 雷池社区版软件是许可给您的,而非出售给您的。在本协议有效期内,并且在您遵守本协议的前提下,长亭授予您非排他性,不可转让,不可分配,不可再许可,可撤销的许可。
7. **适用法律与争议解决**
本许可证受原作者所在国家或司法管辖区法律的约束并依据其解释。任何因本许可证引起的或与其相关的争议应通过协商解决。如协商无果,任何一方均可将争议提交原作者所在国家或司法管辖区的有管辖权的法院解决。
**【知识产权声明】** 本软件的所有代码、镜像、文件其版权、商标等知识产权均属于北京长亭科技有限公司。
## License
**【禁止事项】** 您不得、也不得促使、协助或授权他人对本软件进行以下行为:
This License (hereinafter referred to as "License") applies to the software you have obtained (hereinafter referred to as "Software"). Please read the following terms carefully before using the Software. Using the Software indicates your agreement and acceptance of the terms of this License.
1. 破解、逆向工程、反编译、反汇编、转换为其他编程语言等以尝试获取本软件的源代码或本软件所产生的内在数据文件;
1. **Copyright Notice**
All codes, images, and files of this product are copyrighted by Beijing Chaitin Future Technology Co.,Ltd
2. 二次包装、修改、改编、复制、翻译、再许可或制作衍生作品;
2. **Usage Permission**
Subject to compliance with the terms of this License, you are granted the right to install and run the Software on a single device for personal non-commercial purposes only.
3. 出租、出售、再许可、分发、传播、直接共享、商品化、转让本软件;
3. **Prohibitions**
You shall not engage in the following activities in relation to the Software:
a) Cracking, reverse engineering, decompiling, disassembling, or other similar actions;
b) Repackaging, modifying, adapting, copying, translating, sublicensing, or creating derivative works;
c) Using for commercial purposes or any profit-making activities;
d) Unauthorized dissemination, distribution, sale, or rental of the Software;
e) Combining the Software with content or actions that infringe upon the intellectual property rights of others or violate laws and regulations.
4. 解决或绕过本软件中的任何技术限制;
4. **Reservation of Rights**
The copyright of the Software belongs to the original author. All other rights not expressly granted in this License are reserved by the original author. You may not exercise any other rights not expressly granted in this License without the explicit authorization of the original author.If used beyond the scope of the authorization, the original author reserves the right to pursue legal liability.
5. 修改或删除本软件上关于本软件的版权声明、商标或其他知识产权声明;
5. **Disclaimers**
The Software is provided "as is" without any warranties of any kind, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. The original author shall not be liable for any loss, damage, litigation, or any other consequences resulting from the use of the Software.
6. 以本软件为基础和主要技术能力输出物,提供商业化的云服务或网络服务;
6. **Termination**
This License shall be effective upon your acceptance and shall continue in effect until terminated. The original author reserves the right to terminate this License at any time if you fail to comply with any of the terms and conditions of this License. Upon termination, you must cease all use of the Software and destroy all copies in your possession or control.
7. 对本软件作出任何陈述或保证;
7. **Applicable Law and Dispute Resolution**
This License shall be governed by and construed in accordance with the laws of the country or jurisdiction where the original author is located. Any disputes arising from or in connection with this License shall be resolved through negotiation. In case no settlement can be reached through negotiation, either party may submit the dispute to the competent court of the country or jurisdiction where the original author is located.
8. 将本软件与侵犯他人知识产权或违反法律法规的内容、行为结合。例如1利用本软件发表、传送、传播、储存违反国家法律、危害国家安全、社会稳定、公序良俗的内容或任何不当的、侮辱诽谤的、淫秽的、暴力的及任何违反国家法律法规政策的内容2违法使用本软件包括但不限于侵犯、挪用或以其他方式侵犯任何第三方的任何合法权利。
**【免责声明】**
**本软件是按照现有技术和条件所能达到的现状提供的,长亭不提供任何形式的保证,** 包括但不限于:
1. 对于因使用或无法使用本软件而造成的任何直接、间接、附带、特殊或重大损害、利润损失或业务中断,长亭不承担任何责任,即使长亭已被告知相关损害;
2. 长亭无组织本软件的交流社区的义务与责任,不承担因技术交流导致某一方故障而产生的经济损失以及相关责任;
3. 长亭不对本软件的无故障、适用性、可用性、准确性、质量满意度等做任何形式的保证;
4. 长亭不保证该本软件可以满足您的要求,也不保证其操作不会中断或没有错误,或者将纠正缺陷;
5. 长亭对本软件提供的任何信息或建议均不构成任何担保;
6. 用户因使用本软件违反国家法律法规的,长亭不承担任何责任。
**【软件的获取】** 您可直接从长亭官方认证的渠道获取本软件。如果您从非长亭官方认证的第三方获取本软件或与本软件名称相同的安装程序,长亭无法保证该软件能够正常使用,并对因此给您造成的损失不承担责任。
**【软件的更新】** 为了完善用户体验,增强雷池社区版软件的功能及性能,长亭将会不断努力开发新的功能,并为您不定期提供软件更新。新版本发布后,旧版本的软件可能无法使用。长亭不保证旧版雷池社区版软件的稳定性和可使用性,请您随时核对并下载最新版本。
**【信息收集】** 在本软件安装和使用的过程中长亭将收集部分数据和信息如本软件的版本、语言、IP地址等但长亭不会收集个人身份信息、个人生物识别信息等足以识别出特定自然人的信息长亭仅将收集的信息用于确认您使用的雷池版本情况和雷池功能板块的使用频率从而改善和优化软件功能。
**【数据安全保证】** 长亭在使用过程中不会收集、传输、存储其安装载体中的具体数据,您需要自行负责您的数据安全与备份。您理解并同意长亭无法提供找回丢失数据等服务。
**【权利保留】** 本软件的版权归长亭所有,除本协议明确授权外,所有其他权利均由长亭保留。未经长亭明确授权,您不得行使本协议未明确授权的其他权利。如超出授权使用,长亭保留追究法律责任的权利。
**【责任范围】** 在法律允许的最大范围内,在任何情况下,长亭均不对任何直接的,附带的,特殊的,间接的或后果性的损失或利润损失,数据损失,商誉损失,业务中断或任何其他形式的损失负责,对由您的使用或无法使用雷池社区版软件引起或与之相关的其他损害或损失概不负责。
**【法律适用与争议解决】** 本协议受中华人民共和国大陆地区(不含港澳台地区)法律管辖,并按之解释。因本协议引起的或与本协议有关的任何争议应优先通过协商解决。如协商无果,任何一方可将争议提交长亭所在地人民法院通过诉讼方式解决。
**【条款可分离】** 如本协议的任何条款被视作无效或无法执行,则上述条款可被分离,其余部分则仍具有法律效力。
**【专业版】** 雷池商业/企业版本(非社区版)的权利受单独条款的约束。
### The license agreement
This software license agreement (hereinafter referred to as \"the
agreement\") is a legally binding agreement between you and Beijing
Chaitin Technology Co., Ltd (hereinafter referred to as \"Chaitin\"),
which governs your installation and use of the Leichi Community Edition
software (hereinafter referred to as \"Leichi\") released by Chaitin.
**Please read the following terms carefully before using this software,
especially the terms disclaiming or limiting liability. Installing and
using this software indicates your agreement and acceptance of the terms
of this agreement. If you do not agree to the terms of this agreement,
you should immediately uninstall and stop using Leichi.**
**\[Validity of the Agreement\]** This Agreement will remain in effect
until you uninstall and delete all copies of the Leichi Community
Edition software you downloaded or controlled.
**\[Modification and update of the agreement\]** Chaitin will update
this agreement from time to time, and the updated content will become an
integral part of this agreement once it is officially released.
**Continuing to use Leichi after the updated content is released means
that you agree to the new terms; if you do not agree to the new terms,
you should uninstall and stop using Leichi.**
**\[Translation of Terms\]** If Chaitin provides you with a translation
of the English version of these Terms, you agree that the translation is
only for your convenience, and the English version of these Terms will
also govern your relationship with Chaitin. If there is any conflict
between the Chinese version and the English version of these Terms, the
Chinese version shall prevail.
**\[Permission Scope\]**
1. Subject to the terms of this agreement, you have the right to
install and run this software on a single device.
2. Leichi Community Edition software is licensed to you, not sold to you.
During the term of this Agreement and on the premise that you comply
with this Agreement, Chaitin grants you a non-exclusive,
non-transferable, non-assignable, non-sublicensable, revocable license.
**\[Intellectual Property Statement\]** The copyright, trademark and
other intellectual property rights of all codes, images and files of
this software belong to Beijing Chaitin Technology Co., Ltd.
**\[Prohibited Behavior\]** You may not, nor may you prompt, assist or
authorize others to perform the following actions on this software:
1. Crack, reverse engineer, decompile, disassemble, convert to other
programming languages, etc. in an attempt to obtain the source code of
the software or the inherent data files generated by the software;
2. Repackage, modify, adapt, copy, translate, sublicense or create
derivative works;
3. Rent, sell, sublicense, distribute, disseminate, directly share,
commercialize, and transfer this software;
4. Solve or bypass any technical limitations in the software;
5. Modify or delete the copyright statement, trademark or other
intellectual property statement regarding this software on the software;
6. Provide commercial cloud services or network services based on this
software and the main technical capability output;
7. Make any representation or warranty regarding the Software;
8. Combine this software with content or behavior that infringes on the
intellectual property rights of others or violates laws and regulations.
For example: (1) Use this software to publish, transmit, disseminate,
and store content that violates national laws, endangers national
security, social stability, public order and good morals, or any
inappropriate, insulting, defamatory, obscene, violent, or anything that
violates national laws and regulations The content of the policy; (2)
Illegal use of this software, including but not limited to infringement,
misappropriation or other infringement of any legal rights of any third
party.
**\[Disclaimer\]**
**This software is provided according to the status quo that the
existing technology and conditions can achieve. Chaitin does not provide
any form of guarantee,** including but not limited to:
1. Chaitin does not assume any responsibility for any direct, indirect,
incidental, special or significant damages, loss of profits or business
interruption caused by the use or inability to use this software, even
if Chaitin has been informed of the relevant damages;
2. Chaitin has no obligation or responsibility to organize a
communication community for this software, and does not assume any
economic losses or related responsibilities arising from the failure of
any party due to technical exchanges;
3. Chaitin does not make any form of guarantee regarding the
fault-freeness, applicability, availability, accuracy, quality
satisfaction, etc. of this software;
4. Chaitin does not guarantee that the software can meet your
requirements, nor does it guarantee that its operation will be
uninterrupted or error-free, or that defects will be corrected;
5. Any information or suggestions provided by Chaitin does not
constitute any guarantee for this software;
6. Chaitin does not assume any responsibility if the user violates
national laws and regulations by using this software.
**\[Acquisition of software\]** You can obtain this software directly
from Chaitin's official certified channels. If you obtain this software
or an installation program with the same name as this software from a
third party that is not officially certified by Chaitin, Chaitin cannot
guarantee that the software can be used normally and is not responsible
for any losses caused to you.
**\[Software Updates\]** In order to improve the user experience and
enhance the functions and performance of the Leichi Community Edition
software, Chaitin will continue to work hard to develop new features and
provide you with software updates from time to time. After a new version
is released, older versions of the software may become unusable. Chaitin
does not guarantee the stability and usability of the old version of the
Leichi Community Edition software. Please check and download the latest
version at any time.
**\[Information Collection\]** During the installation and use of this
software, Chaitin will collect some data and information, such as the
version of the software, language, IP address, etc., but Chaitin will
not collect personal identity information, personal biometric
information, etc. that are sufficient to identify To obtain the
information of specific natural persons, Chaitin will only use the
collected information to confirm the version of Leichi you are using and
the frequency of use of the Leichi function section, so as to improve
and optimize the software functions.
**\[Data Security Guarantee\]** Chaitin will not collect, transmit, or
store specific data in its installation carrier during use. You are
responsible for the security and backup of your data. You understand and
agree that Chaitin cannot provide services such as retrieval of lost
data.
**\[Rights reserved\]** The copyright of this software belongs to
Chaitin. Except as expressly authorized by this agreement, all other
rights are reserved by Chaitin. Without express authorization from
Chaitin, you may not exercise other rights not expressly authorized by
this Agreement. If the use exceeds the authorized use, Chaitin reserves
the right to pursue legal liability.
**\[Scope of Liability\]** To the maximum extent permitted by law, under
no circumstances shall Chaitin be liable for any direct, incidental,
special, indirect or consequential losses or loss of profits, loss of
data, loss of goodwill, business interruption or any other form of loss,
and is not responsible for other damages or losses arising out of or
related to your use of or inability to use the Leichi Community Edition
software.
**\[Law Application and Dispute Resolution\]** This agreement shall be
governed by and construed in accordance with the laws of the mainland of
the People\'s Republic of China (excluding Hong Kong, Macao and Taiwan).
Any disputes arising out of or in connection with this Agreement shall
be resolved first through negotiation. If the negotiation fails, either
party may submit the dispute to the People\'s Court where Chaitin is
located for settlement through litigation.
**\[Terms can be severed\]** If any term of this agreement is deemed to
be invalid or unenforceable, the above terms can be severed and the
remaining parts will still have legal effect.
**\[Professional Edition\]** The rights of the Leichi
commercial/enterprise version (non-community version) are subject to
separate terms.

17
README.md
View File

@@ -1,5 +1,5 @@
<p align="center">
<img src="https://waf-ce.chaitin.cn/images/403.svg" width="120">
<img src="https://raw.githubusercontent.com/chaitin/SafeLine/main/documents/static/images/403.svg" width="120">
</p>
<h1 align="center">雷池 - 广受好评的社区 WAF</h1>
<br>
@@ -20,9 +20,14 @@
一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术作为反向代理接入保护你的网站不受黑客攻击。
- **累计安装**超过 60000 台
- **保护网站**超过 500,000 个
- 每天**处理 HTTP 请求**超过 20,000,000,000 次
- 每天**拦截攻击**超过 10,000,000 次
核心检测能力由智能语义分析算法驱动,专为社区而生,不让黑客越雷池半步。
<img src="https://waf-ce.chaitin.cn/images/album/0.png" />
<img src="https://raw.githubusercontent.com/chaitin/SafeLine/main/documents/static/images/album/0.png" />
<h4 align="center">相关源码仓库</h4>
<p align="center">
@@ -75,13 +80,13 @@ bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
浏览器打开后台管理页面 `https://<waf-ip>:9443`。根据界面提示,使用 **支持 TOTP 的认证软件** 扫描二维码,然后输入动态口令登录:
![login.gif](https://waf-ce.chaitin.cn/images/gif/login.gif)
![login.gif](https://raw.githubusercontent.com/chaitin/SafeLine/main/documents/static/images/gif/login.gif)
### 配置防护站点
雷池以反向代理方式接入,优先于网站服务器接收流量,对流量中的攻击行为进行检测和清洗,将清洗过后的流量转发给网站服务器。
![config.gif](https://waf-ce.chaitin.cn/images/gif/config_site.gif)
![config.gif](https://raw.githubusercontent.com/chaitin/SafeLine/main/documents/static/images/gif/config_site.gif)
<font color=grey>💡 TIPS: 添加后,执行 `curl -H "Host: <域名>" http://<WAF IP>:<端口>` 应能获取到业务网站的响应。</font>
@@ -92,7 +97,7 @@ bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
- 浏览器访问 `http://<IP或域名>:<端口>/?id=1%20AND%201=1`
- 浏览器访问 `http://<IP或域名>:<端口>/?a=<script>alert(1)</script>`
![log.gif](https://waf-ce.chaitin.cn/images/gif/detect_log.gif)
![log.gif](https://raw.githubusercontent.com/chaitin/SafeLine/main/documents/static/images/gif/detect_log.gif)
> 如果你需要进行深度测试,请参考 <a href="https://waf-ce.chaitin.cn/posts/guide_test">测试防护效果</a>
@@ -109,7 +114,7 @@ bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
1. 可以通过 GitHub Issue 直接进行 Bug 反馈和功能建议
2. 可以扫描下方二维码加入雷池社区版用户讨论群
<img src="https://waf-ce.chaitin.cn/images/wechat-230825.png" width="30%" />
<img src="https://raw.githubusercontent.com/chaitin/SafeLine/main/documents/static/images/wechat-230825.png" width="30%" />
## Star History <a name="star-history"></a>

2
README_EN.md
View File

@@ -98,7 +98,7 @@ For examples:
1. You can make bug feedback and feature suggestions directly through GitHub Issues.
2. By scanning the QR code below (use wechat or qq), you can join the discussion group of SafeLine users for detailed discussions.
<img src="https://waf-ce.chaitin.cn/images/wechat-230825.png" width="30%" />
<img src="https://raw.githubusercontent.com/chaitin/SafeLine/main/documents/static/images/wechat-230825.png" width="30%" />
## ✨ CTStack
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/CT%20Stack-2.png" width="30%" />

134
backend/docs/docs.go
View File

@@ -15,6 +15,40 @@ const docTemplate = `{
"host": "{{.Host}}",
"basePath": "{{.BasePath}}",
"paths": {
"/exist": {
"post": {
"description": "get ip if id exist",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Safeline"
],
"summary": "get ip if id exist",
"parameters": [
{
"description": "body",
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/handler.ExistReq"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "string"
}
}
}
}
},
"/repos/discussions": {
"get": {
"description": "get discussions from GitHub",
@@ -49,6 +83,29 @@ const docTemplate = `{
}
}
},
"/repos/info": {
"get": {
"description": "get repo info from GitHub",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"GitHub"
],
"summary": "get repo info",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/service.Repo"
}
}
}
}
},
"/repos/issues": {
"get": {
"description": "get issues from GitHub",
@@ -82,17 +139,68 @@ const docTemplate = `{
}
}
}
},
"/safeline/count": {
"get": {
"description": "get installer count",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Safeline"
],
"summary": "get installer count",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/service.InstallerCount"
}
}
}
}
}
},
"definitions": {
"handler.ExistReq": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"token": {
"type": "string"
}
}
},
"service.Category": {
"type": "object",
"properties": {
"emoji": {
"type": "string"
},
"emoji_html": {
"type": "string"
},
"id": {
"type": "string"
},
"name": {
"type": "string"
}
}
},
"service.Discussion": {
"type": "object",
"properties": {
"author": {
"$ref": "#/definitions/service.User"
},
"category_name": {
"type": "string"
"category": {
"$ref": "#/definitions/service.Category"
},
"comment_count": {
"type": "integer"
@@ -126,6 +234,17 @@ const docTemplate = `{
},
"upvote_count": {
"type": "integer"
},
"url": {
"type": "string"
}
}
},
"service.InstallerCount": {
"type": "object",
"properties": {
"total": {
"type": "integer"
}
}
},
@@ -172,6 +291,17 @@ const docTemplate = `{
}
}
},
"service.Repo": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"star_count": {
"type": "integer"
}
}
},
"service.User": {
"type": "object",
"properties": {

134
backend/docs/swagger.json
View File

@@ -4,6 +4,40 @@
"contact": {}
},
"paths": {
"/exist": {
"post": {
"description": "get ip if id exist",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Safeline"
],
"summary": "get ip if id exist",
"parameters": [
{
"description": "body",
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/handler.ExistReq"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "string"
}
}
}
}
},
"/repos/discussions": {
"get": {
"description": "get discussions from GitHub",
@@ -38,6 +72,29 @@
}
}
},
"/repos/info": {
"get": {
"description": "get repo info from GitHub",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"GitHub"
],
"summary": "get repo info",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/service.Repo"
}
}
}
}
},
"/repos/issues": {
"get": {
"description": "get issues from GitHub",
@@ -71,17 +128,68 @@
}
}
}
},
"/safeline/count": {
"get": {
"description": "get installer count",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Safeline"
],
"summary": "get installer count",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/service.InstallerCount"
}
}
}
}
}
},
"definitions": {
"handler.ExistReq": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"token": {
"type": "string"
}
}
},
"service.Category": {
"type": "object",
"properties": {
"emoji": {
"type": "string"
},
"emoji_html": {
"type": "string"
},
"id": {
"type": "string"
},
"name": {
"type": "string"
}
}
},
"service.Discussion": {
"type": "object",
"properties": {
"author": {
"$ref": "#/definitions/service.User"
},
"category_name": {
"type": "string"
"category": {
"$ref": "#/definitions/service.Category"
},
"comment_count": {
"type": "integer"
@@ -115,6 +223,17 @@
},
"upvote_count": {
"type": "integer"
},
"url": {
"type": "string"
}
}
},
"service.InstallerCount": {
"type": "object",
"properties": {
"total": {
"type": "integer"
}
}
},
@@ -161,6 +280,17 @@
}
}
},
"service.Repo": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"star_count": {
"type": "integer"
}
}
},
"service.User": {
"type": "object",
"properties": {

88
backend/docs/swagger.yaml
View File

@@ -1,10 +1,28 @@
definitions:
handler.ExistReq:
properties:
id:
type: string
token:
type: string
type: object
service.Category:
properties:
emoji:
type: string
emoji_html:
type: string
id:
type: string
name:
type: string
type: object
service.Discussion:
properties:
author:
$ref: '#/definitions/service.User'
category_name:
type: string
category:
$ref: '#/definitions/service.Category'
comment_count:
type: integer
comment_users:
@@ -27,6 +45,13 @@ definitions:
type: string
upvote_count:
type: integer
url:
type: string
type: object
service.InstallerCount:
properties:
total:
type: integer
type: object
service.Issue:
properties:
@@ -56,6 +81,13 @@ definitions:
name:
type: string
type: object
service.Repo:
properties:
id:
type: string
star_count:
type: integer
type: object
service.User:
properties:
avatar_url:
@@ -66,6 +98,28 @@ definitions:
info:
contact: {}
paths:
/exist:
post:
consumes:
- application/json
description: get ip if id exist
parameters:
- description: body
in: body
name: body
required: true
schema:
$ref: '#/definitions/handler.ExistReq'
produces:
- application/json
responses:
"200":
description: OK
schema:
type: string
summary: get ip if id exist
tags:
- Safeline
/repos/discussions:
get:
consumes:
@@ -88,6 +142,21 @@ paths:
summary: get discussions
tags:
- GitHub
/repos/info:
get:
consumes:
- application/json
description: get repo info from GitHub
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/service.Repo'
summary: get repo info
tags:
- GitHub
/repos/issues:
get:
consumes:
@@ -110,4 +179,19 @@ paths:
summary: get issues
tags:
- GitHub
/safeline/count:
get:
consumes:
- application/json
description: get installer count
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/service.InstallerCount'
summary: get installer count
tags:
- Safeline
swagger: "2.0"

17
backend/internal/handler/github.go
View File

@@ -60,3 +60,20 @@ func (h *GitHubHandler) GetDiscussions(c *gin.Context) {
c.JSON(http.StatusOK, discussions)
}
// GetRepo handles GET requests for fetching GitHub repo info.
// @Summary get repo info
// @Description get repo info from GitHub
// @Tags GitHub
// @Accept json
// @Produce json
// @Success 200 {object} service.Repo
// @Router /repos/info [get]
func (h *GitHubHandler) GetRepo(c *gin.Context) {
repo, err := h.gitHubService.GetRepo(c)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, repo)
}

64
backend/internal/handler/safeline.go Normal file
View File

@@ -0,0 +1,64 @@
package handler
import (
"net/http"
"github.com/gin-gonic/gin"
"github.com/chaitin/SafeLine/internal/service"
)
type SafelineHandler struct {
safelineService *service.SafelineService
}
func NewSafelineHandler(safelineService *service.SafelineService) *SafelineHandler {
return &SafelineHandler{
safelineService: safelineService,
}
}
// GetInstallerCount
// @Summary get installer count
// @Description get installer count
// @Tags Safeline
// @Accept json
// @Produce json
// @Success 200 {object} service.InstallerCount
// @Router /safeline/count [get]
func (h *SafelineHandler) GetInstallerCount(c *gin.Context) {
count, err := h.safelineService.GetInstallerCount(c)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(200, count)
}
type ExistReq struct {
Id string `json:"id"`
Token string `json:"token"`
}
// Exist return ip if id exist
// @Summary get ip if id exist
// @Description get ip if id exist
// @Tags Safeline
// @Accept json
// @Produce json
// @Param body body ExistReq true "body"
// @Success 200 {object} string
// @Router /exist [post]
func (h *SafelineHandler) Exist(c *gin.Context) {
req := &ExistReq{}
if err := c.ShouldBindJSON(req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
ip, err := h.safelineService.GetExist(c, req.Id, req.Token)
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": err.Error()})
return
}
c.JSON(200, gin.H{"ip": ip})
}

179
backend/internal/service/github.go
View File

@@ -4,6 +4,8 @@ import (
"context"
"log"
"net/http"
"slices"
"sort"
"strings"
"sync"
"time"
@@ -11,6 +13,22 @@ import (
"github.com/shurcooL/githubv4"
)
type LabelName = string
const (
LabelNameEnhancement LabelName = "enhancement"
LabelNameInProgress LabelName = "in progress"
LabelNameReleased LabelName = "released"
)
type RoadmapLabelName = string
const (
RoadmapLabelNameInConsideration RoadmapLabelName = "in_consideration"
RoadmapLabelNameInProgress RoadmapLabelName = "in_progress"
RoadmapLabelNameReleased RoadmapLabelName = "released"
)
type Label struct {
Name string `json:"name"`
Color string `json:"color"`
@@ -21,17 +39,58 @@ type User struct {
AvatarUrl string `json:"avatar_url"`
}
type IssueState = string
const (
IssueStateOpened IssueState = "OPEN"
IssueStateClosed IssueState = "CLOSED"
)
// Issue represents a GitHub issue with minimal fields.
type Issue struct {
ID string `json:"id"`
Title string `json:"title"`
Body string `json:"-"`
Url string `json:"url"`
Labels []Label `json:"labels"`
CommentCount int `json:"comment_count"`
ThumbsUpCount int `json:"thumbs_up"`
Author User `json:"author"`
CreatedAt int64 `json:"created_at"`
ID string `json:"id"`
Title string `json:"title"`
Body string `json:"-"`
State IssueState `json:"state"`
Url string `json:"url"`
Labels []Label `json:"labels"`
CommentCount int `json:"comment_count"`
ThumbsUpCount int `json:"thumbs_up"`
Author User `json:"author"`
CreatedAt int64 `json:"created_at"`
UpdatedAt int64 `json:"updated_at"`
}
func (i Issue) InConsideration() bool {
if i.State != IssueStateOpened {
return false
}
if !slices.Contains(i.LabelNames(), LabelNameEnhancement) {
return false
}
if slices.Contains(i.LabelNames(), LabelNameInProgress) {
return false
}
if slices.Contains(i.LabelNames(), LabelNameReleased) {
return false
}
return true
}
func (i Issue) InProgress() bool {
return i.State == IssueStateOpened && slices.Contains(i.LabelNames(), LabelNameInProgress)
}
func (i Issue) Released() bool {
return slices.Contains(i.LabelNames(), LabelNameReleased)
}
func (i Issue) LabelNames() []string {
var names []string
for _, v := range i.Labels {
names = append(names, v.Name)
}
return names
}
// Discussion represents a GitHub discussion.
@@ -58,6 +117,11 @@ type Category struct {
EmojiHTML string `json:"emoji_html" graphql:"emojiHTML"`
}
type Repo struct {
ID string `json:"id"`
StarCount int `json:"star_count"`
}
type GitHubAPI interface {
Query(ctx context.Context, q interface{}, variables map[string]interface{}) error
}
@@ -155,33 +219,63 @@ func (s *GitHubService) refreshCache() {
return
}
s.cache.Store("discussions", discussions)
repo, err := s.fetchRepo(context.Background())
if err != nil {
log.Printf("failed to fetch repo %v", err)
return
}
s.cache.Store("repo", repo)
}
// GetIssues tries to get the issues from cache; if not available, fetches from GitHub API.
func (s *GitHubService) GetIssues(ctx context.Context, filter string) (issues []*Issue, err error) {
func (s *GitHubService) GetIssues(ctx context.Context, filter string) (map[string][]*Issue, error) {
cachedIssues, found := s.cache.Load("issues")
if found {
return s.filterIssues(cachedIssues.([]*Issue), filter)
}
issues, err = s.fetchIssues(ctx, nil)
issues, err := s.fetchIssues(ctx, nil)
if err != nil {
return nil, err
}
return s.filterIssues(issues, filter)
}
func (s *GitHubService) filterIssues(issues []*Issue, filter string) ([]*Issue, error) {
func (s *GitHubService) filterIssues(issues []*Issue, filter string) (map[string][]*Issue, error) {
filteredIssues := issues
if filter != "" {
filteredIssues := make([]*Issue, 0)
filteredIssues = make([]*Issue, 0)
for _, issue := range issues {
if strings.Contains(issue.Title, filter) || strings.Contains(issue.Body, filter) {
filteredIssues = append(filteredIssues, issue)
}
}
return filteredIssues, nil
}
return issues, nil
out := make(map[string][]*Issue)
for _, issue := range filteredIssues {
if issue.InConsideration() {
out[RoadmapLabelNameInConsideration] = append(out[RoadmapLabelNameInConsideration], issue)
}
if issue.InProgress() {
out[RoadmapLabelNameInProgress] = append(out[RoadmapLabelNameInProgress], issue)
}
if issue.Released() {
out[RoadmapLabelNameReleased] = append(out[RoadmapLabelNameReleased], issue)
}
}
sort.Slice(out[RoadmapLabelNameInConsideration], func(i, j int) bool {
return out[RoadmapLabelNameInConsideration][i].ThumbsUpCount > out[RoadmapLabelNameInConsideration][j].ThumbsUpCount
})
sort.Slice(out[RoadmapLabelNameInProgress], func(i, j int) bool {
return out[RoadmapLabelNameInProgress][i].ThumbsUpCount > out[RoadmapLabelNameInProgress][j].ThumbsUpCount
})
sort.Slice(out[RoadmapLabelNameReleased], func(i, j int) bool {
return out[RoadmapLabelNameReleased][i].UpdatedAt > out[RoadmapLabelNameReleased][j].UpdatedAt
})
return out, nil
}
// GetRepositoryIssues queries GitHub for issues of a repository.
@@ -194,7 +288,9 @@ func (s *GitHubService) fetchIssues(ctx context.Context, afterCursor *githubv4.S
Title string
Body string
Url string
State string
CreatedAt githubv4.DateTime
UpdatedAt githubv4.DateTime
Author User
Labels struct {
Nodes []struct {
@@ -213,7 +309,7 @@ func (s *GitHubService) fetchIssues(ctx context.Context, afterCursor *githubv4.S
EndCursor githubv4.String
HasNextPage bool
}
} `graphql:"issues(first: 100, after: $afterCursor, states: OPEN, orderBy: {field: CREATED_AT, direction: DESC})"`
} `graphql:"issues(first: 100, after: $afterCursor, orderBy: {field: UPDATED_AT, direction: DESC})"`
} `graphql:"repository(owner: $owner, name: $name)"`
}
variables := map[string]interface{}{
@@ -230,19 +326,21 @@ func (s *GitHubService) fetchIssues(ctx context.Context, afterCursor *githubv4.S
issues := make([]*Issue, 0)
for _, node := range query.Repository.Issues.Nodes {
issue := &Issue{
ID: node.ID,
Title: node.Title,
Body: node.Body,
Url: node.Url,
ID: node.ID,
Title: node.Title,
Body: node.Body,
Url: node.Url,
State: node.State,
CreatedAt: node.CreatedAt.Unix(),
UpdatedAt: node.UpdatedAt.Unix(),
Author: node.Author,
CommentCount: node.Comments.TotalCount,
ThumbsUpCount: node.Reactions.TotalCount,
}
issue.Labels = make([]Label, len(node.Labels.Nodes))
for i, label := range node.Labels.Nodes {
issue.Labels[i] = Label{Name: label.Name, Color: label.Color}
}
issue.CommentCount = node.Comments.TotalCount
issue.ThumbsUpCount = node.Reactions.TotalCount
issue.Author = node.Author
issue.CreatedAt = node.CreatedAt.Unix()
issues = append(issues, issue)
}
@@ -374,3 +472,36 @@ func (s *GitHubService) fetchDiscussions(ctx context.Context, afterCursor *githu
return discussions, nil
}
func (s *GitHubService) GetRepo(ctx context.Context) (*Repo, error) {
if cachedData, found := s.cache.Load("repo"); found {
return cachedData.(*Repo), nil
}
repo, err := s.fetchRepo(ctx)
if err != nil {
return nil, err
}
s.cache.Store("repo", repo)
return repo, nil
}
func (s *GitHubService) fetchRepo(ctx context.Context) (*Repo, error) {
var query struct {
Repository struct {
ID string
StargazerCount int
} `graphql:"repository(owner: $owner, name: $name)"`
}
variables := map[string]interface{}{
"owner": githubv4.String(s.owner),
"name": githubv4.String(s.repo),
}
err := s.request(ctx, &query, variables)
if err != nil {
return nil, err
}
return &Repo{ID: query.Repository.ID, StarCount: query.Repository.StargazerCount}, nil
}

83
backend/internal/service/safeline.go Normal file
View File

@@ -0,0 +1,83 @@
package service
import (
"context"
"crypto/tls"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
"strings"
)
var cacheCount InstallerCount
type InstallerCount struct {
Total int `json:"total"`
}
type SafelineService struct {
client *http.Client
APIHost string
}
func NewSafelineService(host string) *SafelineService {
return &SafelineService{
APIHost: host,
client: &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
},
}
}
func (s *SafelineService) GetInstallerCount(ctx context.Context) (InstallerCount, error) {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, s.APIHost+"/api/v1/public/safeline/count", nil)
if err != nil {
return cacheCount, err
}
res, err := s.client.Do(req)
if err != nil {
return cacheCount, err
}
defer res.Body.Close()
var r map[string]interface{}
if err := json.NewDecoder(res.Body).Decode(&r); err != nil {
return cacheCount, err
}
if r["code"].(float64) != 0 {
return cacheCount, nil
}
cacheCount = InstallerCount{
Total: int(r["data"].(map[string]interface{})["total"].(float64)),
}
return cacheCount, nil
}
// GetExist return ip if id exist
func (s *SafelineService) GetExist(ctx context.Context, id string, token string) (string, error) {
body := fmt.Sprintf(`{"id":"%s", "token": "%s"}`, id, token)
req, err := http.NewRequestWithContext(ctx, http.MethodPost, s.APIHost+"/api/v1/public/safeline/exist", strings.NewReader(body))
if err != nil {
return "", err
}
res, err := s.client.Do(req)
if err != nil {
return "", err
}
defer res.Body.Close()
if res.StatusCode != http.StatusOK {
raw, _ := io.ReadAll(res.Body)
return "", errors.New(string(raw))
}
var r map[string]interface{}
if err := json.NewDecoder(res.Body).Decode(&r); err != nil {
return "", err
}
if r["code"].(float64) != 0 {
return "", nil
}
return r["data"].(map[string]interface{})["ip"].(string), nil
}

17
backend/main.go
View File

@@ -16,10 +16,6 @@ import (
func main() {
viper.AutomaticEnv()
// variables that must be set
viper.SetDefault("GITHUB_TOKEN", "")
// optional variables to set
viper.SetDefault("GITHUB_CACHE_TTL", 10) // cache timeout in minutes
viper.SetDefault("LISTEN_ADDR", ":8080") // api server addr
@@ -27,6 +23,12 @@ func main() {
if githubToken == "" {
log.Fatal("GITHUB_TOKEN must be set")
}
telemetryHost := viper.GetString("TELEMETRY_HOST")
if telemetryHost == "" {
log.Fatal("TELEMETRY_HOST must be set")
}
listenAddr := viper.GetString("LISTEN_ADDR")
r := gin.Default()
@@ -45,6 +47,13 @@ func main() {
v1 := r.Group("/api")
v1.GET("/repos/issues", gitHubHandler.GetIssues)
v1.GET("/repos/discussions", gitHubHandler.GetDiscussions)
v1.GET("/repos/info", gitHubHandler.GetRepo)
// Initialize the SafelineService.
safelineService := service.NewSafelineService(telemetryHost)
safelineHandler := handler.NewSafelineHandler(safelineService)
v1.GET("/safeline/count", safelineHandler.GetInstallerCount)
v1.POST("/exist", safelineHandler.Exist)
docs.SwaggerInfo.BasePath = v1.BasePath()
r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerfiles.Handler))

161
blockpage/502.html Normal file
View File

File diff suppressed because one or more lines are too long

162
blockpage/504.html Normal file
View File

File diff suppressed because one or more lines are too long

34
blockpage/index.html → blockpage/denied.html
View File

@@ -228,20 +228,24 @@
</g>
</svg>
</div>
<div class="intercepted">请求存在威胁,已被拦截</div>
<div class="intercepted" id="block-title">
请求存在威胁,已被拦截
</div>
<div class="intercepted-tips" id="intercepted-tips"></div>
<div class="intercepted-item" id="EventID"></div>
<div class="intercepted-item" id="TYPE"></div>
<div class="intercepted-item">拦截时间: <span id="now"></span></div>
<div class="intercepted-item">
<span id="time">拦截时间</span>: <span id="now"></span>
</div>
</td>
</tr>
</table>
<div class="footer">
安全检测能力由
<a class="footer-waflink" href="https://waf-ce.chaitin.cn"
>长亭雷池 WAF</a
>
驱动
<span id="powered-by">安全检测能力由</span>
<a class="footer-waflink" href="https://waf-ce.chaitin.cn">
<span id="waf-title">长亭雷池 WAF</span>
</a>
<span id="powered-by-tail">驱动</span>
</div>
</div>
<script>
@@ -307,5 +311,21 @@
}
};
</script>
<script>
function R(id, text) {
var el = document.getElementById(id);
if (el) el.innerText = text;
}
if (!navigator.language.startsWith("zh")) {
document.title = "Request has been denied";
R("block-title", "Threat has been detected, request denied");
R("time", "Denied at");
R("waf-title", "Safeline WAF");
R("powered-by", "Powered by");
R("powered-by-tail", "");
}
</script>
</body>
</html>

2
documents/docs/01-introduction.md
View File

@@ -9,7 +9,7 @@ slug: /
雷池SafeLine是长亭科技耗时近 10 年倾情打造的 WAF核心检测能力由智能语义分析算法驱动。
Slogan: 不让黑客越雷池步。
Slogan: 不让黑客越雷池步。
## 什么是 WAF

20
documents/docs/02-guide/01-install.md
View File

@@ -17,15 +17,23 @@ title: "安装雷池"
复制以下命令执行,即可完成安装
```shell
```sh
bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
```
如果需要使用华为云加速,可使用
```sh
CDN=1 bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
```
如果需要安装最新版本流式检测模式,可使用
```sh
STREAM=1 bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
```
**若安装失败,请参考 [安装问题](/faq/install)**
### 在线安装演示
<iframe src="//player.bilibili.com/player.html?aid=236214137&bvid=BV1Je411f7hQ&cid=1339309164&p=1" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen='{true}'
<iframe src="//player.bilibili.com/player.html?aid=236214137&bvid=BV1Je411f7hQ&cid=1339636220&p=1&autoplay=0" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen='{true}'
style={{ width: '100%', height: '350px' }}
>
</iframe>
@@ -58,8 +66,8 @@ style={{ width: '100%', height: '350px' }}
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)
REDIS_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=chaitin
EOF
```
@@ -77,7 +85,7 @@ style={{ width: '100%', height: '350px' }}
### 离线安装演示
<iframe src="//player.bilibili.com/player.html?aid=278701847&bvid=BV1gw411P7om&cid=1339618895&p=1" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen='{true}'
<iframe src="//player.bilibili.com/player.html?aid=278701847&bvid=BV1gw411P7om&cid=1339618895&p=1&autoplay=0" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen='{true}'
style={{ width: '100%', height: '350px' }}
>
</iframe>
@@ -92,7 +100,7 @@ style={{ width: '100%', height: '350px' }}
### 助手安装演示
<iframe src="//player.bilibili.com/player.html?aid=613778738&bvid=BV1sh4y1t7Pk&cid=1134834926&p=1" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen="{true}"
<iframe src="//player.bilibili.com/player.html?aid=613778738&bvid=BV1sh4y1t7Pk&cid=1134834926&p=1&autoplay=0" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen="{true}"
style={{ width: '100%', height: '350px' }}
> </iframe>
@@ -121,7 +129,7 @@ lscpu | grep ssse3 # 确认CPU是否支持 ssse3 指令
### 配置检测演示
<iframe src="//player.bilibili.com/player.html?aid=918634668&bvid=BV1Uu4y1L7Ko&cid=1339439164&p=1" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen='{true}'
<iframe src="//player.bilibili.com/player.html?aid=918634668&bvid=BV1Uu4y1L7Ko&cid=1339439164&p=1&autoplay=0" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen='{true}'
style={{ width: '100%', height: '350px' }}
></iframe>

4
documents/docs/02-guide/02-login.md
View File

@@ -12,7 +12,7 @@ title: "登录雷池"
根据界面提示,使用 **支持 TOTP 的认证软件或者小程序** 扫描二维码,然后输入动态口令登录:
<iframe src="//player.bilibili.com/player.html?aid=748637002&bvid=BV1wC4y177zN&cid=1339420830&p=1" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen='{true}'
<iframe src="//player.bilibili.com/player.html?aid=748637002&bvid=BV1wC4y177zN&cid=1339420830&p=1&autoplay=0" scrolling="no" border="0" frameBorder="no" framespacing="0" allowFullScreen='{true}'
style={{ width: '100%', height: '350px' }}
></iframe>
@@ -20,7 +20,7 @@ style={{ width: '100%', height: '350px' }}
1.服务器和 totp 应用的**时间必须保持一致**,否则无法验证通过
2.跳转到登录后,**无法回退查看二维码**使用页面提供的方法重置
2.完成首次登录后,**无法回退查看二维码**,使用页面提供的方法重置
## 常见登录问题

81
documents/docs/02-guide/03-professional.md Normal file
View File

@@ -0,0 +1,81 @@
---
title: "购买专业版"
---
# 购买专业版
社区版永久免费,使用雷池专业版需要购买授权
## 在百川进行授权购买
### 打开长亭百川云平台
百川网站地址https://rivers.chaitin.cn/
### 在平台添加雷池社区版应用
专业版购买地址https://rivers.chaitin.cn/?share=85db8d21d63711ee91390242c0a8176b
使用上方链接登录百川以后默认有对应的雷池社区版应用,若无,可以手动添加
![Alt text](/images/docs/guide_config/professional-3.png)
### 按需购买
进入应用后点击购买,根据需求完成购买,如有开票需求单独找社区管理
![Alt text](/images/docs/guide_config/professional-4.png)
购买一年更优惠!
![Alt text](/images/docs/guide_config/professional-1.png)
## 手动使用授权码进行授权
### 查看授权码
购买完成后右上角点击绑定查看授权码
![Alt text](/images/docs/guide_config/professional-9.png)
![Alt text](/images/docs/guide_config/professional-5.png)
### 输入授权码
在雷池内打开授权页面,输入授权码进行授权
![Alt text](/images/docs/guide_config/professional-8.png)
![Alt text](/images/docs/guide_config/professional-7.png)
## 使用云托管自动进行授权
什么是雷池云托管?请参考 [雷池云托管](/practice/safeline-cloud)
### 获取云托管安装命令
点击获取云托管的安装命令
![Alt text](/images/docs/guide_config/professional-11.png)
![Alt text](/images/docs/guide_config/professional-12.png)
### 完成云托管安装
完成安装后可以看到设备的基本信息
![Alt text](/images/docs/guide_config/professional-15.png)
![Alt text](/images/docs/guide_config/professional-13.png)
### 云托管升级专业版
点击云托管的升级为专业版按钮,选择购买的授权即可快捷完成专业版授权
![Alt text](/images/docs/guide_config/professional-14.png)
![Alt text](/images/docs/guide_config/professional-16.png)
## 完成授权
完成授权后可以使用所有专业版功能
![Alt text](/images/docs/guide_config/professional-10.png)

53
documents/docs/02-guide/03-config.md → documents/docs/02-guide/04-config.md
View File

@@ -8,11 +8,9 @@ title: "配置站点"
## 工作原理
雷池社区版主要以 **反向代理** 的方式工作,类似于一台 nginx 服务
雷池社区版主要以 **反向代理** 的方式工作类似nginx。
**部署时,需要让网站流量先抵达雷池,经过雷池检测和过滤后,再转给原来的网站业务。**
建议优先熟悉反向代理概念再继续配置
**让网站流量先抵达雷池,经过雷池检测和过滤后,再转给原来的网站业务。**
## 配置界面
@@ -23,22 +21,22 @@ title: "配置站点"
### 开始配置
```shell
环境信息
环境信息:
网站服务器:IPA对外端口80域名example.com
部署雷池服务器:IPB
目的使用雷池的80端口接受请求进行防护
雷池服务器:IPB
步骤
1. 必须将网站流量指向雷池的IPB。例如修改域名解析服务的配置,将域名解析到雷池IPB
2. 具体配置参考下图
3. 禁止网站服务器IPA所有除了雷池之外的访问。例如配置防火墙
步骤:
1.将网站流量指向雷池的IPB(必须)。例如修改域名解析服务将域名解析到IPB
2.参考配置如下图
3.禁止网站服务器上,除雷池之外的访问。例如配置防火墙
```
![Alt text](/images/docs/guide_config/config_site2.png)
### 配置完成
浏览器访问`example.com:80`,若能获取到业务网站的响应,并且站点上 “今日访问量” 增加,代表配置成功。
如果浏览器访问`example.com:80`能获取到业务网站的响应,并且数据统计页的 “今日请求数” 增加,代表配置成功。
效果大致如下:
@@ -51,11 +49,10 @@ title: "配置站点"
### 开始配置
```shell
参考场景:
环境信息:
网站服务器:IPA对外端口80域名example.com
服务器上部署雷池:雷池页面端口9443
目的继续使用网站的80端口接受请求进行防护
步骤:
步骤:
1.需要原网站的监听修改为端口A使80端口变成未使用状态再进行配置
2.具体配置参考下图
```
@@ -70,7 +67,7 @@ title: "配置站点"
### 配置完成
浏览器访问`example.com:80`,若能获取到业务网站的响应,并且站点上 “今日访问量” 增加,代表配置成功。
如果浏览器访问`example.com:80`能获取到业务网站的响应,并且数据统计页的 “今日请求数” 增加,代表配置成功。
效果大致如图:
@@ -85,28 +82,26 @@ title: "配置站点"
### 开始配置
```shell
环境信息
网站服务器:IPA对外端口80域名example.com
部署雷池服务器:IPB
上游nginxIPC端口C
下游nginxIPD
环境信息:
网站服务器:IPA
雷池服务器:IPB
上游服务器:IPC端口C
下游服务器:IPD域名example.com
目的使用雷池的80端口接受请求进行防护
步骤:
1. 将下游nginx的流量指向雷池的IPB访问端口指向80。
2. 具体配置参考下图
步骤:
1.将下游nginx的流量指向雷池的IPC访问端口指向80。
2.具体配置参考下图
```
![Alt text](/images/docs/guide_config/config_site3.png)
### 配置完成
浏览器访问`example.com:80`,若能获取到业务网站的响应,并且站点上 “今日访问量” 增加,代表配置成功。
如果浏览器访问`example.com:80`能获取到业务网站的响应,并且数据统计页的 “今日请求数” 增加,代表配置成功。
效果大致如图:
![Alt text](/images/docs/guide_config/deploy_with_other_server.svg)
![Alt text](/images/docs/guide_config/deploy_with_other_server.png)
## 常见配置问题

5
documents/docs/02-guide/04-test.md → documents/docs/02-guide/05-test.md
View File

@@ -18,6 +18,11 @@ title: "测试防护"
若网站访问不正常,请参考 [配置问题](/03-faq/03-config.md)。
整体监测流程参考:
![flow.png](/images/docs/flow.svg)
## 尝试手动模拟攻击
访问以下地址模拟出对应的攻击:

23
documents/docs/02-guide/06-upgrade.md
View File

@@ -10,25 +10,34 @@ title: "升级雷池"
## 在线升级
执行以下命令进行升级。
执行以下命令进行升级,升级不会清除历史数据
```
```sh
bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/upgrade.sh)"
```
[可选] 执行以下命令删除旧版本 Docke 镜像,释放磁盘空间。
[可选] 执行以下命令删除旧版本 Docker 镜像,释放磁盘空间。
```
```sh
docker rmi $(docker images | grep "safeline" | grep "none" | awk '{print $3}')
```
> 有部分环境的默认 SafeLine 安装路径是在 `/data/safeline-ce`,安装之后可能会发现需要重新绑定 OTP、配置丢失等情况可以修改 .env 的 `SAFELINE_DIR` 变量,指向 `/data/safeline-ce`
如果需要使用华为云加速,可使用
```sh
CDN=1 bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/upgrade.sh)"
```
如果需要升级到最新版本流式检测模式,可使用
```sh
STREAM=1 bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/upgrade.sh)"
```
## 离线镜像
适用于 docker hub 拉取镜像失败的场景,手动更新镜像。
```
```sh
# cd /path/to/safeline
mv compose.yaml compose.yaml.old
@@ -42,8 +51,8 @@ grep "SAFELINE_DIR" ".env" > /dev/null || echo "SAFELINE_DIR=$(pwd)" >> ".env"
grep "IMAGE_TAG" ".env" > /dev/null || echo "IMAGE_TAG=latest" >> ".env"
grep "MGT_PORT" ".env" > /dev/null || echo "MGT_PORT=9443" >> ".env"
grep "POSTGRES_PASSWORD" ".env" > /dev/null || echo "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> ".env"
grep "REDIS_PASSWORD" ".env" > /dev/null || echo "REDIS_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> ".env"
grep "SUBNET_PREFIX" ".env" > /dev/null || echo "SUBNET_PREFIX=172.22.222" >> ".env"
grep "IMAGE_PREFIX" ".env" >/dev/null || echo "IMAGE_PREFIX=chaitin" >>".env"
```
下载 [雷池社区版镜像包](https://demo.waf-ce.chaitin.cn/image.tar.gz) 并传输到需要安装雷池的服务器上,执行以下命令加载镜像
@@ -55,7 +64,7 @@ docker load -i image.tar.gz
执行以下命令替换 Docker 容器
```
docker compose down
docker compose down --remove-orphans
docker compose up -d
```

6
documents/docs/02-guide/05-other_config.md → documents/docs/02-guide/07-other_config.md
View File

@@ -24,6 +24,8 @@ title: "配置其他"
### 人机验证
人机验证的有效时间默认是一个小时,未来可能会支持配置,敬请期待
详情查看 [人机验证 2.0](/about/challenge)
### 语义分析
@@ -40,7 +42,7 @@ title: "配置其他"
### 证书管理
管理需要使用的正式,点击添加证书添加
管理需要使用的证书,点击添加证书添加
### 其他
@@ -60,6 +62,8 @@ title: "配置其他"
4.代理增加信息,方便数据分析
注:开启后并不会遵循源请求的信息,雷池会覆盖,为防止客户端伪造
#### 拦截页面附加说明
自定义拦截页面的提示信息

10
documents/docs/03-faq/01-install.md
View File

@@ -61,9 +61,9 @@ security_opt:
- seccomp=./seccomp.json
```
#### 报错safeline-postgres 出现 Operation not permitted
#### 报错safeline-pg 出现 Operation not permitted
`docker logs -f safeline-postgres` 容器日志中看到 `Operation not permitted` 报错。
`docker logs -f safeline-pg` 容器日志中看到 `Operation not permitted` 报错。
可能是您的 docker 版本过低,升级 docker 到最新版本尝试一下。
@@ -101,7 +101,11 @@ security_opt:
## 如何卸载
在安装目录(默认 safeline)下执行 `docker compose down`
在安装目录(默认 safeline)下
根据本地的compose版本执行 `docker compose down` 或者 `docker-compose down`
## 问题无法解决

4
documents/docs/03-faq/02-login.md
View File

@@ -30,7 +30,7 @@ TOTP 动态口令只有 30 秒的有效期,如果认证失败,请在动态
命令执行完成后打开雷池页面重新绑定即可。
```
docker exec safeline-mgt-api resetadmin
docker exec safeline-mgt resetadmin
```
**注意:重置动态口令后要尽快完成绑定,别被其他人捷足先登了。**
@@ -39,7 +39,7 @@ docker exec safeline-mgt-api resetadmin
如果之前未保存绑定二维码,想多人使用雷池社区版,只需要以下 3 步:
1. 重置动态口令(参考 [置认证](#重置认证)
1. 重置动态口令(参考 [新绑定动态口令](#重新绑定动态口令)
2. 进入登录页面,这时会自动跳转到 TOTP 绑定页面,保存 “绑定二维码”(注意,非 “认证二维码”)
3. 将 “绑定二维码” 分享给其他人进行绑定(“绑定二维码” 无绑定次数限制,无时效限制)

50
documents/docs/03-faq/03-config.md
View File

@@ -20,23 +20,23 @@ title: "配置问题"
4. 同时存在其他错误的配置可能会导致新的配置一直不生效,检查有没有存在其他错误的配置
## 排查步骤:
5. 雷池本身的状态不正常,使用 docker ps 检查容器状态
## 排查步骤
1. 明确 “网站无法访问” 的具体表现:
- 如果 `502 Bad Gateway tengine`
![Alt text](/images/docs/guide_config/tengine_502.png)
大概率是是雷池的上游服务器配置不正确,或者雷池无法访问到上游服务器,请继续按下面步骤排查。
大概率是是雷池的上游服务器配置不正确,或者雷池无法访问到上游服务器。请继续按下面步骤排查,重点排查步骤 6、7
![Alt text](/images/docs/guide_config/tengine_502.png)
- 如果请求能够返回但是十分缓慢
- 首先确认服务器负载是否正常
- 确认服务器负载是否正常,检查服务器的 CPU、内存、带宽使用情况
- 检查服务器的 CPU、内存、带宽使用情况
- 在客户端执行命令,检查雷池服务器与上游服务器的网络:`curl -H "Host: <SafeLine-IP>" -vv -o /dev/null -s -w 'time_namelookup: %{time_namelookup}\ntime_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n' http://<上游服务器地址>`
- 在客户端执行命令,检查雷池服务器与上游服务器的网络:`curl -H "Host: <雷池 IP>" -vv -o /dev/null -s -w 'time_namelookup: %{time_namelookup}\ntime_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n' http://<上游服务器地址>`
- 如果 time_namelookup 时间过大,请检查 dns server 配置
- 如果 time_connect 时间过大,请检查雷池与上游服务器之间的网络状态
@@ -45,12 +45,14 @@ title: "配置问题"
- 如果不是以上情况,继续下一步
2. 在客户端执行 `curl -v -H "Host: <域名或者IP>" http://<雷池 IP>:<雷池监听端口>` 。如能获取到业务网站的响应,如图,并且站点的 “今日访问量” +1说明雷池配置正确网络正常
![Alt text](/images/docs/guide_config/check_the_site1.png)
- 如果浏览器无法访问,但这一步正常获取到响应,大概率是因为:
如果浏览器无法访问,但这一步正常获取到响应,大概率是因为:
- 网站域名还没有切到雷池,浏览器测试时访问的是 `http(s)://<雷池 IP>`,恰好业务服务上有 Host 验证,所以拒绝了该请求。这种情况需要修改本机 host把域名解析到雷池 IP再访问 `http(s)://<域名>`,才能准确测试
- 网站业务做了其他一些特殊处理。例如访问后 301 跳转到了其他地址,需要具体排查网站业务的响应内容
- 如果不能获取到响应,继续下一步
- 如果不能获取到响应,继续下一步
3. 在雷池设备上执行 `curl -v -H "Host: <域名或者IP>" http://<雷池 IP>:<雷池监听端口>`。如能获取到业务网站的响应,并且站点上 “今日访问量” +1说明雷池配置正确
@@ -81,6 +83,36 @@ title: "配置问题"
请麻烦检查是否形成了环路,即:雷池将请求转发给上游服务器后,上游服务器又将请求转发回雷池。
## 不同版本关闭防火墙的命令
Ubuntu 18.04 LTS 、 Ubuntu 20.04 LTS 、 Ubuntu 22.04 LTS
Debian 9 (Stretch)、Debian 10 (Buster)、Debian 11 (Bullseye)
```
关闭防火墙命令UFWsudo ufw disable
Debian 默认可能不安装 UFW依赖于 iptables。
```
CentOS 7、CentOS 8、RHEL 7、 RHEL 8、Fedora 32、 Fedora 33、Fedora 34
```
关闭防火墙命令Firewalldsudo systemctl stop firewalld && sudo systemctl disable firewalld
```
openSUSE Leap 15.2、openSUSE Leap 15.3
```
关闭防火墙命令(通常是 SuSEfirewall2 或 firewalld
1.SuSEfirewall2, 使用 sudo SuSEfirewall2 stop
2.firewalld, 使用 sudo systemctl stop firewalld && sudo systemctl disable firewalld
```
## 如何对站点开启强制https访问、开启IPV6监听、使用HTTP/2
根据站点需求开启
开启路径:防护配置-通用配置-其他-站点通用配置
![Alt text](/images/docs/guide_config/check_the_site3.png)
## 问题无法解决
1. 通过右上角搜索检索其他页面

6
documents/docs/03-faq/04-test.md
View File

@@ -16,13 +16,13 @@ title: "防护问题"
雷池部署在内网的师傅需要加白一下,就可以正常同步情报数据了。
## 如何记录所有访问雷池的请求
## 如何记录所有访问雷池的请求 (如何开启访问日志)
默认情况下雷池是并不会保存请求记录的,如果需要保存请求记录,可以修改安装路径下的**resources/nginx/nginx.conf**
默认情况下雷池是并不会保存请求记录的,如果需要保存请求记录,可以修改waf的安装目录下的**resources/nginx/nginx.conf**
![config_access_log.png](/images/docs/config_access_log.png)
如图所示,去掉文件第 99 行的注释,删除第 100 行的内容,保存后运行命令检查配置文件
如图所示,去掉文件第 98 行的注释,删除第 99 行的内容,保存后运行命令检查配置文件
```shell
docker exec safeline-tengine nginx -t

9
documents/docs/03-faq/05-upgrade.md
View File

@@ -12,6 +12,15 @@ title: "升级问题"
切换目录到安装目录下再次执行升级,默认目录为:/data/safeline。
## 配置的备份与恢复(还原)
升级过程担心配置受到影响
备份:备份安装目录的全部文件,默认目录为:/data/safeline
恢复(还原):把备份的内容放回安装目录执行 `docker compose down && docker compose up -d`,重新启动雷池
## 升级过程中下载超时
网络问题导致,建议等待网络稳定或者尝试离线升级。

44
documents/docs/03-faq/06-other.md
View File

@@ -6,11 +6,13 @@ title: "其他问题"
记录不常见的其他问题
## 源 IP 显示不正确
## 雷池获得的请求者的源IP 显示不正确
雷池默认会通过 Socket 连接获取请求者的源 IP如果请求在到达雷池之前还经过了其他代理设备反代、LB、CDN、AD 等),这种情况会影响雷池获取正确的源 IP 信息。
通常,代理设备都会将真实源 IP 通过 HTTP Header 的方式传递给下一跳设备。如下方的 HTTP 请求,在 `X-Forwarded-For``X-Real-IP` 两个 Header 中都包含了源 IP
通常,代理设备都会将真实源 IP 通过 HTTP Header 的方式传递给下一跳设备。
如下方的 HTTP 请求,在 `X-Forwarded-For``X-Real-IP` 两个 Header 中都包含了源 IP
```
GET /path HTTP/1.1
@@ -37,12 +39,28 @@ location /xxx {
![get_source_ip.png](/images/docs/get_source_ip.png)
## 上游服务器获得请求者的源IP 显示不正确
有可能上游服务器获取到的全都是雷池 WAF 的 IP如何获取真是的请求者源IP
雷池默认透传了源 IP放在 HTTP Header 中的 `X-Forwarded-For` 里面。
如果上游服务器是 NGINX添加如下配置就可以。如果不是需要自行配置解析 XFF
```
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
```
## 清理数据库中的统计信息和检测日志
**_注意该操作会清除所有日志信息且不可恢复_**
```shell
docker exec safeline-mgt-api cleanlogs
docker exec safeline-mgt cleanlogs
```
## 将雷池的日志导出到 XXX
@@ -55,7 +73,7 @@ docker exec safeline-mgt-api cleanlogs
<source>
@type sql
host safeline-postgres // 默认数据库地址,如果在 compose.yml 中改过,请使用改后值
host safeline-pg // 默认数据库地址,如果在 compose.yml 中改过,请使用改后值
port 5432
database safeline-ce // 数据库名
adapter postgresql
@@ -125,7 +143,7 @@ docker run -d --restart=always --name safeline-fluentd --net safeline-ce -v ./sq
## 自定义站点 nginx conf
雷池每次修改站点或者重启服务时,都会重新生成 **resources/nginx/sites-enabled/** 下的 nginx conf 文件。因为没法“智能”合并用户自定义的配置和自动生成的配置。但是也还是有方式能持久化地添加一些 nginx conf不会被覆盖。
雷池每次修改站点或者重启服务时,都会在waf的安装目录下的**resources/nginx/sites-enabled/**重新生成 nginx conf 文件。因为没法“智能”合并用户自定义的配置和自动生成的配置。但是也还是有方式能持久化地添加一些 nginx conf不会被覆盖。
每个 `IF_backend_XXX` 的 location 中都有 `include proxy_params;` 这一行配置,且 `resources/nginx/proxy_params` 这个文件不会被修改站点、重启服务等动作覆盖。2.1.0 版本之后支持 `include custom_params/backend_XXX;` 可以自定义站点级的 nginx location 配置。
@@ -173,26 +191,12 @@ docker exec safeline-tengine nginx -s reload
![fake_host.jpg](/images/docs/fake_host.jpg)
## 上游服务器获取到的全都是雷池 WAF 的 IP如何获取到真实 IP
雷池默认透传了源 IP放在 HTTP Header 中的 `X-Forwarded-For` 里面。
如果上游服务器是 NGINX添加如下配置就可以。如果不是需要自行配置解析 XFF
```
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
```
## 是否支持 WebSocket
如果需要支持 WebSocket需要参考 [自定义站点-nginx-conf](#自定义站点-nginx-conf),增加下面的配置
默认支持
```
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
```
## 问题无法解决

23
documents/docs/04-practice/00-monitor.md
View File

@@ -1,23 +1,30 @@
---
title: "可用性监控"
title: "百川网站监控"
---
# 网站可用性监控
# 百川网站监控
除了对网站的安全防护以外,不少站长还对网站的可用性、稳定性健康监测和敏感内容监测也有强烈需求,有此类需求的站长可以搭配使用 [长亭百川网站监测](https://rivers.chaitin.cn/landing/radar) 产品。
安装雷池社区版,领取长亭网站监控产品 100 元体验金
### 关于长亭百川网站监
## 关于网站监
[长亭百川网站监测](https://rivers.chaitin.cn/landing/radar) 是一款专门为网站管理员打造的网站监测工具能够有效监测站点可用性、SSL 证书合法性、网站敏感内容等信息。
### 什么是网站监控
交互界面简洁直观、操作上手轻松、注重用户体验,实时监测每个页面的状态和详细信息,让你对网站运行状态了如指掌。
**除了对网站的安全防护以外,不少站长还对网站的可用性、稳定性健康监测和敏感内容监测也有强烈需求。**
[长亭百川网站监测](https://rivers.chaitin.cn/landing/radar) 是一款优秀的网站监测工具能够有效监测站点可用性、SSL 证书合法性、网站敏感内容等信息。
交互界面简洁直观、操作上手轻松,实时监测每个页面的状态和详细信息,让你对网站运行状态了如指掌。
![website.png](/images/docs/practice_monitor/website.png)
### 雷池用户福利
### 领取方式
凡是安装雷池社区版的用户,可凭借雷池设备码领取长亭网站监控产品 100 元体验金一份
1. 安装雷池社区版,查看雷池设备码
2. 登录网站监测,在网站监测页输入雷池设备码,地址:[长亭百川网站监测](https://rivers.chaitin.cn/landing/radar)
![machineid.png](/images/docs/practice_monitor/machineid.png)
![gift.png](/images/docs/practice_monitor/gift.png)

4
documents/docs/04-practice/01-effect.md
View File

@@ -1,8 +1,8 @@
---
title: "检测效果对比"
title: "WAF检测效果对比"
---
# 检测效果对比
# WAF检测效果对比
雷池社区版与其他 WAF 的检测能力对比

0
documents/docs/05-about/04-IpIntelligence.md → documents/docs/04-practice/02-IpIntelligence.md
View File

15
documents/docs/05-about/05-apisix.md → documents/docs/04-practice/03-apisix.md
View File

@@ -18,7 +18,7 @@ apisixhttps://github.com/apache/apisix
### 安装 APISIX
> 注意,要使用 APISIX 3.5.0 及以上版本的 APISIX
> 注意,要使用 APISIX 3.5.0 及以上版本
本文使用 apisix 的 docker 版本来做演示,克隆 apisix-docker 仓库,运行以下命令来安装:
@@ -55,23 +55,14 @@ bash -c "$(curl -fsSLk <https://waf-ce.chaitin.cn/release/latest/setup.sh>)"
cd /data/safeline/resources/detector/
```
用文本编辑器打开目录里的 snserver.yml 文件,寻找这样的三行内容
用文本编辑器打开目录里的 detector.yml 文件,我们需要将 bind 方式从 unix socket 改为 tcp添加如下配置
```
bind_addr: unix:///resources/detector/snserver.sock
# bind_addr: 0.0.0.0
# listen_port: 8000
```
找到以后,我们需要将 bind 方式从 unix socket 改为 tcp将这三行修改为以下内容即可
```
# bind_addr: unix:///resources/detector/snserver.sock
bind_addr: 0.0.0.0
listen_port: 8000
```
这样我们就把雷池引擎的服务监听到了 8000 端口,现在只需要把容器内的 8000 端口映射到宿主机即可。
detector配置的属性值将覆盖容器内默认配置文件的同名属性值。这样我们就把雷池引擎的服务监听到了 8000 端口,现在只需要把容器内的 8000 端口映射到宿主机即可。
进入雷池的安装目录

58
documents/docs/04-practice/04-safeline-cloud.md Normal file
View File

@@ -0,0 +1,58 @@
---
title: "雷池云托管"
---
# 雷池云托管
雷池云托管是长亭融合牧云主机助手的技术,专门为雷池社区用户打造的托管工具,帮你解放双手,像放羊一样管理雷池服务器。
雷池云托管使用地址https://rivers.chaitin.cn/?share=85db8d21d63711ee91390242c0a8176b
主机助手的文档地址https://rivers.chaitin.cn/docs/zh/cloudwalker
## 产品简介
### 系统信息
#### 展示当前系统信息
安装完成后页面会显示当前雷池服务器的基本信息。
包括雷池社区版的版本、机器码等信息
#### 快捷升级专业版
安装云托管的雷池服务器,购买授权后,支持一键升级专业版。
![Alt text](/images/docs/parctice_safeline_cloud/safeline_cloud_3.png)
### 资源监控
#### 实时监控
实时监控CPU内存网络磁盘使用情况并可以查看7天历史监控。
![Alt text](/images/docs/parctice_safeline_cloud/safeline_cloud.png)
#### 查看历史
在“资源负载”页面点击“历史”按钮,进入资源占用的历史页面。历史记录可以选择起始日期,起始时间,历史记录时长。
![Alt text](/images/docs/parctice_safeline_cloud/safeline_cloud_1.png)
### 在线终端
类似于牧云主机助手,云托管的设备也支持免密登录服务器终端。
### 使用在线终端
在“详情”页面点击“在线终端”图标按钮,进入终端界面。
![Alt text](/images/docs/parctice_safeline_cloud/safeline_cloud_5.png)
![Alt text](/images/docs/parctice_safeline_cloud/safeline_cloud_8.png)
### 其他
未来雷池云托管将会增加更多功能,敬请期待

322
documents/docs/05-about/00-changelog.md
View File

@@ -6,6 +6,276 @@ title: "版本更新记录"
[版本升级方法](/guide/upgrade)
### [4.4.2] - 2024-03-09
#### 修复
- 修复 FVM 服务在某些情况下 TCP 连接异常升高的问题
### [4.4.1] - 2024-03-07
#### 优化
- 专业版支持在明亮主题和黑金主题之间切换
- 优化人机验证([#693](https://github.com/chaitin/SafeLine/issues/693),云端更新,历史版本也生效)
- 降低旋转图片的误差要求
- 图片不容易对齐时,支持刷新图片
- 修复一些低版本浏览器转不动图片的问题
- 删除某些特别难对齐的图片
- 优化一些界面 UI 和交互细节
#### 修复
- 修复防护配置某些极端情况下会失效的问题
- 修复向 luigi 发大量日志后CPU 占用畸高不下的问题
- 修复升级或重启后限频可能失效,直到修改任意防护配置的问题
- 修复站点选择证书后再直接关闭 SSL证书管理处 “使用站点”
仍然显示该站点的问题([#656](https://github.com/chaitin/SafeLine/issues/656)
- 修复攻击事件页面中,允许把 IP 加入至内置 IP 组的问题
- 修复其他一些已知问题
### [4.4.0] - 2024-02-29
#### 新增
- 支持升级至专业版,包含内容:
- 自定义拦截页面
- 商用地理位置库
- 额外补充规则
- 节点负载均衡
- 专属黑金主题
#### 优化
- 大幅优化频率限制的即时性,解决限频延迟时间过长的问题
### [4.3.3] - 2024-02-22
#### 优化
- 人机验证拦截页面,增加 Content-Security-Policy
策略配置,加强安全性 ([#685](https://github.com/chaitin/SafeLine/issues/685))
#### 修复
- 修复左侧菜单滚动条样式错误的问题
### [4.3.2] - 2024-02-06
#### 修复
- 修复“内置规则”服务 IP 地址无法访问的问题,使用容器名称代替固定 IP
### [4.3.1] - 2024-02-05
#### 优化
- 修改日志详情接口地址,避免被浏览器插件误拦
#### 修复
- 修复日志详情中,“补充规则” 的防护模块名字未正确显示的问题
- 修复有时候添加 http 站点后,站点会错误地显示到 证书管理->使用站点
处的问题([#656](https://github.com/chaitin/SafeLine/issues/656)
### [4.3.0] - 2024-02-02
#### 新增
- 新增 防护配置 - 身份认证,可以给防护的网站加上用户名密码验证:
![](/images/docs/about_changelog/4.3.0-1.png)
- 新增智能 AI 请求分析。在 攻击事件 - 原始日志 - 日志详情 中,点击 “智能 AI 攻击分析”,就可以分析该请求的攻击特征和原理了:
![](/images/docs/about_changelog/4.3.0-2.png)
#### 优化
- 优化英文模式下中国省份的显示([#512](https://github.com/chaitin/SafeLine/issues/512)
- 优化站点的域名验证逻辑。当客户端发送了域名不正确的请求时,除了普通流量会被雷池直接拒绝之外,现在攻击流量也会被直接拒绝,不会返回拦截信息并记录日志了
- 优化一些界面交互和 UI 细节
### [4.2.1] - 2024-01-19
#### 新增
- 点击右上角可领取 2023 专属年度报告:
![](/images/docs/about_changelog/4.2.0-1.png)
- 新增补充规则,可以一览系统当前的通用漏洞规则:
![](/images/docs/about_changelog/4.2.0-2.png)
- 黑白名单、人机验证新增匹配方式,包括:
- IP 不等于
- Host 不等于
- Header 某个参数的内容不等于、包含、不包含
#### 优化
- 代理时开启
SNI避免访问上游服务时无法获取正确的证书 [#491](https://github.com/chaitin/SafeLine/issues/491)、[#609](https://github.com/chaitin/SafeLine/issues/609)
- 当尝试在同一端口同时监听 http 和 https 时,给出更具体的错误提示
- 优化英文英文模式下中国省份的显示([#512](https://github.com/chaitin/SafeLine/issues/512)
- 优化英文模式下攻击事件页 tab 按钮的对齐([#604](https://github.com/chaitin/SafeLine/issues/604)
- 优化英文模式下威胁情报同步成功的提示信息 [#605](https://github.com/chaitin/SafeLine/issues/605)
- 优化删除 IP 组确认的提示信息([#610](https://github.com/chaitin/SafeLine/issues/610)
- 优化 “刚果(金)”和 “刚果(布)” 的地区名称([#620](https://github.com/chaitin/SafeLine/issues/620)
- 更新底层检测引擎版本,提高防护能力
- 修复创建订阅的 IP 组时,有时无法保存的问题
- 修复订阅的 IP 组存在行内注释时,对应的 IP 会失效的问题
### [4.1.1] - 2024-01-11
#### 修复
- 修复 IP 组在线订阅失败时会保存错误内容的问题
### [4.1.0] - 2024-01-11
#### 新增
- 拦截日志一键复制为 cURL [#531](https://github.com/chaitin/SafeLine/issues/531)
#### 优化
- IP 组若为在线订阅,显示更新时间([#574](https://github.com/chaitin/SafeLine/issues/574)
- 优化 safeline-fvm 容器重启速度,重启时间减少 10s
- 优化 safeline-mgt 容器镜像层数,从 39 层下降到 24 层
#### 修复
- 修复日志列表 IP 来源地区未翻译国家编号的问题([#578](https://github.com/chaitin/SafeLine/issues/578)
- 修复英文翻译问题([#591](https://github.com/chaitin/SafeLine/issues/591)
- 修复雷池管理后台证书更新后未自动重启问题
### [4.0.2] - 2024-01-06
#### 修复
- 管理后台 mgt 启动时提示证书异常
- 统计页面中 QPS 数据统计方法由窗口时间5s改为按秒计算平均值
### [4.0.1] - 2024-01-05
#### 修复
- safeline-luigi 容器打印与功能无关的错误日志
- 统计页面中不显示 QPS 数据
### [4.0.0] - 2024-01-05
#### 新增
- 完整支持 **流式语义分析检测**,包含 协议解析、解码、模式匹配 三个阶段的改造,解决经典 “大包绕过” 问题
- IP 组支持通过 URL 在线订阅内容([#414](https://github.com/chaitin/SafeLine/issues/414)
![](/images/docs/about_changelog/ip_group_url.png)
- 新增 “搜索引擎爬虫 IP”包含 Google、Bing、百度、360 的爬虫
IP[#374](https://github.com/chaitin/SafeLine/issues/374)、[#399](https://github.com/chaitin/SafeLine/issues/399)
![](/images/docs/about_changelog/ip_group_builtin.png)
- 出厂预置 “搜索引擎爬虫白名单” 和 “长亭社区恶意 IP 情报黑名单”,方便配置
#### 优化
- 支持类 ChatGPT 应用的流式 HTTP 响应([#513](https://github.com/chaitin/SafeLine/issues/513)
- 在 证书管理 编辑证书后,若证书正被站点使用,自动重启 nginx
使新证书生效([#534](https://github.com/chaitin/SafeLine/issues/534)
- safeline-fvm 容器体积减小 60%
- safeline-mgt 服务减少宿主机文件依赖
- safeline-mgt 服务日志全部写入 docker 标准输出,默认仅输出启动信息和错误日志,减小磁盘占用
- safeline-mgt 服务、safeline-tengine 服务支持运行时日志输出范围设置,方便问题调试
- 更新 compose.yaml 文件配置,移除非必要环境变量配置,规范环境变量名称,移除非必要卷配置
- 增加新统计服务 safeline-luigi为更精细的统计能力做准备
- 优化若干 UI 交互、文字描述、英文翻译的细节(感谢国际友人的帮助)
- 修复 3.16 以及之前版本的一些问题:
- safeline-tcd 启动时因启动顺序导致输出错误提示
- http 强制跳转到 https 功能未生效
- 修复 4.0.0-beta.x 版本中的一些问题:
- 登录雷池失败,提示 HTTP/2 协议错误([#564](https://github.com/chaitin/SafeLine/issues/564)
- 升级脚本未正常检测到雷池安装目录([#561](https://github.com/chaitin/SafeLine/pull/561),感谢热心网友 nmgliangwei
- safeline-mgt 持续输出版本号错误日志
- 拦截页面未显示时间
### [4.0.0-beta.3] - 2023-12-28
#### 优化
- 支持类 ChatGPT 应用的流式 HTTP 响应([#513](https://github.com/chaitin/SafeLine/issues/513)
- 更新流式检测引擎到 20231228 版本
#### 修复
- 修复由于服务启动顺序导致输出非必要的错误日志
### [4.0.0-beta.2] - 2023-12-22
#### 修复
- 修复 safeline-tcd 启动时因启动顺序导致输出错误提示信息
- 修复 safeline-mgt 在 beta 版本下持续输出版本号错误日志
- 修复 http 强制跳转到 https 功能未生效问题
#### 优化
- 更新流式检测引擎版本到 20231222 版本
### [4.0.0-beta.1] - 2023-12-21
#### 新增
- 完整支持 **流式语义分析检测**,包含 协议解析、解码、模式匹配 三个阶段的改造,解决经典 “大包绕过” 问题
#### 优化
- safeline-fvm 容器体积减小 60%
- safeline-mgt 服务减少宿主机文件依赖
- safeline-mgt 服务日志全部写入 docker 标准输出,默认仅输出启动信息和错误日志,减小磁盘占用
- safeline-mgt 服务、safeline-tengine 服务支持运行时日志输出范围设置,方便问题调试
- 更新 compose.yaml 文件配置,移除非必要环境变量配置,规范环境变量名称,移除非必要卷配置
- 增加新统计服务 safeline-luigi为更精细的统计能力做准备
- 美化 502/504 页面
- 优化频率限制配置的英文翻译(感谢国际友人的提示)
### [3.16.1] - 2023-12-15
#### 新增
- 右上角增加 “更多工具”,方便快速访问牧云主机助手、百川网站监测等常用运维管理工具
![](/images/docs/about_changelog/moretools.png)
#### 优化
- 登录时若验证码错误,不再自动清空内容,方便修改([#449](https://github.com/chaitin/SafeLine/issues/449)
- 精简 docker 镜像文件safeline-mgt-api 体积减小 90%
- 获取站点的 Favicon 和标题时,增加浏览器 UserAgent避免被上游服务拒绝
- 数据统计页 4xx 和 5xx 错误率的默认显示方式从 “-%” 改为 “0%” [#517](https://github.com/chaitin/SafeLine/issues/517)
- 优化控制台和 502 、504 页面的一些样式细节
- 未登录时,不显示任何前端页面内容,避免被报告安全问题
### [3.15.3] - 2023-12-08
#### 修复
- 修复 403 拦截页面没有展示拦截页面附加说明的问题
### [3.15.2] - 2023-12-07
#### 新增
- 新增 502、504 页面。网站服务器异常、配置有误时,能给网站用户提供更清晰友好的说明
![](/images/docs/about_changelog/502_page.png)
- 拦截页面支持英文,根据客户端语言自动切换
#### 优化
- 单个 IP 组内的 IP 数量,增加 1w 行的上限。避免更新配置时系统异常
- 修复创建或修改站点时,端口占用检查没有生效的问题
- 略微提高流量检测和配置修改时的执行效率
### [3.14.1] - 2023-11-30
#### 修复
- 修复日志服务 CPU 占用过高问题
### [3.14.0] - 2023-11-30
#### 新增
@@ -33,8 +303,7 @@ title: "版本更新记录"
#### 新增
- 人机验证的二次验证,从数字验证码改为旋转图片,网站用户体验更好:
- ![](/images/docs/about_changelog/cs_verify_image.png)
![](/images/docs/about_changelog/cs_verify_image.png)
#### 优化
@@ -47,7 +316,8 @@ title: "版本更新记录"
#### 修复
- 修复重启 docker (包括雷池升级)后,站点通用配置和拦截页面附加说明没有被正确载入的问题 [#438](https://github.com/chaitin/SafeLine/issues/438) [#446](https://github.com/chaitin/SafeLine/issues/446)
- 修复重启 docker
(包括雷池升级)后,站点通用配置和拦截页面附加说明没有被正确载入的问题 [#438](https://github.com/chaitin/SafeLine/issues/438) [#446](https://github.com/chaitin/SafeLine/issues/446)
### [3.12.1] - 2023-11-16
@@ -58,8 +328,10 @@ title: "版本更新记录"
#### 优化
- 修复证书在添加一段时间后,证书类型统一变成 “上传已有证书” ,编辑时也看不到证书内容的问题。(免费证书需要手动再切换到免费证书申请一下,后续才能自动续期。只影响列表管理,不影响网站上的证书)
- 开启 “强制 HTTPS” 时HSTS 删去 preload 参数,并改为只在 https 端口下返回 [#407](https://github.com/chaitin/SafeLine/issues/407)
- 修复证书在添加一段时间后,证书类型统一变成 “上传已有证书”
,编辑时也看不到证书内容的问题。(免费证书需要手动再切换到免费证书申请一下,后续才能自动续期。只影响列表管理,不影响网站上的证书
- 开启 “强制 HTTPS” 时HSTS 删去 preload 参数,并改为只在 https
端口下返回 [#407](https://github.com/chaitin/SafeLine/issues/407)
- 修复添加、编辑站点有时出现 “Service abnormal” 异常的问题
- 修复 “申请免费证书” 类型的证书,在证书列表上显示成 “上传已有证书” 的问题
- 优化一些样式交互细节
@@ -109,13 +381,15 @@ title: "版本更新记录"
- 人机验证的客户端文件从 138k 减小到 78k提高加载速度
- 人机验证 cookie 改为 httpOnly 模式,避免在 JavaScript 运行时泄露
- 人机验证防止简单绕过 [#405](https://github.com/chaitin/SafeLine/issues/405)
- 修复站点详情中,资源 “今日请求” 的总和大于站点 “今日请求总量” 的问题([#410](https://github.com/chaitin/SafeLine/issues/410)
- 修复站点详情中,资源 “今日请求” 的总和大于站点 “今日请求总量”
的问题([#410](https://github.com/chaitin/SafeLine/issues/410)
### [3.9.0] - 2023-10-26
#### 优化
- 人机验证页面增加响应头 Cache-Control向下游声明不希望被缓存避免被 CDN 缓存导致不断重复验证([#402](https://github.com/chaitin/SafeLine/issues/402)
- 人机验证页面增加响应头 Cache-Control向下游声明不希望被缓存避免被 CDN
缓存导致不断重复验证([#402](https://github.com/chaitin/SafeLine/issues/402)
- 修复人机验证在 iframe 中会不断重复验证的问题([#397](https://github.com/chaitin/SafeLine/issues/397)
- 修复人机验证在 alook 浏览器中页面空白的问题([#393](https://github.com/chaitin/SafeLine/issues/393)
- 修复添加、编辑站点有时出现 “Service abnormal” 异常的问题
@@ -163,9 +437,9 @@ title: "版本更新记录"
#### 优化
- 优化人机验证
- 简化配置,不再区分交互、非交互
- 区分站点,验证通过的结果只能在一个站点(按域名或 IP 区分)上生效了
- 降低算力要求,解决部分移动端验证时间过长的问题
- 简化配置,不再区分交互、非交互
- 区分站点,验证通过的结果只能在一个站点(按域名或 IP 区分)上生效了
- 降低算力要求,解决部分移动端验证时间过长的问题
- 配置站点时,“上游服务器” 的服务器地址部分支持填写主机名,例如 http://localhost:8080
- 站点的运行模式为 “观察” 时,黑名单、限频、人机 改为**都不拦截**。其中黑名单会记录 “放行” 的日志;限频会持续计入统计,但限制结果不会对观察中的站点生效
- 修复证书管理中,泛域名的证书显示 “域名不匹配” 问题([#368](https://github.com/chaitin/SafeLine/issues/368)
@@ -262,7 +536,8 @@ title: "版本更新记录"
- 当网站域名不匹配的时候,返回 “网站不存在” ,提示更清晰([#58](https://github.com/chaitin/SafeLine/issues/58)
- 修复 攻击事件->原始日志 的 “攻击地址” 中显示额外的转义符的问题
- 修复站点详情中 “今日总请求量” 和站点列表的 “今日访问量” 不一致的问题([#279](https://github.com/chaitin/SafeLine/issues/279)
- 修复站点详情中 “今日总请求量” 和站点列表的 “今日访问量”
不一致的问题([#279](https://github.com/chaitin/SafeLine/issues/279)
- 频率限制后直接封禁的拦截状态码改为 429和普通拦截 403 区分开,方便排查拦截原因
- 加强后台登录安全性(感谢微信交流 20 群「千年之狐」提供的建议)
- 优化安装/升级时 CPU ssse3 指令集的检查方式([#273](https://github.com/chaitin/SafeLine/issues/273)
@@ -295,7 +570,8 @@ title: "版本更新记录"
#### 新增
- 新增证书管理。自动判断域名与过期状态,配置站点时可以直接选择([#111](https://github.com/chaitin/SafeLine/issues/111)),还可以修改管理后台的证书([#201](https://github.com/chaitin/SafeLine/issues/201)
- 新增证书管理。自动判断域名与过期状态,配置站点时可以直接选择([#111](https://github.com/chaitin/SafeLine/issues/111)
),还可以修改管理后台的证书([#201](https://github.com/chaitin/SafeLine/issues/201)
![](/images/docs/about_changelog/mgt_cert.png)
- 新增系统信息
@@ -320,24 +596,26 @@ title: "版本更新记录"
#### 新增
- 新增站点详情,能自动从流量中记录网站资源,一览资源的存活、访问情况
- PS. 考虑机器资源消耗问题,当前版本每个站点下最多记录 250 个资源
- PS. 考虑机器资源消耗问题,当前版本每个站点下最多记录 250 个资源
![](/images/docs/about_changelog/api_assets.png)
- 站点支持输入多个域名、端口([#162](https://github.com/chaitin/safeline/issues/162)
- 通用配置中新增 “站点通用配置”,支持一键开启:
- 强制 HTTPS[#67](https://github.com/chaitin/safeline/issues/67)
- 使用 HTTP/2[#161](https://github.com/chaitin/safeline/issues/161)
- 监听 IPv6[#166](https://github.com/chaitin/safeline/issues/166)
- 传递客户端连接的 Host 和协议,方便后续服务器处理
- 强制 HTTPS[#67](https://github.com/chaitin/safeline/issues/67)
- 使用 HTTP/2[#161](https://github.com/chaitin/safeline/issues/161)
- 监听 IPv6[#166](https://github.com/chaitin/safeline/issues/166)
- 传递客户端连接的 Host 和协议,方便后续服务器处理
![](/images/docs/about_changelog/site_config.png)
#### 优化
- 优化限频配置的默认值
- 增加 HTTP 497 错误重定向。当以 HTTP 协议访问 HTTPS 端口时,将重定向到 HTTPS[#186](https://github.com/chaitin/safeline/issues/186)
- 默认拒绝 IP 和其他非指定域名的访问。如果需要通过 IP 访问站点,可以给站点添加一个 "\*" 域名[#58](https://github.com/chaitin/safeline/issues/58)
- 增加 HTTP 497 错误重定向。当以 HTTP 协议访问 HTTPS 端口时,将重定向到
HTTPS[#186](https://github.com/chaitin/safeline/issues/186)
- 默认拒绝 IP 和其他非指定域名的访问。如果需要通过 IP 访问站点,可以给站点添加一个 "\*"
域名([#58](https://github.com/chaitin/safeline/issues/58)
- 优化若干 UI 交互细节和文字提示
### [2.6.0] - 2023-08-10
@@ -504,9 +782,9 @@ title: "版本更新记录"
- 更新语义引擎版本,优化了一大批检测逻辑,降低误报
- 优化了部分操作提示信息:
- IP 组正在使用时,无法被删除的提示
- 未创建 IP 组时,在黑白名单中无法选择属于 IP 组的提示
- 添加站点时,域名格式错误的提示
- IP 组正在使用时,无法被删除的提示
- 未创建 IP 组时,在黑白名单中无法选择属于 IP 组的提示
- 添加站点时,域名格式错误的提示
### [1.7.1] - 2023-06-05

9
documents/docs/05-about/02-challenge.md
View File

@@ -15,15 +15,14 @@ title: "人机验证2.0"
### 人机验证如何配置
首先,点击位于左边栏的人机验证。之后,点击 **添加人机验证**
![add_challenge.png](/images/docs/add_challenge.png)
在这里我们可以配置是否开启交互式校验以及规则的名称以及规则的触发条件。
在这里我们可以配置规则的名称以及规则的触发条件。
### 人机验证触发规则
1. 规则内的条件之间是并且的关系,即需要全部命中,才会触发
2. 规则与规则之间是或的关系,则有一个命中,便会触发
### 交互与非交互的区别
如果选择开启交互,那么用户需要点击页面中间的勾选框开始验证,如果选择非交互,那么将自动开始验证。
![manual.png](/images/docs/manual.png)

24
documents/docs/05-about/03-framework.md
View File

@@ -12,14 +12,13 @@ title: "雷池技术架构"
| 名称 | 定义 | 详情 |
| ----------------- | ------------ | ------------------------------------------------------- |
| safeline-mgt-api | 管理容器 | 接收管理后台行为,向其他服务或容器推送消息 |
| safeline-mgt | 管理容器 | 接收管理后台行为,向其他服务或容器推送消息 |
| safeline-detector | 检测容器 | 执行检测的容器,从 Tengine 进入的流量会转发到该节点检测 |
| safeline-mario | 日志容器 | 记录与统计恶意行为的节点 |
| safeline-tengine | 网关 | 转发网关,有简单的过滤功能 |
| safeline-postgres | 关系型数据库 | 存储攻击日志、保护站点、黑白名单配置的数据库 |
| safeline-redis | 缓存数据库 | - |
| safeline-pg | 关系型数据库 | 存储攻击日志、保护站点、黑白名单配置的数据库 |
对于后台管理人员,可以直接通信的节点为管理服务 `safeline-mgt-api`,该节点负责:
对于后台管理人员,可以直接通信的节点为管理服务 `safeline-mgt`,该节点负责:
- 向 Tengine 网关推送自定义配置并利用 NGINX 命令进行 reload 热更新
- 自定义检测规则(黑白名单等)并向检测引擎 `safeline-detector` 推送
@@ -36,7 +35,6 @@ echo "SAFELINE_DIR=$(pwd)" >> .env # 设置当前路径为雷池社区版的根
echo "IMAGE_TAG=latest" >> .env # 设置镜像的 tag
echo "MGT_PORT=9443" >> .env # 管理容器服务使用的端口
echo "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env # /dev/urandom是一个很长的随机数文本tr -dc 命令用于删除非字母、非数字的字符,用于生成随机的 postgres 密码
echo "REDIS_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env # 同上,用于生成随机的 redis 密码
echo "SUBNET_PREFIX=172.22.222" >> .env # 定义 docker 虚拟网卡的子网前缀
```
@@ -74,21 +72,6 @@ services:
cap_drop:
- net_raw
command: [postgres, -c, max_connections=200] # 设置 postgres 的最大连接数
redis:
container_name: safeline-redis
restart: always
image: redis:7.0.11
volumes:
- ${SAFELINE_DIR}/resources/redis/data:/data
- /etc/localtime:/etc/localtime:ro
command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD}
networks:
safeline-ce: # 使用上文的 safeline-ce 网络ip 为172.22.222.3
ipv4_address: ${SUBNET_PREFIX}.3
cap_drop:
- net_raw
sysctls:
net.core.somaxconn: "511"
management:
container_name: safeline-mgt-api
restart: always
@@ -137,7 +120,6 @@ services:
- LOG_DIR=/logs/mario
- GOGC=100
- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-postgres/safeline-ce
- REDIS_URL=redis://:${REDIS_PASSWORD}@safeline-redis:6379/0
networks:
safeline-ce: # 使用上文的 safeline-ce 网络IP 为172.22.222.6
ipv4_address: ${SUBNET_PREFIX}.6

0
documents/docs/05-about/06-chaitin.md → documents/docs/05-about/04-chaitin.md
View File

4
documents/docusaurus.config.js
View File

@@ -102,11 +102,11 @@ const config = {
to: "https://waf-ce.chaitin.cn",
},
{
label: "社区",
label: "开发计划",
to: "https://waf-ce.chaitin.cn/community",
},
{
label: "版本对比",
label: "付费版本",
to: "https://waf-ce.chaitin.cn/version",
},
],

7
documents/src/css/custom.css
View File

@@ -16,6 +16,7 @@ a:hover {
:root {
--ifm-color-primary: #0fc6c2;
--ifm-breadcrumb-color-active: #0fc6c2;
--ifm-menu-color: #000;
--ifm-menu-color-active: #0fc6c2;
--ifm-link-hover-color: #0fc6c2;
--ifm-footer-link-hover-color: #0fc6c2;
@@ -34,12 +35,12 @@ aside.theme-doc-sidebar-container {
width: 240px !important;
}
.navbar__toggle.clean-btn svg {
/* .navbar__toggle.clean-btn svg {
color: white;
}
} */
@media (max-width: 996px) {
:root {
--ifm-menu-color: white;
--ifm-menu-color: #000;
}
}

BIN
documents/static/images/docs/about_changelog/4.2.0-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
documents/static/images/docs/about_changelog/4.2.0-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

BIN
documents/static/images/docs/about_changelog/4.3.0-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
documents/static/images/docs/about_changelog/4.3.0-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
documents/static/images/docs/about_changelog/502_page.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 78 KiB

BIN
documents/static/images/docs/about_changelog/ip_group_builtin.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
documents/static/images/docs/about_changelog/ip_group_url.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
documents/static/images/docs/about_changelog/moretools.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 84 KiB

BIN
documents/static/images/docs/add_challenge.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 270 KiB

After

Width:  |  Height:  |  Size: 275 KiB

BIN
documents/static/images/docs/guide_config/check_the_site3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
documents/static/images/docs/guide_config/deploy_with_other_server.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 232 KiB

BIN
documents/static/images/docs/guide_config/professional-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 549 KiB

BIN
documents/static/images/docs/guide_config/professional-10.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 352 KiB

BIN
documents/static/images/docs/guide_config/professional-11.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 325 KiB

BIN
documents/static/images/docs/guide_config/professional-12.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 476 KiB

BIN
documents/static/images/docs/guide_config/professional-13.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 407 KiB

BIN
documents/static/images/docs/guide_config/professional-14.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 222 KiB

BIN
documents/static/images/docs/guide_config/professional-15.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 301 KiB

BIN
documents/static/images/docs/guide_config/professional-16.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 281 KiB

BIN
documents/static/images/docs/guide_config/professional-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 280 KiB

BIN
documents/static/images/docs/guide_config/professional-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 390 KiB

BIN
documents/static/images/docs/guide_config/professional-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 569 KiB

BIN
documents/static/images/docs/guide_config/professional-5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 439 KiB

BIN
documents/static/images/docs/guide_config/professional-6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
documents/static/images/docs/guide_config/professional-7.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 133 KiB

BIN
documents/static/images/docs/guide_config/professional-8.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 265 KiB

BIN
documents/static/images/docs/guide_config/professional-9.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 534 KiB

BIN
documents/static/images/docs/parctice_safeline_cloud/safeline_cloud.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
documents/static/images/docs/parctice_safeline_cloud/safeline_cloud_1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
documents/static/images/docs/parctice_safeline_cloud/safeline_cloud_3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 147 KiB

BIN
documents/static/images/docs/parctice_safeline_cloud/safeline_cloud_5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 439 KiB

BIN
documents/static/images/docs/parctice_safeline_cloud/safeline_cloud_8.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 261 KiB

9025
documents/yarn.lock Normal file
View File

File diff suppressed because it is too large Load Diff

118
release/beta.bak/compose.yaml Normal file
View File

@@ -0,0 +1,118 @@
networks:
safeline-ce:
name: safeline-ce
driver: bridge
ipam:
driver: default
config:
- gateway: ${SUBNET_PREFIX:?SUBNET_PREFIX required}.1
subnet: ${SUBNET_PREFIX}.0/24
driver_opts:
com.docker.network.bridge.name: safeline-ce
services:
postgres:
container_name: safeline-pg
restart: always
image: postgres:15.2
volumes:
- ${SAFELINE_DIR}/resources/postgres/data:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
- POSTGRES_USER=safeline-ce
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?postgres password required}
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.2
command: [postgres, -c, max_connections=200]
mgt:
container_name: safeline-mgt
restart: always
image: chaitin/safeline-mgt:${IMAGE_TAG:?image tag required}
volumes:
- /etc/localtime:/etc/localtime:ro
- ${SAFELINE_DIR}/resources/mgt:/app/data
ports:
- ${MGT_PORT:-9443}:1443
environment:
- MGT_PG=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce?sslmode=disable
- MGT_LICENSE_SERVER=https://safeline-ce-4463.rivers.chaitin.cn/
depends_on:
- postgres
- fvm
dns:
- 119.29.29.29
- 223.5.5.5
- 180.76.76.76
- 1.2.4.8
- 114.114.114.114
- 8.8.8.8
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.4
detect:
container_name: safeline-detector
restart: always
image: chaitin/safeline-detector:${IMAGE_TAG}
volumes:
- ${SAFELINE_DIR}/resources/detector:/resources/detector
- ${SAFELINE_DIR}/logs/detector:/logs/detector
- /etc/localtime:/etc/localtime:ro
environment:
- LOG_DIR=/logs/detector
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.5
mario:
container_name: safeline-mario
restart: always
image: chaitin/safeline-mario:${IMAGE_TAG}
volumes:
- ${SAFELINE_DIR}/resources/mario:/resources/mario
- ${SAFELINE_DIR}/logs/mario:/logs/mario
- /etc/localtime:/etc/localtime:ro
environment:
- LOG_DIR=/logs/mario
- GOGC=100
- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.6
tengine:
container_name: safeline-tengine
restart: always
image: chaitin/safeline-tengine:${IMAGE_TAG}
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/resolv.conf:/etc/resolv.conf
- ${SAFELINE_DIR}/resources/nginx:/etc/nginx
- ${SAFELINE_DIR}/resources/detector:/resources/detector
- ${SAFELINE_DIR}/logs/nginx:/var/log/nginx
- ${SAFELINE_DIR}/resources/cache:/usr/local/nginx/cache
environment:
- TCD_MGT_API=https://${SUBNET_PREFIX}.4:1443/api/open/publish/server
- TCD_SNSERVER=${SUBNET_PREFIX}.5:8000
# deprecated
- SNSERVER_ADDR=${SUBNET_PREFIX}.5:8000
ulimits:
nofile: 131072
network_mode: host
luigi:
container_name: safeline-luigi
restart: always
image: chaitin/safeline-luigi:${IMAGE_TAG}
volumes:
- /etc/localtime:/etc/localtime:ro
- ${SAFELINE_DIR}/resources/luigi:/app/data
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.7
fvm:
container_name: safeline-fvm
restart: always
image: chaitin/safeline-fvm:${IMAGE_TAG}
volumes:
- /etc/localtime:/etc/localtime:ro
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.8

222
release/beta.bak/setup.sh Executable file
View File

@@ -0,0 +1,222 @@
#!/bin/bash
echo "
____ __ _ _
/ ___| __ _ / _| ___ | | (_) _ __ ___
\___ \ / _\` | | |_ / _ \ | | | | | '_ \ / _ \\
___) | | (_| | | _| | __/ | |___ | | | | | | | __/
|____/ \__,_| |_| \___| |_____| |_| |_| |_| \___|
"
qrcode() {
echo "█████████████████████████████████████████"
echo "█████████████████████████████████████████"
echo "████ ▄▄▄▄▄ █▀ █▀▀██▀▄▀▀▄▀▄▀▄██ ▄▄▄▄▄ ████"
echo "████ █ █ █▀ ▄ █▀▄▄▀▀ ▄█▄ ▀█ █ █ ████"
echo "████ █▄▄▄█ █▀█ █▄█▄▀▀▄▀▄ ▀▀▄▄█ █▄▄▄█ ████"
echo "████▄▄▄▄▄▄▄█▄█▄█ █▄▀ █ ▀▄▀ █▄█▄▄▄▄▄▄▄████"
echo "████▄ ▄▄ █▄▄ ▄█▄▄▄▄▀▄▀▀▄██ ▄▄▀▄█▄▀ ▀████"
echo "████▄ ▄▀▄ ▄▀▄ ▀ ▄█▀ ▀▄ █▀▀ ▀█▀▄██▄▀▄█████"
echo "█████ ▀▄█ ▄ ▄▄▀▄▀▀█▄▀▄▄▀▄▀▄ ▄ ▀▄▄▄█▀▀████"
echo "████ █▀▄▀ ▄▀▄▄▀█▀ ▄▄ █▄█▀▀▄▀▀█▄█▄█▀▄█████"
echo "████ █ ▀ ▄▀▀ ██▄█▄▄▄▄▄▀▄▀▀▀▄▄▀█▄▀█ ▀████"
echo "████ █ ▀▄ ▄██▀▀ ▄█▀ ▀███▄ ▀▄▀▄▄ ▄▀▄█████"
echo "████▀▄▄█ ▄▀▄▀ ▄▀▀▀▄▀▄▀ ▄▀▄ ▄▀ ▄▀█ ▀████"
echo "████ █ █ █▄▀ █▄█▀ ▄▄███▀▀▀▄█▀▄ ▀ ▀▄█████"
echo "████▄███▄█▄▄▀▄ █▄█▄▄▄▄▀▀▄█▀▀ ▄▄▄ ▀█ ████"
echo "████ ▄▄▄▄▄ █▄▀█ ▄█▀▄ █▀█▄ ▀ █▄█ ▀▄▀████"
echo "████ █ █ █ █▄▀▀▀▄▄▄▀▀▀▀▀▀ ▄▄ ▀█ ████"
echo "████ █▄▄▄█ █ ▀█▀ ▄▄▄▄ ▀█ ▀▀▄▀ ▀▀ ▀██████"
echo "████▄▄▄▄▄▄▄█▄▄██▄█▄▄█▄██▄██▄▄█▄▄█▄█▄█████"
echo "█████████████████████████████████████████"
echo "█████████████████████████████████████████"
echo
echo "微信扫描上方二维码加入雷池项目讨论组"
}
command_exists() {
command -v "$1" 2>&1
}
space_left() {
dir="$1"
while [ ! -d "$dir" ]; do
dir=`dirname "$dir"`;
done
echo `df -h "$dir" --output='avail' | tail -n 1`
}
start_docker() {
systemctl start docker && systemctl enable docker
}
confirm() {
echo -e -n "\033[34m[SafeLine] $* \033[1;36m(Y/n)\033[0m"
read -n 1 -s opt
[[ "$opt" == $'\n' ]] || echo
case "$opt" in
'y' | 'Y' ) return 0;;
'n' | 'N' ) return 1;;
*) confirm "$1";;
esac
}
info() {
echo -e "\033[37m[SafeLine] $*\033[0m"
}
warning() {
echo -e "\033[33m[SafeLine] $*\033[0m"
}
abort() {
qrcode
echo -e "\033[31m[SafeLine] $*\033[0m"
exit 1
}
trap 'onexit' INT
onexit() {
echo
abort "用户手动结束安装"
}
# CPU ssse3 指令集检查
support_ssse3=1
lscpu | grep ssse3 > /dev/null 2>&1
if [ $? -ne "0" ]; then
echo "not found info in lscpu"
support_ssse3=0
fi
cat /proc/cpuinfo | grep ssse3 > /dev/null 2>&1
if [ $support_ssse3 -eq "0" -a $? -ne "0" ]; then
abort "雷池需要运行在支持 ssse3 指令集的 CPU 上,虚拟机请自行配置开启 CPU ssse3 指令集支持"
fi
safeline_path='/data/safeline'
if [ -z "$BASH" ]; then
abort "请用 bash 执行本脚本,请参考最新的官方技术文档 https://waf-ce.chaitin.cn/"
fi
if [ ! -t 0 ]; then
abort "STDIN 不是标准的输入设备,请参考最新的官方技术文档 https://waf-ce.chaitin.cn/"
fi
if [ "$#" -ne "0" ]; then
abort "当前脚本无需任何参数,请参考最新的官方技术文档 https://waf-ce.chaitin.cn/"
fi
if [ "$EUID" -ne "0" ]; then
abort "请以 root 权限运行"
fi
info "脚本调用方式确认正常"
if [ -z `command_exists docker` ]; then
warning "缺少 Docker 环境"
if confirm "是否需要自动安装 Docker"; then
curl -sSLk https://get.docker.com/ | bash
if [ $? -ne "0" ]; then
abort "Docker 安装失败"
fi
info "Docker 安装完成"
else
abort "中止安装"
fi
fi
info "发现 Docker 环境: '`command -v docker`'"
start_docker
docker version > /dev/null 2>&1
if [ $? -ne "0" ]; then
abort "Docker 服务工作异常"
fi
info "Docker 工作状态正常"
compose_command="docker compose"
if $compose_command version; then
info "发现 Docker Compose Plugin"
else
warning "未发现 Docker Compose Plugin"
compose_command="docker-compose"
if [ -z `command_exists "docker-compose"` ]; then
warning "未发现 docker-compose 组件"
if confirm "是否需要自动安装 Docker Compose Plugin"; then
curl -sSLk https://get.docker.com/ | bash
if [ $? -ne "0" ]; then
abort "Docker Compose Plugin 安装失败"
fi
info "Docker Compose Plugin 安装完成"
compose_command="docker compose"
else
abort "中止安装"
fi
else
info "发现 docker-compose 组件: '`command -v docker-compose`'"
fi
fi
while true; do
echo -e -n "\033[34m[SafeLine] 雷池安装目录 (留空则为 '$safeline_path'): \033[0m"
read input_path
[[ -z "$input_path" ]] && input_path=$safeline_path
if [[ ! $input_path == /* ]]; then
warning "'$input_path' 不是合法的绝对路径"
continue
fi
if [ -f "$input_path" ] || [ -d "$input_path" ]; then
warning "'$input_path' 路径已经存在,请换一个"
continue
fi
safeline_path=$input_path
if confirm "目录 '$safeline_path' 当前剩余存储空间为 `space_left \"$safeline_path\"` ,雷池至少需要 5G是否确定"; then
break
fi
done
mkdir -p "$safeline_path"
if [ $? -ne "0" ]; then
abort "创建安装目录 '$safeline_path' 失败"
fi
info "创建安装目录 '$safeline_path' 成功"
cd "$safeline_path"
curl -sS -k "https://waf-ce.chaitin.cn/release/beta/compose.yaml" -o compose.yaml
if [ $? -ne "0" ]; then
abort "下载 compose.yaml 脚本失败"
fi
info "下载 compose.yaml 脚本成功"
touch ".env"
if [ $? -ne "0" ]; then
abort "创建 .env 脚本失败"
fi
info "创建 .env 脚本成功"
echo "SAFELINE_DIR=$safeline_path" >> .env
echo "IMAGE_TAG=beta-stream" >> .env
echo "MGT_PORT=9443" >> .env
echo "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env
echo "SUBNET_PREFIX=172.22.222" >> .env
info "即将开始下载 Docker 镜像"
$compose_command up -d
if [ $? -ne "0" ]; then
abort "启动 Docker 容器失败"
fi
qrcode
warning "雷池 WAF 社区版安装成功,请访问以下地址访问控制台"
warning "https://0.0.0.0:9443/"

236
release/beta.bak/upgrade.sh Executable file
View File

@@ -0,0 +1,236 @@
#! /bin/bash
echo "
____ __ _ _
/ ___| __ _ / _| ___ | | (_) _ __ ___
\___ \ / _\` | | |_ / _ \ | | | | | '_ \ / _ \\
___) | | (_| | | _| | __/ | |___ | | | | | | | __/
|____/ \__,_| |_| \___| |_____| |_| |_| |_| \___|
"
echo $1
qrcode() {
echo
echo "█████████████████████████████████████████"
echo "█████████████████████████████████████████"
echo "████ ▄▄▄▄▄ █▀ █▀▀██▀▄▀▀▄▀▄▀▄██ ▄▄▄▄▄ ████"
echo "████ █ █ █▀ ▄ █▀▄▄▀▀ ▄█▄ ▀█ █ █ ████"
echo "████ █▄▄▄█ █▀█ █▄█▄▀▀▄▀▄ ▀▀▄▄█ █▄▄▄█ ████"
echo "████▄▄▄▄▄▄▄█▄█▄█ █▄▀ █ ▀▄▀ █▄█▄▄▄▄▄▄▄████"
echo "████▄ ▄▄ █▄▄ ▄█▄▄▄▄▀▄▀▀▄██ ▄▄▀▄█▄▀ ▀████"
echo "████▄ ▄▀▄ ▄▀▄ ▀ ▄█▀ ▀▄ █▀▀ ▀█▀▄██▄▀▄█████"
echo "█████ ▀▄█ ▄ ▄▄▀▄▀▀█▄▀▄▄▀▄▀▄ ▄ ▀▄▄▄█▀▀████"
echo "████ █▀▄▀ ▄▀▄▄▀█▀ ▄▄ █▄█▀▀▄▀▀█▄█▄█▀▄█████"
echo "████ █ ▀ ▄▀▀ ██▄█▄▄▄▄▄▀▄▀▀▀▄▄▀█▄▀█ ▀████"
echo "████ █ ▀▄ ▄██▀▀ ▄█▀ ▀███▄ ▀▄▀▄▄ ▄▀▄█████"
echo "████▀▄▄█ ▄▀▄▀ ▄▀▀▀▄▀▄▀ ▄▀▄ ▄▀ ▄▀█ ▀████"
echo "████ █ █ █▄▀ █▄█▀ ▄▄███▀▀▀▄█▀▄ ▀ ▀▄█████"
echo "████▄███▄█▄▄▀▄ █▄█▄▄▄▄▀▀▄█▀▀ ▄▄▄ ▀█ ████"
echo "████ ▄▄▄▄▄ █▄▀█ ▄█▀▄ █▀█▄ ▀ █▄█ ▀▄▀████"
echo "████ █ █ █ █▄▀▀▀▄▄▄▀▀▀▀▀▀ ▄▄ ▀█ ████"
echo "████ █▄▄▄█ █ ▀█▀ ▄▄▄▄ ▀█ ▀▀▄▀ ▀▀ ▀██████"
echo "████▄▄▄▄▄▄▄█▄▄██▄█▄▄█▄██▄██▄▄█▄▄█▄█▄█████"
echo "█████████████████████████████████████████"
echo "█████████████████████████████████████████"
echo
echo "微信扫描上方二维码加入雷池项目讨论组"
}
command_exists() {
command -v "$1" 2>&1
}
space_left() {
dir="$1"
while [ ! -d "$dir" ]; do
dir=$(dirname "$dir")
done
echo $(df -h "$dir" --output='avail' | tail -n 1)
}
confirm() {
echo -e -n "\033[34m[SafeLine] $* \033[1;36m(Y/n)\033[0m"
read -n 1 -s opt
[[ "$opt" == $'\n' ]] || echo
case "$opt" in
'y' | 'Y') return 0 ;;
'n' | 'N') return 1 ;;
*) confirm "$1" ;;
esac
}
info() {
echo -e "\033[37m[SafeLine] $*\033[0m"
}
warning() {
echo -e "\033[33m[SafeLine] $*\033[0m"
}
abort() {
qrcode
echo -e "\033[31m[SafeLine] $*\033[0m"
exit 1
}
trap 'onexit' INT
onexit() {
echo
abort "用户手动结束升级"
}
# CPU ssse3 指令集检查
support_ssse3=1
lscpu | grep ssse3 >/dev/null 2>&1
if [ $? -ne "0" ]; then
echo "not found info in lscpu"
support_ssse3=0
fi
cat /proc/cpuinfo | grep ssse3 >/dev/null 2>&1
if [ $support_ssse3 -eq "0" -a $? -ne "0" ]; then
abort "雷池需要运行在支持 ssse3 指令集的 CPU 上,虚拟机请自行配置开启 CPU ssse3 指令集支持"
fi
if [ -z "$BASH" ]; then
abort "请用 bash 执行本脚本, 请参考最新的官方技术文档 https://waf-ce.chaitin.cn/"
fi
if [ ! -t 0 ]; then
abort "STDIN 不是标准的输入设备, 请参考最新的官方技术文档 https://waf-ce.chaitin.cn/"
fi
if [ "$#" -ne "0" ]; then
abort "当前脚本无需任何参数, 请参考最新的官方技术文档 https://waf-ce.chaitin.cn/"
fi
if [ "$EUID" -ne "0" ]; then
abort "请以 root 权限运行"
fi
info "脚本调用方式确认正常"
if [ -z $(command_exists docker) ]; then
warning "缺少 Docker 环境"
if confirm "是否需要自动安装 Docker"; then
curl -sSLk https://get.docker.com/ | bash
if [ $? -ne "0" ]; then
abort "Docker 安装失败"
fi
info "Docker 安装完成"
else
abort "中止安装"
fi
fi
info "发现 Docker 环境: '$(command -v docker)'"
docker version >/dev/null 2>&1
if [ $? -ne "0" ]; then
abort "Docker 服务工作异常"
fi
info "Docker 工作状态正常"
compose_command="docker compose"
if $compose_command version; then
info "发现 Docker Compose Plugin"
else
warning "未发现 Docker Compose Plugin"
compose_command="docker-compose"
if [ -z $(command_exists "docker-compose") ]; then
warning "未发现 docker-compose 组件"
if confirm "是否需要自动安装 Docker Compose Plugin"; then
curl -sSLk https://get.docker.com/ | bash
if [ $? -ne "0" ]; then
abort "Docker Compose Plugin 安装失败"
fi
info "Docker Compose Plugin 安装完成"
compose_command="docker compose"
else
abort "中止安装"
fi
else
info "发现 docker-compose 组件: '$(command -v docker-compose)'"
fi
fi
container_id=$(docker ps -n 1 --filter name=.*safeline-mgt.* --format '{{.ID}}')
safeline_path=$(docker inspect --format '{{index .Config.Labels "com.docker.compose.project.working_dir"}}' $container_id)
while [ -z "$safeline_path" ]; do
echo -e -n "\033[34m[SafeLine] 未发现正在运行的雷池,请输入雷池安装路径 (留空则为 '$(pwd)'): \033[0m"
read input_path
[[ -z "$input_path" ]] && input_path=$(pwd)
if [[ ! $input_path == /* ]]; then
warning "'$input_path' 不是合法的绝对路径"
continue
fi
safeline_path=$input_path
done
cd "$safeline_path"
grep COLLIE .env >/dev/null 2>&1
if [ $? -eq "0" ]; then
abort "检测到你的环境通过牧云主机助手安装,请使用牧云主机助手-应用市场进行升级."
fi
compose_name=$(ls docker-compose.yaml compose.yaml 2>/dev/null)
compose_path=$safeline_path/$compose_name
if [ -f "$compose_path" ]; then
info "发现位于 '$safeline_path' 的雷池环境"
else
abort "没有发现位于 $safeline_path 的雷池环境"
fi
mv $compose_name $compose_name.old
curl "https://waf-ce.chaitin.cn/release/beta/compose.yaml" -sSLk -o $compose_name
if [ $? -ne "0" ]; then
abort "下载 compose.yaml 脚本失败"
fi
info "下载 compose.yaml 脚本成功"
sed -i "s/IMAGE_TAG=.*/IMAGE_TAG=beta-stream/g" ".env"
grep "SAFELINE_DIR" ".env" >/dev/null || echo "SAFELINE_DIR=$(pwd)" >>".env"
grep "IMAGE_TAG" ".env" >/dev/null || echo "IMAGE_TAG=beta-stream" >>".env"
grep "MGT_PORT" ".env" >/dev/null || echo "MGT_PORT=9443" >>".env"
grep "POSTGRES_PASSWORD" ".env" >/dev/null || echo "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >>".env"
grep "SUBNET_PREFIX" ".env" >/dev/null || echo "SUBNET_PREFIX=172.22.222" >>".env"
info "升级 .env 脚本成功"
info "即将开始下载新版本 Docker 镜像"
$compose_command pull
if [ $? -ne "0" ]; then
abort "下载新版本 Docker 镜像失败"
fi
info "下载新版本 Docker 镜像成功"
info "即将开始替换 Docker 容器"
# 升级到 3.14.0 版本时,移除了 safeline-redis 容器,需要删除容器,否则无法启动新 compose 网络
docker rm -f safeline-redis &>/dev/null
# 升级到 4.0.0 ,重命名了 mgt、fvm、pg 几个容器
docker rm -f safeline-mgt-api &>/dev/null
docker rm -f safeline-fvm-manager &>/dev/null
docker rm -f safeline-postgres &>/dev/null
$compose_command down --remove-orphans && $compose_command up -d
if [ $? -ne "0" ]; then
abort "替换 Docker 容器失败"
fi
info "雷池升级成功"
qrcode
warning "雷池 WAF 社区版安装成功, 请访问以下地址访问控制台"
warning "https://0.0.0.0:9443/"

2
release/ipgroup/crawler/360.txt
View File

@@ -1,5 +1,3 @@
# http://www.so.com/help/spider_ip.html
180.153.232.0/24
180.153.234.0/24
180.153.236.0/24

18
release/ipgroup/crawler/baidu.txt Normal file
View File

@@ -0,0 +1,18 @@
117.34.74.0/24
118.122.188.0/24
119.63.196.0/24
121.14.89.0/24
123.125.66.0/24
123.125.68.0/24
123.125.71.0/24
123.181.108.77
125.39.78.0/24
159.226.50.0/24
180.76.5.0/24
203.208.60.0/24
210.72.225.0/24
220.181.108.0/24
220.181.158.107
220.181.68.0/24
220.181.7.0/24
61.135.165.0/24

26
release/ipgroup/crawler/bing.txt Normal file
View File

@@ -0,0 +1,26 @@
157.55.39.0/24
207.46.13.0/24
40.77.167.0/24
13.66.139.0/24
13.66.144.0/24
52.167.144.0/24
13.67.10.16/28
13.69.66.240/28
13.71.172.224/28
139.217.52.0/28
191.233.204.224/28
20.36.108.32/28
20.43.120.16/28
40.79.131.208/28
40.79.186.176/28
52.231.148.0/28
20.79.107.240/28
51.105.67.0/28
20.125.163.80/28
40.77.188.0/22
65.55.210.0/24
199.30.24.0/23
40.77.202.0/24
40.77.139.0/25
20.74.197.0/28
20.15.133.160/27

11
release/ipgroup/crawler/cloudflare.txt
View File

@@ -1,5 +1,12 @@
# sync from https://www.cloudflare.com/ips-v4
# ipv6
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32
# ipv4
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22

203
release/ipgroup/crawler/default.txt Normal file
View File

@@ -0,0 +1,203 @@
# baidu
117.34.74.0/24
118.122.188.0/24
119.63.196.0/24
121.14.89.0/24
123.125.66.0/24
123.125.68.0/24
123.125.71.0/24
123.181.108.77
125.39.78.0/24
159.226.50.0/24
180.76.5.0/24
203.208.60.0/24
210.72.225.0/24
220.181.108.0/24
220.181.158.107
220.181.68.0/24
220.181.7.0/24
61.135.165.0/24
# 360
180.153.232.0/24
180.153.234.0/24
180.153.236.0/24
180.163.220.0/24
42.236.101.0/24
42.236.102.0/24
42.236.103.0/24
42.236.10.0/24
42.236.12.0/24
42.236.13.0/24
42.236.14.0/24
42.236.15.0/24
42.236.16.0/24
42.236.17.0/24
42.236.46.0/24
42.236.48.0/24
42.236.49.0/24
42.236.50.0/24
42.236.51.0/24
42.236.52.0/24
42.236.53.0/24
42.236.54.0/24
42.236.55.0/24
42.236.99.0/24
# bing
157.55.39.0/24
207.46.13.0/24
40.77.167.0/24
13.66.139.0/24
13.66.144.0/24
52.167.144.0/24
13.67.10.16/28
13.69.66.240/28
13.71.172.224/28
139.217.52.0/28
191.233.204.224/28
20.36.108.32/28
20.43.120.16/28
40.79.131.208/28
40.79.186.176/28
52.231.148.0/28
20.79.107.240/28
51.105.67.0/28
20.125.163.80/28
40.77.188.0/22
65.55.210.0/24
199.30.24.0/23
40.77.202.0/24
40.77.139.0/25
20.74.197.0/28
20.15.133.160/27
# google
192.178.5.0/27
34.100.182.96/28
34.101.50.144/28
34.118.254.0/28
34.118.66.0/28
34.126.178.96/28
34.146.150.144/28
34.147.110.144/28
34.151.74.144/28
34.152.50.64/28
34.154.114.144/28
34.155.98.32/28
34.165.18.176/28
34.175.160.64/28
34.176.130.16/28
34.22.85.0/27
34.64.82.64/28
34.65.242.112/28
34.80.50.80/28
34.88.194.0/28
34.89.10.80/28
34.89.198.80/28
34.96.162.48/28
35.247.243.240/28
66.249.64.0/27
66.249.64.128/27
66.249.64.160/27
66.249.64.192/27
66.249.64.224/27
66.249.64.32/27
66.249.64.64/27
66.249.64.96/27
66.249.65.0/27
66.249.65.160/27
66.249.65.192/27
66.249.65.224/27
66.249.65.32/27
66.249.65.64/27
66.249.65.96/27
66.249.66.0/27
66.249.66.128/27
66.249.66.160/27
66.249.66.192/27
66.249.66.32/27
66.249.66.64/27
66.249.66.96/27
66.249.68.0/27
66.249.68.32/27
66.249.68.64/27
66.249.69.0/27
66.249.69.128/27
66.249.69.160/27
66.249.69.192/27
66.249.69.224/27
66.249.69.32/27
66.249.69.64/27
66.249.69.96/27
66.249.70.0/27
66.249.70.128/27
66.249.70.160/27
66.249.70.192/27
66.249.70.224/27
66.249.70.32/27
66.249.70.64/27
66.249.70.96/27
66.249.71.0/27
66.249.71.128/27
66.249.71.160/27
66.249.71.192/27
66.249.71.224/27
66.249.71.32/27
66.249.71.64/27
66.249.71.96/27
66.249.72.0/27
66.249.72.128/27
66.249.72.160/27
66.249.72.192/27
66.249.72.224/27
66.249.72.32/27
66.249.72.64/27
66.249.72.96/27
66.249.73.0/27
66.249.73.128/27
66.249.73.160/27
66.249.73.192/27
66.249.73.224/27
66.249.73.32/27
66.249.73.64/27
66.249.73.96/27
66.249.74.0/27
66.249.74.128/27
66.249.74.32/27
66.249.74.64/27
66.249.74.96/27
66.249.75.0/27
66.249.75.128/27
66.249.75.160/27
66.249.75.192/27
66.249.75.224/27
66.249.75.32/27
66.249.75.64/27
66.249.75.96/27
66.249.76.0/27
66.249.76.128/27
66.249.76.160/27
66.249.76.192/27
66.249.76.224/27
66.249.76.32/27
66.249.76.64/27
66.249.76.96/27
66.249.77.0/27
66.249.77.128/27
66.249.77.160/27
66.249.77.192/27
66.249.77.224/27
66.249.77.32/27
66.249.77.64/27
66.249.77.96/27
66.249.78.0/27
66.249.78.32/27
66.249.79.0/27
66.249.79.128/27
66.249.79.160/27
66.249.79.192/27
66.249.79.224/27
66.249.79.32/27
66.249.79.64/27
66.249.79.96/27

235
release/ipgroup/crawler/google.txt Normal file
View File

@@ -0,0 +1,235 @@
# ipv6
2001:4860:4801:10::/64
2001:4860:4801:11::/64
2001:4860:4801:12::/64
2001:4860:4801:13::/64
2001:4860:4801:14::/64
2001:4860:4801:15::/64
2001:4860:4801:16::/64
2001:4860:4801:17::/64
2001:4860:4801:18::/64
2001:4860:4801:19::/64
2001:4860:4801:1a::/64
2001:4860:4801:1b::/64
2001:4860:4801:1c::/64
2001:4860:4801:1d::/64
2001:4860:4801:1e::/64
2001:4860:4801:20::/64
2001:4860:4801:21::/64
2001:4860:4801:22::/64
2001:4860:4801:23::/64
2001:4860:4801:24::/64
2001:4860:4801:25::/64
2001:4860:4801:26::/64
2001:4860:4801:27::/64
2001:4860:4801:28::/64
2001:4860:4801:29::/64
2001:4860:4801:2::/64
2001:4860:4801:2a::/64
2001:4860:4801:2b::/64
2001:4860:4801:2c::/64
2001:4860:4801:2d::/64
2001:4860:4801:2e::/64
2001:4860:4801:2f::/64
2001:4860:4801:30::/64
2001:4860:4801:31::/64
2001:4860:4801:32::/64
2001:4860:4801:33::/64
2001:4860:4801:34::/64
2001:4860:4801:35::/64
2001:4860:4801:36::/64
2001:4860:4801:37::/64
2001:4860:4801:38::/64
2001:4860:4801:39::/64
2001:4860:4801:3::/64
2001:4860:4801:3a::/64
2001:4860:4801:3b::/64
2001:4860:4801:3c::/64
2001:4860:4801:3d::/64
2001:4860:4801:3e::/64
2001:4860:4801:40::/64
2001:4860:4801:41::/64
2001:4860:4801:42::/64
2001:4860:4801:43::/64
2001:4860:4801:44::/64
2001:4860:4801:45::/64
2001:4860:4801:46::/64
2001:4860:4801:47::/64
2001:4860:4801:48::/64
2001:4860:4801:49::/64
2001:4860:4801:4a::/64
2001:4860:4801:50::/64
2001:4860:4801:51::/64
2001:4860:4801:53::/64
2001:4860:4801:54::/64
2001:4860:4801:55::/64
2001:4860:4801:60::/64
2001:4860:4801:61::/64
2001:4860:4801:62::/64
2001:4860:4801:63::/64
2001:4860:4801:64::/64
2001:4860:4801:65::/64
2001:4860:4801:66::/64
2001:4860:4801:67::/64
2001:4860:4801:68::/64
2001:4860:4801:69::/64
2001:4860:4801:6a::/64
2001:4860:4801:6b::/64
2001:4860:4801:6c::/64
2001:4860:4801:6d::/64
2001:4860:4801:6e::/64
2001:4860:4801:6f::/64
2001:4860:4801:70::/64
2001:4860:4801:71::/64
2001:4860:4801:72::/64
2001:4860:4801:73::/64
2001:4860:4801:74::/64
2001:4860:4801:75::/64
2001:4860:4801:76::/64
2001:4860:4801:77::/64
2001:4860:4801:78::/64
2001:4860:4801:79::/64
2001:4860:4801:80::/64
2001:4860:4801:81::/64
2001:4860:4801:82::/64
2001:4860:4801:83::/64
2001:4860:4801:84::/64
2001:4860:4801:85::/64
2001:4860:4801:86::/64
2001:4860:4801:87::/64
2001:4860:4801:88::/64
2001:4860:4801:90::/64
2001:4860:4801:91::/64
2001:4860:4801:92::/64
2001:4860:4801:93::/64
2001:4860:4801:c::/64
2001:4860:4801:f::/64
# ipv4
192.178.5.0/27
34.100.182.96/28
34.101.50.144/28
34.118.254.0/28
34.118.66.0/28
34.126.178.96/28
34.146.150.144/28
34.147.110.144/28
34.151.74.144/28
34.152.50.64/28
34.154.114.144/28
34.155.98.32/28
34.165.18.176/28
34.175.160.64/28
34.176.130.16/28
34.22.85.0/27
34.64.82.64/28
34.65.242.112/28
34.80.50.80/28
34.88.194.0/28
34.89.10.80/28
34.89.198.80/28
34.96.162.48/28
35.247.243.240/28
66.249.64.0/27
66.249.64.128/27
66.249.64.160/27
66.249.64.192/27
66.249.64.224/27
66.249.64.32/27
66.249.64.64/27
66.249.64.96/27
66.249.65.0/27
66.249.65.160/27
66.249.65.192/27
66.249.65.224/27
66.249.65.32/27
66.249.65.64/27
66.249.65.96/27
66.249.66.0/27
66.249.66.128/27
66.249.66.160/27
66.249.66.192/27
66.249.66.32/27
66.249.66.64/27
66.249.66.96/27
66.249.68.0/27
66.249.68.32/27
66.249.68.64/27
66.249.69.0/27
66.249.69.128/27
66.249.69.160/27
66.249.69.192/27
66.249.69.224/27
66.249.69.32/27
66.249.69.64/27
66.249.69.96/27
66.249.70.0/27
66.249.70.128/27
66.249.70.160/27
66.249.70.192/27
66.249.70.224/27
66.249.70.32/27
66.249.70.64/27
66.249.70.96/27
66.249.71.0/27
66.249.71.128/27
66.249.71.160/27
66.249.71.192/27
66.249.71.224/27
66.249.71.32/27
66.249.71.64/27
66.249.71.96/27
66.249.72.0/27
66.249.72.128/27
66.249.72.160/27
66.249.72.192/27
66.249.72.224/27
66.249.72.32/27
66.249.72.64/27
66.249.72.96/27
66.249.73.0/27
66.249.73.128/27
66.249.73.160/27
66.249.73.192/27
66.249.73.224/27
66.249.73.32/27
66.249.73.64/27
66.249.73.96/27
66.249.74.0/27
66.249.74.128/27
66.249.74.32/27
66.249.74.64/27
66.249.74.96/27
66.249.75.0/27
66.249.75.128/27
66.249.75.160/27
66.249.75.192/27
66.249.75.224/27
66.249.75.32/27
66.249.75.64/27
66.249.75.96/27
66.249.76.0/27
66.249.76.128/27
66.249.76.160/27
66.249.76.192/27
66.249.76.224/27
66.249.76.32/27
66.249.76.64/27
66.249.76.96/27
66.249.77.0/27
66.249.77.128/27
66.249.77.160/27
66.249.77.192/27
66.249.77.224/27
66.249.77.32/27
66.249.77.64/27
66.249.77.96/27
66.249.78.0/27
66.249.78.32/27
66.249.79.0/27
66.249.79.128/27
66.249.79.160/27
66.249.79.192/27
66.249.79.224/27
66.249.79.32/27
66.249.79.64/27
66.249.79.96/27

122
release/latest/compose.yaml
View File

@@ -12,9 +12,9 @@ networks:
services:
postgres:
container_name: safeline-postgres
container_name: safeline-pg
restart: always
image: postgres:15.2
image: swr.cn-east-3.myhuaweicloud.com/chaitin-safeline/postgres:15.2
volumes:
- ${SAFELINE_DIR}/resources/postgres/data:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
@@ -24,43 +24,21 @@ services:
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.2
cap_drop:
- net_raw
command: [postgres, -c, max_connections=200]
redis:
container_name: safeline-redis
mgt:
container_name: safeline-mgt
restart: always
image: redis:7.0.10
image: ${IMAGE_PREFIX}/safeline-mgt:${IMAGE_TAG:?image tag required}
volumes:
- ${SAFELINE_DIR}/resources/redis/data:/data
- /etc/localtime:/etc/localtime:ro
command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD}
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.3
cap_drop:
- net_raw
sysctls:
net.core.somaxconn: "511"
management:
container_name: safeline-mgt-api
restart: always
image: chaitin/safeline-mgt-api:${IMAGE_TAG:?image tag required}
volumes:
- ${SAFELINE_DIR?safeline dir required}/resources/management:/resources/management
- ${SAFELINE_DIR}/resources/nginx:/resources/nginx
- ${SAFELINE_DIR}/logs:/logs
- /etc/localtime:/etc/localtime:ro
- ${SAFELINE_DIR}/resources/mgt:/app/data
ports:
- ${MGT_PORT:-9443}:1443
environment:
- MANAGEMENT_RESOURCES_DIR=/resources/management
- NGINX_RESOURCES_DIR=/resources/nginx
- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-postgres/safeline-ce
- MARIO_URL=http://safeline-mario:3335
- FVM_MANAGER_URL=safeline-fvm-manager:9004
- REDIS_URL=redis://:${REDIS_PASSWORD}@safeline-redis:6379/0
- MANAGEMENT_LOGS_DIR=/logs/management
- MGT_PG=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce?sslmode=disable
depends_on:
- postgres
- fvm
dns:
- 119.29.29.29
- 223.5.5.5
@@ -68,15 +46,17 @@ services:
- 1.2.4.8
- 114.114.114.114
- 8.8.8.8
logging:
options:
max-size: "100m"
max-file: "10"
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.4
cap_drop:
- net_raw
detector:
detect:
container_name: safeline-detector
restart: always
image: chaitin/safeline-detector:${IMAGE_TAG}
image: ${IMAGE_PREFIX}/safeline-detector:${IMAGE_TAG}
volumes:
- ${SAFELINE_DIR}/resources/detector:/resources/detector
- ${SAFELINE_DIR}/logs/detector:/logs/detector
@@ -86,12 +66,10 @@ services:
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.5
cap_drop:
- net_raw
mario:
container_name: safeline-mario
restart: always
image: chaitin/safeline-mario:${IMAGE_TAG}
image: ${IMAGE_PREFIX}/safeline-mario:${IMAGE_TAG}
volumes:
- ${SAFELINE_DIR}/resources/mario:/resources/mario
- ${SAFELINE_DIR}/logs/mario:/logs/mario
@@ -99,43 +77,73 @@ services:
environment:
- LOG_DIR=/logs/mario
- GOGC=100
- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-postgres/safeline-ce
- REDIS_URL=redis://:${REDIS_PASSWORD}@safeline-redis:6379/0
- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.6
cap_drop:
- net_raw
tengine:
container_name: safeline-tengine
restart: always
image: chaitin/safeline-tengine:${IMAGE_TAG}
image: ${IMAGE_PREFIX}/safeline-tengine:${IMAGE_TAG}
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/resolv.conf:/etc/resolv.conf:ro
- ${SAFELINE_DIR}/resources/nginx:/etc/nginx
- ${SAFELINE_DIR}/resources/management:/resources/management
- ${SAFELINE_DIR}/resources/detector:/resources/detector
- ${SAFELINE_DIR}/logs/nginx:/var/log/nginx
- /etc/localtime:/etc/localtime:ro
- ${SAFELINE_DIR}/resources/cache:/usr/local/nginx/cache
- /etc/resolv.conf:/etc/resolv.conf
environment:
- REDIS_URL=redis://:${REDIS_PASSWORD}@${SUBNET_PREFIX}.3:6379/0
- MGT_ADDR=${SUBNET_PREFIX}.4:9002
- TCD_MGT_API=https://${SUBNET_PREFIX}.4:1443/api/open/publish/server
- TCD_SNSERVER=${SUBNET_PREFIX}.5:8000
# deprecated
- SNSERVER_ADDR=${SUBNET_PREFIX}.5:8000
ulimits:
nofile: 131072
network_mode: host
fvm-manager:
container_name: safeline-fvm-manager
luigi:
container_name: safeline-luigi
restart: always
image: chaitin/safeline-fvm-manager:${IMAGE_TAG}
image: ${IMAGE_PREFIX}/safeline-luigi:${IMAGE_TAG}
environment:
- FVM_LOGS_DIR=/logs/management
- DETECTOR_URL=http://safeline-detector:8001
- MGT_IP=${SUBNET_PREFIX}.4
volumes:
- /etc/localtime:/etc/localtime:ro
- ${SAFELINE_DIR}/resources/luigi:/app/data
depends_on:
- detect
- mgt
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.7
fvm:
container_name: safeline-fvm
restart: always
image: ${IMAGE_PREFIX}/safeline-fvm:${IMAGE_TAG}
volumes:
- /etc/localtime:/etc/localtime:ro
- ${SAFELINE_DIR}/logs:/logs
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.8
cap_drop:
- net_raw
bridge:
container_name: safeline-bridge
restart: always
image: ${IMAGE_PREFIX}/safeline-bridge:${IMAGE_TAG}
command:
- /app/bridge
- serve
- -n
- unix
- -a
- /app/run/safeline.sock
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run:/app/run
logging:
options:
max-size: "100m"
max-file: "10"
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.9
depends_on:
- mgt

21
release/latest/setup.sh
View File

@@ -8,6 +8,9 @@ echo "
|____/ \__,_| |_| \___| |_____| |_| |_| |_| \___|
"
export STREAM=${STREAM:-0}
export CDN=${CDN:-1}
qrcode() {
echo "█████████████████████████████████████████"
echo "█████████████████████████████████████████"
@@ -189,7 +192,8 @@ fi
info "创建安装目录 '$safeline_path' 成功"
cd "$safeline_path"
curl -sS -k "https://waf-ce.chaitin.cn/release/latest/compose.yaml" -o compose.yaml
curl "https://waf-ce.chaitin.cn/release/latest/compose.yaml" -sSLk -o compose.yaml
if [ $? -ne "0" ]; then
abort "下载 compose.yaml 脚本失败"
fi
@@ -202,12 +206,23 @@ fi
info "创建 .env 脚本成功"
echo "SAFELINE_DIR=$safeline_path" >> .env
echo "IMAGE_TAG=latest" >> .env
if [ $STREAM -eq 1 ]; then
echo "IMAGE_TAG=latest-stream" >>".env"
else
echo "IMAGE_TAG=latest" >>".env"
fi
echo "MGT_PORT=9443" >> .env
echo "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env
echo "REDIS_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env
echo "SUBNET_PREFIX=172.22.222" >> .env
if [ $CDN -eq 0 ]; then
echo "IMAGE_PREFIX=chaitin" >>".env"
else
echo "IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline" >>".env"
fi
info "即将开始下载 Docker 镜像"
$compose_command up -d

86
release/latest/upgrade.sh
View File

@@ -8,6 +8,9 @@ echo "
|____/ \__,_| |_| \___| |_____| |_| |_| |_| \___|
"
export STREAM=${STREAM:-0}
export CDN=${CDN:-1}
echo $1
qrcode() {
@@ -40,15 +43,15 @@ qrcode() {
}
command_exists() {
command -v "$1" 2>&1
command -v "$1" 2>&1
}
space_left() {
dir="$1"
while [ ! -d "$dir" ]; do
dir=`dirname "$dir"`;
dir=$(dirname "$dir")
done
echo `df -h "$dir" --output='avail' | tail -n 1`
echo $(df -h "$dir" --output='avail' | tail -n 1)
}
confirm() {
@@ -58,9 +61,9 @@ confirm() {
[[ "$opt" == $'\n' ]] || echo
case "$opt" in
'y' | 'Y' ) return 0;;
'n' | 'N' ) return 1;;
*) confirm "$1";;
'y' | 'Y') return 0 ;;
'n' | 'N') return 1 ;;
*) confirm "$1" ;;
esac
}
@@ -86,13 +89,13 @@ onexit() {
# CPU ssse3 指令集检查
support_ssse3=1
lscpu | grep ssse3 > /dev/null 2>&1
lscpu | grep ssse3 >/dev/null 2>&1
if [ $? -ne "0" ]; then
echo "not found info in lscpu"
support_ssse3=0
fi
cat /proc/cpuinfo | grep ssse3 > /dev/null 2>&1
cat /proc/cpuinfo | grep ssse3 >/dev/null 2>&1
if [ $support_ssse3 -eq "0" -a $? -ne "0" ]; then
abort "雷池需要运行在支持 ssse3 指令集的 CPU 上,虚拟机请自行配置开启 CPU ssse3 指令集支持"
fi
@@ -114,7 +117,7 @@ if [ "$EUID" -ne "0" ]; then
fi
info "脚本调用方式确认正常"
if [ -z `command_exists docker` ]; then
if [ -z $(command_exists docker) ]; then
warning "缺少 Docker 环境"
if confirm "是否需要自动安装 Docker"; then
curl -sSLk https://get.docker.com/ | bash
@@ -126,9 +129,9 @@ if [ -z `command_exists docker` ]; then
abort "中止安装"
fi
fi
info "发现 Docker 环境: '`command -v docker`'"
info "发现 Docker 环境: '$(command -v docker)'"
docker version > /dev/null 2>&1
docker version >/dev/null 2>&1
if [ $? -ne "0" ]; then
abort "Docker 服务工作异常"
fi
@@ -140,7 +143,7 @@ if $compose_command version; then
else
warning "未发现 Docker Compose Plugin"
compose_command="docker-compose"
if [ -z `command_exists "docker-compose"` ]; then
if [ -z $(command_exists "docker-compose") ]; then
warning "未发现 docker-compose 组件"
if confirm "是否需要自动安装 Docker Compose Plugin"; then
curl -sSLk https://get.docker.com/ | bash
@@ -153,18 +156,17 @@ else
abort "中止安装"
fi
else
info "发现 docker-compose 组件: '`command -v docker-compose`'"
info "发现 docker-compose 组件: '$(command -v docker-compose)'"
fi
fi
container_id=`docker ps --filter ancestor=chaitin/safeline-mgt-api --format '{{.ID}}'`
mount_path=`docker inspect --format '{{range .Mounts}}{{if eq .Destination "/logs"}}{{.Source}}{{end}}{{end}}' $container_id`
safeline_path=`dirname $mount_path`
container_id=$(docker ps -n 1 --filter name=.*safeline-mgt.* --format '{{.ID}}')
safeline_path=$(docker inspect --format '{{index .Config.Labels "com.docker.compose.project.working_dir"}}' $container_id)
while [ -z "$safeline_path" ]; do
echo -e -n "\033[34m[SafeLine] 未发现正在运行的雷池,请输入雷池安装路径 (留空则为 '`pwd`'): \033[0m"
echo -e -n "\033[34m[SafeLine] 未发现正在运行的雷池,请输入雷池安装路径 (留空则为 '$(pwd)'): \033[0m"
read input_path
[[ -z "$input_path" ]] && input_path=`pwd`
[[ -z "$input_path" ]] && input_path=$(pwd)
if [[ ! $input_path == /* ]]; then
warning "'$input_path' 不是合法的绝对路径"
@@ -176,12 +178,12 @@ done
cd "$safeline_path"
grep COLLIE .env > /dev/null 2>&1
grep COLLIE .env >/dev/null 2>&1
if [ $? -eq "0" ]; then
abort "检测到你的环境通过牧云主机助手安装,请使用牧云主机助手-应用市场进行升级."
fi
compose_name=`ls docker-compose.yaml compose.yaml 2>/dev/null`
compose_name=$(ls docker-compose.yaml compose.yaml 2>/dev/null)
compose_path=$safeline_path/$compose_name
if [ -f "$compose_path" ]; then
@@ -190,23 +192,45 @@ else
abort "没有发现位于 $safeline_path 的雷池环境"
fi
mv $compose_name $compose_name.old
curl "https://waf-ce.chaitin.cn/release/latest/compose.yaml" -sSLk -o $compose_name
if [ $? -ne "0" ]; then
abort "下载 compose.yaml 脚本失败"
fi
info "下载 compose.yaml 脚本成功"
sed -i "s/IMAGE_TAG=.*/IMAGE_TAG=latest/g" ".env"
if [ $STREAM -eq 1 ]; then
sed -i "s/IMAGE_TAG=.*/IMAGE_TAG=latest-stream/g" ".env"
else
sed -i "s/IMAGE_TAG=.*/IMAGE_TAG=latest/g" ".env"
fi
grep "SAFELINE_DIR" ".env" > /dev/null || echo "SAFELINE_DIR=$(pwd)" >> ".env"
grep "IMAGE_TAG" ".env" > /dev/null || echo "IMAGE_TAG=latest" >> ".env"
grep "MGT_PORT" ".env" > /dev/null || echo "MGT_PORT=9443" >> ".env"
grep "POSTGRES_PASSWORD" ".env" > /dev/null || echo "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> ".env"
grep "REDIS_PASSWORD" ".env" > /dev/null || echo "REDIS_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> ".env"
grep "SUBNET_PREFIX" ".env" > /dev/null || echo "SUBNET_PREFIX=172.22.222" >> ".env"
grep "SAFELINE_DIR" ".env" >/dev/null || echo "SAFELINE_DIR=$(pwd)" >>".env"
if [ $STREAM -eq 1 ]; then
grep "IMAGE_TAG" ".env" >/dev/null || echo "IMAGE_TAG=latest-stream" >>".env"
else
grep "IMAGE_TAG" ".env" >/dev/null || echo "IMAGE_TAG=latest" >>".env"
fi
grep "MGT_PORT" ".env" >/dev/null || echo "MGT_PORT=9443" >>".env"
grep "POSTGRES_PASSWORD" ".env" >/dev/null || echo "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >>".env"
grep "SUBNET_PREFIX" ".env" >/dev/null || echo "SUBNET_PREFIX=172.22.222" >>".env"
if [ $CDN -eq 0 ]; then
sed -i "s/IMAGE_PREFIX=.*/IMAGE_PREFIX=chaitin/g" ".env"
else
sed -i "s/IMAGE_PREFIX=.*/IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com\/chaitin-safeline/g" ".env"
fi
if [ $CDN -eq 0 ]; then
grep "IMAGE_PREFIX" ".env" >/dev/null || echo "IMAGE_PREFIX=chaitin" >>".env"
else
grep "IMAGE_PREFIX" ".env" >/dev/null || echo "IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline" >>".env"
fi
info "升级 .env 脚本成功"
@@ -220,7 +244,10 @@ info "下载新版本 Docker 镜像成功"
info "即将开始替换 Docker 容器"
$compose_command down && $compose_command up -d
# 升级到 3.14.0 版本时,移除了 safeline-redis 容器,需要删除容器,否则无法启动新 compose 网络
docker rm -f safeline-redis &>/dev/null
$compose_command down --remove-orphans && $compose_command up -d
if [ $? -ne "0" ]; then
abort "替换 Docker 容器失败"
fi
@@ -230,4 +257,3 @@ qrcode
warning "雷池 WAF 社区版安装成功, 请访问以下地址访问控制台"
warning "https://0.0.0.0:9443/"

4
release/latest/version.json
View File

@@ -1,4 +1,4 @@
{
"latest_version": "v3.14.0",
"rec_version": "v3.8.2"
"latest_version": "v4.4.2",
"rec_version": "v4.4.2"
}

44
website/next-sitemap.config.js Normal file
View File

@@ -0,0 +1,44 @@
/** @type {import('next-sitemap').IConfig} */
const nextSiteMapConfig = {
siteUrl: 'https://waf-ce.chaitin.cn',
generateRobotsTxt: true,
robotsTxtOptions: {
policies: [{ userAgent: '*', allow: '/', disallow: '' }],
},
sitemap: {
// path: '/sitemap.xml',
routes: {
'/community': {
changefreq: 'always',
},
},
},
autoLastmod: true,
priority: 1,
changefreq: 'daily',
sitemapSize: 5000,
transform: async (config, path) => {
if (!path) {
return null
}
const customFields = config.sitemap.routes[path] || {}
return {
loc: path,
changefreq: customFields.changefreq || config.changefreq,
priority: config.priority,
lastmod: config.autoLastmod ? new Date().toISOString() : undefined,
alternateRefs: config.alternateRefs ?? [],
}
},
additionalPaths: (config) => {
const paths = ['/docs']
const result = []
paths.forEach(async (item) => {
result.push(await config.transform(config, item))
})
return result
},
}
module.exports = nextSiteMapConfig

6
website/next.config.js
View File

@@ -6,12 +6,12 @@ const nextConfig = {
// These rewrites are checked after both pages/public files
// and dynamic routes are checked
{
source: '/api/count',
destination: 'https://waf-ce.chaitin.cn/api/count',
source: '/api/safeline/count',
destination: 'http://121.199.46.182/api/safeline/count',
},
{
source: '/api/:path*',
destination: 'http://10.10.4.142:8080/api/:path*',
destination: 'http://121.199.46.182/api/:path*',
},
],
}

60
website/package-lock.json generated
View File

@@ -15,6 +15,7 @@
"@mui/material": "5.14.3",
"countup.js": "2.7.0",
"next": "14.0.1",
"next-sitemap": "^4.2.3",
"react": "^18",
"react-dom": "^18"
},
@@ -252,6 +253,11 @@
"node": ">=6.9.0"
}
},
"node_modules/@corex/deepmerge": {
"version": "4.0.43",
"resolved": "https://registry.npmjs.org/@corex/deepmerge/-/deepmerge-4.0.43.tgz",
"integrity": "sha512-N8uEMrMPL0cu/bdboEWpQYb/0i2K5Qn8eCsxzOmxSggJbbQte7ljMRoXm917AbntqTGOzdTu+vP3KOOzoC70HQ=="
},
"node_modules/@emotion/babel-plugin": {
"version": "11.11.0",
"resolved": "https://registry.npmjs.org/@emotion/babel-plugin/-/babel-plugin-11.11.0.tgz",
@@ -992,7 +998,6 @@
"version": "2.1.5",
"resolved": "https://registry.npmmirror.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
"integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
"dev": true,
"dependencies": {
"@nodelib/fs.stat": "2.0.5",
"run-parallel": "^1.1.9"
@@ -1005,7 +1010,6 @@
"version": "2.0.5",
"resolved": "https://registry.npmmirror.com/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
"integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
"dev": true,
"engines": {
"node": ">= 8"
}
@@ -1014,7 +1018,6 @@
"version": "1.2.8",
"resolved": "https://registry.npmmirror.com/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
"integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
"dev": true,
"dependencies": {
"@nodelib/fs.scandir": "2.1.5",
"fastq": "^1.6.0"
@@ -1505,7 +1508,6 @@
"version": "3.0.2",
"resolved": "https://registry.npmmirror.com/braces/-/braces-3.0.2.tgz",
"integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
"dev": true,
"dependencies": {
"fill-range": "^7.0.1"
},
@@ -2403,7 +2405,6 @@
"version": "3.3.1",
"resolved": "https://registry.npmmirror.com/fast-glob/-/fast-glob-3.3.1.tgz",
"integrity": "sha512-kNFPyjhh5cKjrUltxs+wFx+ZkbRaxxmZ+X0ZU31SOsxCEtP9VPgtq2teZw1DebupL5GmDaNQ6yKMMVcM41iqDg==",
"dev": true,
"dependencies": {
"@nodelib/fs.stat": "^2.0.2",
"@nodelib/fs.walk": "^1.2.3",
@@ -2419,7 +2420,6 @@
"version": "5.1.2",
"resolved": "https://registry.npmmirror.com/glob-parent/-/glob-parent-5.1.2.tgz",
"integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
"dev": true,
"dependencies": {
"is-glob": "^4.0.1"
},
@@ -2443,7 +2443,6 @@
"version": "1.15.0",
"resolved": "https://registry.npmmirror.com/fastq/-/fastq-1.15.0.tgz",
"integrity": "sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw==",
"dev": true,
"dependencies": {
"reusify": "^1.0.4"
}
@@ -2464,7 +2463,6 @@
"version": "7.0.1",
"resolved": "https://registry.npmmirror.com/fill-range/-/fill-range-7.0.1.tgz",
"integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
"dev": true,
"dependencies": {
"to-regex-range": "^5.0.1"
},
@@ -2931,7 +2929,6 @@
"version": "2.1.1",
"resolved": "https://registry.npmmirror.com/is-extglob/-/is-extglob-2.1.1.tgz",
"integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
"dev": true,
"engines": {
"node": ">=0.10.0"
}
@@ -2961,7 +2958,6 @@
"version": "4.0.3",
"resolved": "https://registry.npmmirror.com/is-glob/-/is-glob-4.0.3.tgz",
"integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
"dev": true,
"dependencies": {
"is-extglob": "^2.1.1"
},
@@ -2988,7 +2984,6 @@
"version": "7.0.0",
"resolved": "https://registry.npmmirror.com/is-number/-/is-number-7.0.0.tgz",
"integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
"dev": true,
"engines": {
"node": ">=0.12.0"
}
@@ -3303,7 +3298,6 @@
"version": "1.4.1",
"resolved": "https://registry.npmmirror.com/merge2/-/merge2-1.4.1.tgz",
"integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
"dev": true,
"engines": {
"node": ">= 8"
}
@@ -3312,7 +3306,6 @@
"version": "4.0.5",
"resolved": "https://registry.npmmirror.com/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dev": true,
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
@@ -3336,8 +3329,7 @@
"node_modules/minimist": {
"version": "1.2.8",
"resolved": "https://registry.npmmirror.com/minimist/-/minimist-1.2.8.tgz",
"integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
"dev": true
"integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA=="
},
"node_modules/ms": {
"version": "2.1.2",
@@ -3418,6 +3410,37 @@
}
}
},
"node_modules/next-sitemap": {
"version": "4.2.3",
"resolved": "https://registry.npmjs.org/next-sitemap/-/next-sitemap-4.2.3.tgz",
"integrity": "sha512-vjdCxeDuWDzldhCnyFCQipw5bfpl4HmZA7uoo3GAaYGjGgfL4Cxb1CiztPuWGmS+auYs7/8OekRS8C2cjdAsjQ==",
"funding": [
{
"url": "https://github.com/iamvishnusankar/next-sitemap.git"
}
],
"dependencies": {
"@corex/deepmerge": "^4.0.43",
"@next/env": "^13.4.3",
"fast-glob": "^3.2.12",
"minimist": "^1.2.8"
},
"bin": {
"next-sitemap": "bin/next-sitemap.mjs",
"next-sitemap-cjs": "bin/next-sitemap.cjs"
},
"engines": {
"node": ">=14.18"
},
"peerDependencies": {
"next": "*"
}
},
"node_modules/next-sitemap/node_modules/@next/env": {
"version": "13.5.6",
"resolved": "https://registry.npmjs.org/@next/env/-/env-13.5.6.tgz",
"integrity": "sha512-Yac/bV5sBGkkEXmAX5FWPS9Mmo2rthrOPRQQNfycJPkjUAUclomCPH7QFVCDQ4Mp2k2K1SSM6m0zrxYrOwtFQw=="
},
"node_modules/node-releases": {
"version": "2.0.13",
"resolved": "https://registry.npmmirror.com/node-releases/-/node-releases-2.0.13.tgz",
@@ -3680,7 +3703,6 @@
"version": "2.3.1",
"resolved": "https://registry.npmmirror.com/picomatch/-/picomatch-2.3.1.tgz",
"integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
"dev": true,
"engines": {
"node": ">=8.6"
}
@@ -3838,8 +3860,7 @@
"node_modules/queue-microtask": {
"version": "1.2.3",
"resolved": "https://registry.npmmirror.com/queue-microtask/-/queue-microtask-1.2.3.tgz",
"integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
"dev": true
"integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A=="
},
"node_modules/react": {
"version": "18.2.0",
@@ -3972,7 +3993,6 @@
"version": "1.0.4",
"resolved": "https://registry.npmmirror.com/reusify/-/reusify-1.0.4.tgz",
"integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
"dev": true,
"engines": {
"iojs": ">=1.0.0",
"node": ">=0.10.0"
@@ -3994,7 +4014,6 @@
"version": "1.2.0",
"resolved": "https://registry.npmmirror.com/run-parallel/-/run-parallel-1.2.0.tgz",
"integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
"dev": true,
"dependencies": {
"queue-microtask": "^1.2.2"
}
@@ -4396,7 +4415,6 @@
"version": "5.0.1",
"resolved": "https://registry.npmmirror.com/to-regex-range/-/to-regex-range-5.0.1.tgz",
"integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
"dev": true,
"dependencies": {
"is-number": "^7.0.0"
},

4
website/package.json
View File

@@ -6,7 +6,8 @@
"dev": "next dev",
"build": "next build",
"start": "next start -p 3001",
"lint": "next lint"
"lint": "next lint",
"sitemap_build": "next-sitemap"
},
"dependencies": {
"@emotion/react": "11.11.1",
@@ -16,6 +17,7 @@
"@mui/material": "5.14.3",
"countup.js": "2.7.0",
"next": "14.0.1",
"next-sitemap": "^4.2.3",
"react": "^18",
"react-dom": "^18"
},

4
website/public/BingSiteAuth.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0"?>
<users>
<user>3EF7E30C5A378E54709FA57D67499571</user>
</users>

2
website/public/fonts/iconfont.js
View File

File diff suppressed because one or more lines are too long

1
website/public/googlef97f8402f9139518.html Normal file
View File

@@ -0,0 +1 @@
google-site-verification: googlef97f8402f9139518.html

BIN
website/public/images/community-banner-mobile.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

BIN
website/public/images/community-banner.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 286 KiB

After

Width:  |  Height:  |  Size: 64 KiB

23
website/public/images/discount.svg Normal file
View File

@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="76px" height="20px" viewBox="0 0 76 20" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<title>编组 4</title>
<defs>
<linearGradient x1="-4.93008412e-13%" y1="46.5373961%" x2="90.5986697%" y2="53.4626039%" id="linearGradient-1">
<stop stop-color="#FFC193" offset="0%"></stop>
<stop stop-color="#FF5A5E" offset="100%"></stop>
</linearGradient>
</defs>
<g id="官网设计" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="版本(专业版特惠)" transform="translate(-1012.000000, -737.000000)">
<g id="编组-4" transform="translate(1012.000000, 737.000000)">
<path d="M8,0 L66,0 C71.5228475,-1.01453063e-15 76,4.4771525 76,10 C76,15.5228475 71.5228475,20 66,20 L0,20 L0,20 L0,8 C-5.41083001e-16,3.581722 3.581722,8.11624501e-16 8,0 Z" id="矩形" fill="url(#linearGradient-1)"></path>
<g id="人气、热度" transform="translate(8.000000, 5.000000)" fill="#FFDF00" fill-rule="nonzero">
<path d="M6.40193705,3.27637496 C6.08232446,3.79522657 5.66447596,4.06226219 5.66447596,4.06226219 C6.43652715,0.986509858 3.28052577,0 3.28052577,0 C4.21445866,3.40781736 0,3.66793497 0,6.41438948 C0,9.160844 3.22241439,9.63818748 3.22241439,9.63818748 C0.437218955,6.56658596 4,4.82324455 4,4.82324455 C4,4.82324455 3.37737807,5.72120374 4.83708059,7.12002767 C5.86786579,8.10653753 4.73607748,9.63403667 4.73607748,9.63403667 C5.78623314,9.64787271 8,8.26565202 8,6.388101 C8,4.51193359 6.40193705,3.27637496 6.40193705,3.27637496 Z" id="路径"></path>
</g>
<text id="限时特惠" font-family="PingFangSC-Regular, PingFang SC" font-size="12" font-weight="normal" line-spacing="20" fill="#FFFFFF">
<tspan x="20" y="14">限时特惠</tspan>
</text>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.0 KiB

BIN
website/public/images/version-banner-mobile.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 158 KiB

Some files were not shown because too many files have changed in this diff Show More