diff --git a/SafeLine/.env b/SafeLine/.env
new file mode 100644
index 0000000..95cc78e
--- /dev/null
+++ b/SafeLine/.env
@@ -0,0 +1,6 @@
+SAFELINE_DIR=/home/ubuntu/docker/safeline
+IMAGE_TAG=latest
+MGT_PORT=4443
+POSTGRES_PASSWORD=safeline
+SUBNET_PREFIX=172.22.222
+IMAGE_PREFIX=chaitin
\ No newline at end of file
diff --git a/SafeLine/docker-compose.yaml b/SafeLine/docker-compose.yaml
new file mode 100644
index 0000000..65fad34
--- /dev/null
+++ b/SafeLine/docker-compose.yaml
@@ -0,0 +1,134 @@
+networks:
+  safeline-ce:
+    name: safeline-ce
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - gateway: ${SUBNET_PREFIX:?SUBNET_PREFIX required}.1
+          subnet: ${SUBNET_PREFIX}.0/24
+    driver_opts:
+      com.docker.network.bridge.name: safeline-ce
+
+services:
+  postgres:
+    container_name: safeline-pg
+    restart: always
+    image: ${IMAGE_PREFIX}/safeline-postgres:15.2
+    volumes:
+      - ${SAFELINE_DIR}/resources/postgres/data:/var/lib/postgresql/data
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - POSTGRES_USER=safeline-ce
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?postgres password required}
+    networks:
+      safeline-ce:
+        ipv4_address: ${SUBNET_PREFIX}.2
+    command: [postgres, -c, max_connections=600]
+    healthcheck:
+      test: pg_isready -U safeline-ce -d safeline-ce
+  mgt:
+    container_name: safeline-mgt
+    restart: always
+    image: ${IMAGE_PREFIX}/safeline-mgt-g:${IMAGE_TAG:?image tag required}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${SAFELINE_DIR}/resources/mgt:/app/data
+      - ${SAFELINE_DIR}/logs/nginx:/app/log/nginx:z
+      - /var/run:/app/run  
+      - ${SAFELINE_DIR}/resources/sock:/app/sock
+    ports:
+      - ${MGT_PORT:-9443}:1443
+    healthcheck:
+      test: curl -k -f https://localhost:1443/api/open/health
+    environment:
+      - MGT_PG=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce?sslmode=disable
+    depends_on:
+      - postgres
+      - fvm
+    logging:
+      options:
+        max-size: "100m"
+        max-file: "5"
+    networks:
+      safeline-ce:
+        ipv4_address: ${SUBNET_PREFIX}.4
+  detect:
+    container_name: safeline-detector
+    restart: always
+    image: ${IMAGE_PREFIX}/safeline-detector-g:${IMAGE_TAG}
+    volumes:
+      - ${SAFELINE_DIR}/resources/detector:/resources/detector
+      - ${SAFELINE_DIR}/logs/detector:/logs/detector
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - LOG_DIR=/logs/detector
+    networks:
+      safeline-ce:
+        ipv4_address: ${SUBNET_PREFIX}.5
+  tengine:
+    container_name: safeline-tengine
+    restart: always
+    image: ${IMAGE_PREFIX}/safeline-tengine-g:${IMAGE_TAG}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/resolv.conf:/etc/resolv.conf:ro
+      - ${SAFELINE_DIR}/resources/nginx:/etc/nginx
+      - ${SAFELINE_DIR}/resources/detector:/resources/detector
+      - ${SAFELINE_DIR}/logs/nginx:/var/log/nginx:z
+      - ${SAFELINE_DIR}/resources/cache:/usr/local/nginx/cache
+      - ${SAFELINE_DIR}/resources/sock:/app/sock
+    environment:
+      - TCD_MGT_API=https://${SUBNET_PREFIX}.4:1443/api/open/publish/server
+      - TCD_SNSERVER=${SUBNET_PREFIX}.5:8000
+      # deprecated
+      - SNSERVER_ADDR=${SUBNET_PREFIX}.5:8000
+    ulimits:
+      nofile: 131072
+    network_mode: host
+  luigi:
+    container_name: safeline-luigi
+    restart: always
+    image: ${IMAGE_PREFIX}/safeline-luigi-g:${IMAGE_TAG}
+    environment:
+      - MGT_IP=${SUBNET_PREFIX}.4
+      - LUIGI_PG=postgres://safeline-ce:${POSTGRES_PASSWORD}@safeline-pg/safeline-ce?sslmode=disable
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${SAFELINE_DIR}/resources/luigi:/app/data
+    logging:
+      options:
+        max-size: "100m"
+        max-file: "5"
+    depends_on:
+      - detect
+      - mgt
+    networks:
+      safeline-ce:
+        ipv4_address: ${SUBNET_PREFIX}.7
+  fvm:
+    container_name: safeline-fvm
+    restart: always
+    image: ${IMAGE_PREFIX}/safeline-fvm-g:${IMAGE_TAG}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+    logging:
+      options:
+        max-size: "100m"
+        max-file: "5"
+    networks:
+      safeline-ce:
+        ipv4_address: ${SUBNET_PREFIX}.8
+  chaos:
+    container_name: safeline-chaos
+    restart: always
+    image: ${IMAGE_PREFIX}/safeline-chaos-g:${IMAGE_TAG}
+    logging:
+      options:
+        max-size: "100m"
+        max-file: "10"
+    volumes:
+      - ${SAFELINE_DIR}/resources/chaos:/app/chaos
+    networks:
+      safeline-ce:
+        ipv4_address: ${SUBNET_PREFIX}.10
\ No newline at end of file