Difference between revisions of "CTF: Instalasi CTFd di Ubuntu 22.04"

From OnnoWiki
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 8: Line 8:
  
  
 +
==Basic==
  
 +
sudo su
 +
apt update
 +
apt install net-tools
  
 +
Setup user ctfd
 +
 +
# setup user ctfd
 +
adduser ctfd  # masukan password
 +
usermod -aG sudo ctfd
 +
 +
Aktifkan firewall,
 +
 +
# UFW Firewall
 +
ufw allow openssh
 +
ufw allow http
 +
ufw allow https
 +
ufw enable
 +
 +
Install python & apps pendukung
 +
 +
apt update
 +
apt upgrade -y  # optional
 +
 +
apt install -y python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools nginx git
 +
pip3 install pipenv
  
 +
 +
Install CTFd
 +
 +
# install CTFd
 +
cd /var/www
 +
git clone https://github.com/CTFd/CTFd.git
 +
 +
su ctfd
 +
sudo chown -R ctfd:www-data /var/www/CTFd
 +
cd /var/www/CTFd
 +
 +
# Create a pipenv to run CTFd in
 +
pipenv install --python 3
 +
pipenv shell
 +
./prepare.sh
 +
 +
==Testing==
 +
 +
sudo ufw allow 5000
 +
gunicorn --bind 0.0.0.0:5000 'CTFd:create_app()'
 +
 +
Browse
 +
 +
http://www.yourdomain.com:5000
 +
http://192.168.0.142:5000/setup
 +
 +
 +
==Setup enviroment==
 +
 +
Contoh
 +
* single core
 +
* worker 3
 +
* keep-alive 2
 +
 +
# identify the pipenv virtual environment for use in unit file
 +
pipenv --venv
 +
/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf
 +
 +
Edit ctfd.service
 +
 +
# Create unit file
 +
sudo vim /etc/systemd/system/ctfd.service
 +
 +
[Unit]
 +
Description=Gunicorn instance to serve ctfd
 +
After=network.target
 +
 +
[Service]
 +
User=ctfd
 +
Group=www-data
 +
WorkingDirectory=/var/www/CTFd
 +
Environment="PATH=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin"
 +
ExecStart=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin/gunicorn --bind unix:app.sock --keep-alive 2
 +
--workers 3 --worker-class gevent 'CTFd:create_app()' --access-logfile '/var/log/CTFd/CTFd/logs/access.log'
 +
--error-logfile '/var/log/CTFd/CTFd/logs/error.log'
 +
 +
[Install]
 +
WantedBy=multi-user.target
 +
 +
 +
==Operasional==
 +
 +
# Create log directories
 +
sudo mkdir -p /var/log/CTFd/CTFd/logs/
 +
sudo chown -R ctfd:www-data /var/log/CTFd/CTFd/logs/
 +
 +
# Start CTFd service
 +
sudo systemctl enable ctfd
 +
sudo systemctl start ctfd
 +
sudo systemctl status ctfd
 +
 +
# Create nginx site, let's encrypt will handle the https later
 +
sudo vim /etc/nginx/sites-available/ctfd
 +
 +
# Nginx config
 +
# the client_max_body_size enables file uploads over the default of 1MB
 +
server {
 +
    listen 80;
 +
    server_name yourdomain.com www.yourdomain.com your.ip.add.ress;
 +
    client_max_body_size 75M;
 +
    location / {
 +
        include proxy_params;
 +
        proxy_pass http://unix:/var/www/CTFd/app.sock;
 +
    }
 +
}
 +
 +
# Contoh
 +
server {
 +
    listen 80;
 +
    server_name ctf.itts.ac.id 192.168.0.142;
 +
    client_max_body_size 75M;
 +
    location / {
 +
        include proxy_params;
 +
        proxy_pass http://unix:/var/www/CTFd/app.sock;
 +
    }
 +
}
 +
 +
 +
 +
 +
# Link config file
 +
sudo ln -s /etc/nginx/sites-available/ctfd /etc/nginx/sites-enabled
 +
 +
# Remove defaults
 +
sudo rm /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
 +
 +
# Test nginx configuration
 +
sudo nginx -t
 +
 +
# Restart nginx if test wasw good
 +
sudo systemctl restart nginx
 +
 +
# For troubleshooting
 +
tail /var/log/CTFd/CTFd/logs/access.log
 +
tail /var/log/CTFd/CTFd/logs/error.log
 +
 +
 +
# SSL Certs
 +
sudo add-apt-repository ppa:certbot/certbot
 +
sudo apt install python-certbot-nginx
 +
 +
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com youremail@domain.com
 +
 +
# certificate locations
 +
/etc/letsencrypt/live/yourdomain.com/fullchain.pem
 +
/etc/letsencrypt/live/yourdomain.com/privkey.pem
 +
 +
# renew certificates
 +
certbot renew
  
 
==Referensi==
 
==Referensi==
  
 
* https://nopresearcher.github.io/Deploying-CTFd/
 
* https://nopresearcher.github.io/Deploying-CTFd/

Latest revision as of 11:28, 29 January 2023

Sumber: https://nopresearcher.github.io/Deploying-CTFd/

Spec:

  • VirtualBox
  • Ubuntu 22.04
  • Memory 3G
  • Core 2


Basic

sudo su
apt update
apt install net-tools

Setup user ctfd

# setup user ctfd
adduser ctfd  # masukan password
usermod -aG sudo ctfd

Aktifkan firewall,

# UFW Firewall
ufw allow openssh
ufw allow http
ufw allow https
ufw enable

Install python & apps pendukung

apt update
apt upgrade -y   # optional

apt install -y python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools nginx git
pip3 install pipenv


Install CTFd

# install CTFd
cd /var/www
git clone https://github.com/CTFd/CTFd.git

su ctfd
sudo chown -R ctfd:www-data /var/www/CTFd
cd /var/www/CTFd

# Create a pipenv to run CTFd in
pipenv install --python 3
pipenv shell
./prepare.sh

Testing

sudo ufw allow 5000
gunicorn --bind 0.0.0.0:5000 'CTFd:create_app()'

Browse

http://www.yourdomain.com:5000
http://192.168.0.142:5000/setup


Setup enviroment

Contoh

  • single core
  • worker 3
  • keep-alive 2
# identify the pipenv virtual environment for use in unit file
pipenv --venv
/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf

Edit ctfd.service

# Create unit file
sudo vim /etc/systemd/system/ctfd.service

[Unit]
Description=Gunicorn instance to serve ctfd
After=network.target

[Service]
User=ctfd
Group=www-data
WorkingDirectory=/var/www/CTFd
Environment="PATH=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin"
ExecStart=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin/gunicorn --bind unix:app.sock --keep-alive 2 
--workers 3 --worker-class gevent 'CTFd:create_app()' --access-logfile '/var/log/CTFd/CTFd/logs/access.log' 
--error-logfile '/var/log/CTFd/CTFd/logs/error.log'

[Install]
WantedBy=multi-user.target


Operasional

# Create log directories
sudo mkdir -p /var/log/CTFd/CTFd/logs/
sudo chown -R ctfd:www-data /var/log/CTFd/CTFd/logs/

# Start CTFd service
sudo systemctl enable ctfd
sudo systemctl start ctfd
sudo systemctl status ctfd

# Create nginx site, let's encrypt will handle the https later
sudo vim /etc/nginx/sites-available/ctfd

# Nginx config
# the client_max_body_size enables file uploads over the default of 1MB
server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com your.ip.add.ress;
    client_max_body_size 75M;
    location / {
        include proxy_params;
        proxy_pass http://unix:/var/www/CTFd/app.sock; 
    }
}
# Contoh
server {
    listen 80;
    server_name ctf.itts.ac.id 192.168.0.142;
    client_max_body_size 75M;
    location / {
        include proxy_params;
        proxy_pass http://unix:/var/www/CTFd/app.sock; 
    }
}



# Link config file
sudo ln -s /etc/nginx/sites-available/ctfd /etc/nginx/sites-enabled

# Remove defaults
sudo rm /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default

# Test nginx configuration
sudo nginx -t

# Restart nginx if test wasw good
sudo systemctl restart nginx

# For troubleshooting
tail /var/log/CTFd/CTFd/logs/access.log
tail /var/log/CTFd/CTFd/logs/error.log


# SSL Certs
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com youremail@domain.com

# certificate locations
/etc/letsencrypt/live/yourdomain.com/fullchain.pem
/etc/letsencrypt/live/yourdomain.com/privkey.pem

# renew certificates
certbot renew

Referensi