Difference between revisions of "CTF: Instalasi CTFd di Ubuntu 22.04"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (→Basic) |
Onnowpurbo (talk | contribs) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 52: | Line 52: | ||
./prepare.sh | ./prepare.sh | ||
− | Testing | + | ==Testing== |
sudo ufw allow 5000 | sudo ufw allow 5000 | ||
gunicorn --bind 0.0.0.0:5000 'CTFd:create_app()' | gunicorn --bind 0.0.0.0:5000 'CTFd:create_app()' | ||
+ | |||
+ | Browse | ||
+ | |||
http://www.yourdomain.com:5000 | http://www.yourdomain.com:5000 | ||
+ | http://192.168.0.142:5000/setup | ||
+ | |||
− | Setup enviroment | + | ==Setup enviroment== |
+ | |||
+ | Contoh | ||
* single core | * single core | ||
* worker 3 | * worker 3 | ||
Line 67: | Line 74: | ||
/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf | /home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf | ||
+ | Edit ctfd.service | ||
+ | |||
# Create unit file | # Create unit file | ||
sudo vim /etc/systemd/system/ctfd.service | sudo vim /etc/systemd/system/ctfd.service | ||
Line 85: | Line 94: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
+ | |||
+ | |||
+ | ==Operasional== | ||
+ | |||
+ | # Create log directories | ||
+ | sudo mkdir -p /var/log/CTFd/CTFd/logs/ | ||
+ | sudo chown -R ctfd:www-data /var/log/CTFd/CTFd/logs/ | ||
+ | |||
+ | # Start CTFd service | ||
+ | sudo systemctl enable ctfd | ||
+ | sudo systemctl start ctfd | ||
+ | sudo systemctl status ctfd | ||
+ | |||
+ | # Create nginx site, let's encrypt will handle the https later | ||
+ | sudo vim /etc/nginx/sites-available/ctfd | ||
+ | |||
+ | # Nginx config | ||
+ | # the client_max_body_size enables file uploads over the default of 1MB | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name yourdomain.com www.yourdomain.com your.ip.add.ress; | ||
+ | client_max_body_size 75M; | ||
+ | location / { | ||
+ | include proxy_params; | ||
+ | proxy_pass http://unix:/var/www/CTFd/app.sock; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Contoh | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name ctf.itts.ac.id 192.168.0.142; | ||
+ | client_max_body_size 75M; | ||
+ | location / { | ||
+ | include proxy_params; | ||
+ | proxy_pass http://unix:/var/www/CTFd/app.sock; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | # Link config file | ||
+ | sudo ln -s /etc/nginx/sites-available/ctfd /etc/nginx/sites-enabled | ||
+ | |||
+ | # Remove defaults | ||
+ | sudo rm /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default | ||
+ | |||
+ | # Test nginx configuration | ||
+ | sudo nginx -t | ||
+ | |||
+ | # Restart nginx if test wasw good | ||
+ | sudo systemctl restart nginx | ||
+ | |||
+ | # For troubleshooting | ||
+ | tail /var/log/CTFd/CTFd/logs/access.log | ||
+ | tail /var/log/CTFd/CTFd/logs/error.log | ||
+ | |||
+ | |||
+ | # SSL Certs | ||
+ | sudo add-apt-repository ppa:certbot/certbot | ||
+ | sudo apt install python-certbot-nginx | ||
+ | |||
+ | sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com youremail@domain.com | ||
+ | |||
+ | # certificate locations | ||
+ | /etc/letsencrypt/live/yourdomain.com/fullchain.pem | ||
+ | /etc/letsencrypt/live/yourdomain.com/privkey.pem | ||
+ | |||
+ | # renew certificates | ||
+ | certbot renew | ||
==Referensi== | ==Referensi== | ||
* https://nopresearcher.github.io/Deploying-CTFd/ | * https://nopresearcher.github.io/Deploying-CTFd/ |
Latest revision as of 11:28, 29 January 2023
Sumber: https://nopresearcher.github.io/Deploying-CTFd/
Spec:
- VirtualBox
- Ubuntu 22.04
- Memory 3G
- Core 2
Basic
sudo su apt update apt install net-tools
Setup user ctfd
# setup user ctfd adduser ctfd # masukan password usermod -aG sudo ctfd
Aktifkan firewall,
# UFW Firewall ufw allow openssh ufw allow http ufw allow https ufw enable
Install python & apps pendukung
apt update apt upgrade -y # optional apt install -y python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools nginx git pip3 install pipenv
Install CTFd
# install CTFd cd /var/www git clone https://github.com/CTFd/CTFd.git su ctfd sudo chown -R ctfd:www-data /var/www/CTFd cd /var/www/CTFd # Create a pipenv to run CTFd in pipenv install --python 3 pipenv shell ./prepare.sh
Testing
sudo ufw allow 5000 gunicorn --bind 0.0.0.0:5000 'CTFd:create_app()'
Browse
http://www.yourdomain.com:5000 http://192.168.0.142:5000/setup
Setup enviroment
Contoh
- single core
- worker 3
- keep-alive 2
# identify the pipenv virtual environment for use in unit file pipenv --venv /home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf
Edit ctfd.service
# Create unit file sudo vim /etc/systemd/system/ctfd.service [Unit] Description=Gunicorn instance to serve ctfd After=network.target [Service] User=ctfd Group=www-data WorkingDirectory=/var/www/CTFd Environment="PATH=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin" ExecStart=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin/gunicorn --bind unix:app.sock --keep-alive 2 --workers 3 --worker-class gevent 'CTFd:create_app()' --access-logfile '/var/log/CTFd/CTFd/logs/access.log' --error-logfile '/var/log/CTFd/CTFd/logs/error.log' [Install] WantedBy=multi-user.target
Operasional
# Create log directories sudo mkdir -p /var/log/CTFd/CTFd/logs/ sudo chown -R ctfd:www-data /var/log/CTFd/CTFd/logs/ # Start CTFd service sudo systemctl enable ctfd sudo systemctl start ctfd sudo systemctl status ctfd # Create nginx site, let's encrypt will handle the https later sudo vim /etc/nginx/sites-available/ctfd # Nginx config # the client_max_body_size enables file uploads over the default of 1MB server { listen 80; server_name yourdomain.com www.yourdomain.com your.ip.add.ress; client_max_body_size 75M; location / { include proxy_params; proxy_pass http://unix:/var/www/CTFd/app.sock; } }
# Contoh server { listen 80; server_name ctf.itts.ac.id 192.168.0.142; client_max_body_size 75M; location / { include proxy_params; proxy_pass http://unix:/var/www/CTFd/app.sock; } }
# Link config file sudo ln -s /etc/nginx/sites-available/ctfd /etc/nginx/sites-enabled # Remove defaults sudo rm /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default # Test nginx configuration sudo nginx -t # Restart nginx if test wasw good sudo systemctl restart nginx # For troubleshooting tail /var/log/CTFd/CTFd/logs/access.log tail /var/log/CTFd/CTFd/logs/error.log # SSL Certs sudo add-apt-repository ppa:certbot/certbot sudo apt install python-certbot-nginx sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com youremail@domain.com # certificate locations /etc/letsencrypt/live/yourdomain.com/fullchain.pem /etc/letsencrypt/live/yourdomain.com/privkey.pem # renew certificates certbot renew