Difference between revisions of "CTF: Instalasi CTFd di Ubuntu 22.04"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 119: | Line 119: | ||
include proxy_params; | include proxy_params; | ||
proxy_pass http://unix:/var/www/CTFd/app.sock; | proxy_pass http://unix:/var/www/CTFd/app.sock; | ||
− | |||
} | } | ||
} | } | ||
Line 131: | Line 130: | ||
include proxy_params; | include proxy_params; | ||
proxy_pass http://unix:/var/www/CTFd/app.sock; | proxy_pass http://unix:/var/www/CTFd/app.sock; | ||
− | |||
} | } | ||
} | } | ||
Line 142: | Line 140: | ||
# Remove defaults | # Remove defaults | ||
− | rm /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default | + | sudo rm /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default |
# Test nginx configuration | # Test nginx configuration |
Latest revision as of 11:28, 29 January 2023
Sumber: https://nopresearcher.github.io/Deploying-CTFd/
Spec:
- VirtualBox
- Ubuntu 22.04
- Memory 3G
- Core 2
Basic
sudo su apt update apt install net-tools
Setup user ctfd
# setup user ctfd adduser ctfd # masukan password usermod -aG sudo ctfd
Aktifkan firewall,
# UFW Firewall ufw allow openssh ufw allow http ufw allow https ufw enable
Install python & apps pendukung
apt update apt upgrade -y # optional apt install -y python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools nginx git pip3 install pipenv
Install CTFd
# install CTFd cd /var/www git clone https://github.com/CTFd/CTFd.git su ctfd sudo chown -R ctfd:www-data /var/www/CTFd cd /var/www/CTFd # Create a pipenv to run CTFd in pipenv install --python 3 pipenv shell ./prepare.sh
Testing
sudo ufw allow 5000 gunicorn --bind 0.0.0.0:5000 'CTFd:create_app()'
Browse
http://www.yourdomain.com:5000 http://192.168.0.142:5000/setup
Setup enviroment
Contoh
- single core
- worker 3
- keep-alive 2
# identify the pipenv virtual environment for use in unit file pipenv --venv /home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf
Edit ctfd.service
# Create unit file sudo vim /etc/systemd/system/ctfd.service [Unit] Description=Gunicorn instance to serve ctfd After=network.target [Service] User=ctfd Group=www-data WorkingDirectory=/var/www/CTFd Environment="PATH=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin" ExecStart=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin/gunicorn --bind unix:app.sock --keep-alive 2 --workers 3 --worker-class gevent 'CTFd:create_app()' --access-logfile '/var/log/CTFd/CTFd/logs/access.log' --error-logfile '/var/log/CTFd/CTFd/logs/error.log' [Install] WantedBy=multi-user.target
Operasional
# Create log directories sudo mkdir -p /var/log/CTFd/CTFd/logs/ sudo chown -R ctfd:www-data /var/log/CTFd/CTFd/logs/ # Start CTFd service sudo systemctl enable ctfd sudo systemctl start ctfd sudo systemctl status ctfd # Create nginx site, let's encrypt will handle the https later sudo vim /etc/nginx/sites-available/ctfd # Nginx config # the client_max_body_size enables file uploads over the default of 1MB server { listen 80; server_name yourdomain.com www.yourdomain.com your.ip.add.ress; client_max_body_size 75M; location / { include proxy_params; proxy_pass http://unix:/var/www/CTFd/app.sock; } }
# Contoh server { listen 80; server_name ctf.itts.ac.id 192.168.0.142; client_max_body_size 75M; location / { include proxy_params; proxy_pass http://unix:/var/www/CTFd/app.sock; } }
# Link config file sudo ln -s /etc/nginx/sites-available/ctfd /etc/nginx/sites-enabled # Remove defaults sudo rm /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default # Test nginx configuration sudo nginx -t # Restart nginx if test wasw good sudo systemctl restart nginx # For troubleshooting tail /var/log/CTFd/CTFd/logs/access.log tail /var/log/CTFd/CTFd/logs/error.log # SSL Certs sudo add-apt-repository ppa:certbot/certbot sudo apt install python-certbot-nginx sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com youremail@domain.com # certificate locations /etc/letsencrypt/live/yourdomain.com/fullchain.pem /etc/letsencrypt/live/yourdomain.com/privkey.pem # renew certificates certbot renew