Difference between revisions of "CTF: Instalasi CTFd di Ubuntu 22.04"

Sumber: https://nopresearcher.github.io/Deploying-CTFd/

Spec:

• VirtualBox
• Ubuntu 22.04
• Memory 3G
• Core 2

Basic

sudo su
apt update
apt install net-tools

Setup user ctfd

# setup user ctfd
adduser ctfd  # masukan password
usermod -aG sudo ctfd

Aktifkan firewall,

# UFW Firewall
ufw allow openssh
ufw allow http
ufw allow https
ufw enable

Install python & apps pendukung

apt update
apt upgrade -y   # optional

apt install -y python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools nginx git
pip3 install pipenv

Install CTFd

# install CTFd
cd /var/www
git clone https://github.com/CTFd/CTFd.git

su ctfd
sudo chown -R ctfd:www-data /var/www/CTFd
cd /var/www/CTFd

# Create a pipenv to run CTFd in
pipenv install --python 3
pipenv shell
./prepare.sh

Testing

sudo ufw allow 5000
gunicorn --bind 0.0.0.0:5000 'CTFd:create_app()'

Browse

http://www.yourdomain.com:5000
http://192.168.0.142:5000/setup

Setup enviroment

Contoh

• single core
• worker 3
• keep-alive 2

# identify the pipenv virtual environment for use in unit file
pipenv --venv
/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf

Edit ctfd.service

# Create unit file
sudo vim /etc/systemd/system/ctfd.service

[Unit]
Description=Gunicorn instance to serve ctfd
After=network.target

[Service]
User=ctfd
Group=www-data
WorkingDirectory=/var/www/CTFd
Environment="PATH=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin"
ExecStart=/home/ctfd/.local/share/virtualenvs/CTFd-rOJbThUf/bin/gunicorn --bind unix:app.sock --keep-alive 2 
--workers 3 --worker-class gevent 'CTFd:create_app()' --access-logfile '/var/log/CTFd/CTFd/logs/access.log' 
--error-logfile '/var/log/CTFd/CTFd/logs/error.log'

[Install]
WantedBy=multi-user.target

Operasional

# Create log directories
sudo mkdir -p /var/log/CTFd/CTFd/logs/
sudo chown -R ctfd:www-data /var/log/CTFd/CTFd/logs/

# Start CTFd service
sudo systemctl enable ctfd
sudo systemctl start ctfd
sudo systemctl status ctfd

# Create nginx site, let's encrypt will handle the https later
sudo vim /etc/nginx/sites-available/ctfd

# Nginx config
# the client_max_body_size enables file uploads over the default of 1MB
server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com your.ip.add.ress;
    client_max_body_size 75M;
    location / {
        include proxy_params;
        proxy_pass http://unix:/var/www/CTFd/app.sock; 
    }
}

# Contoh
server {
    listen 80;
    server_name ctf.itts.ac.id 192.168.0.142;
    client_max_body_size 75M;
    location / {
        include proxy_params;
        proxy_pass http://unix:/var/www/CTFd/app.sock; 
    }
}

# Link config file
sudo ln -s /etc/nginx/sites-available/ctfd /etc/nginx/sites-enabled

# Remove defaults
sudo rm /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default

# Test nginx configuration
sudo nginx -t

# Restart nginx if test wasw good
sudo systemctl restart nginx

# For troubleshooting
tail /var/log/CTFd/CTFd/logs/access.log
tail /var/log/CTFd/CTFd/logs/error.log


# SSL Certs
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com youremail@domain.com

# certificate locations
/etc/letsencrypt/live/yourdomain.com/fullchain.pem
/etc/letsencrypt/live/yourdomain.com/privkey.pem

# renew certificates
certbot renew

Referensi

• https://nopresearcher.github.io/Deploying-CTFd/