目录
CTFd的安装搭建
〇、配置
阿里云Ubuntu18.04
CTFd
docker
docker-compose
一、配置python环境
由于Ubuntu是自带python2.7和python和3.6的环境,但我们需要配置python3.7和pip3
1、安装python3.7
参考链接:
https://www.jb51.net/article/182392.htm
这个教程讲的是安装python3.8的方法,我们只需要改成3.7即可
sudo apt install python3.7
将python版本都添加到update-alternatives
$ which python3.7
/usr/bin/python3.7
$ sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.7 1
$ which python3.5
/usr/bin/python3.5
$ sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.5 2
配置 python3 默认指向 python3.8
$ sudo update-alternatives --config python3
There are 2 choices for the alternative python3 (providing /usr/bin/python3).
Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/bin/python3.5 2 auto mode
1 /usr/bin/python3.5 2 manual mode
2 /usr/bin/python3.7 1 manual mode
Press <enter> to keep the current choice[*], or type selection number: 2
选择/输入 2, 回车。
最后测试python版本
$ python3 -V
Python 3.8.2
2、安装和升级pip3
如果这个时候直接使用pip3可能会报错:
ModuleNotFoundError: No module named ‘apt_pkg‘
这个时候,我们安装pip3即可
sudo apt install python3-pip
安装完成之后,这个时候pip3的版本可能是9.0.3左右,但是我们需要20.0.0以上的版本
这个时候我们需要升级pip3
参考链接:https://blog.csdn.net/m0_38068876/article/details/108178388
python3 -m pip install --upgrade pip
注意:
二、安装docker环境
参考链接:
https://www.runoob.com/docker/ubuntu-docker-install.html
1、下载docker
使用官方安装脚本自动安装安装命令如下:
curl -fsSL https://get.docker.com | bash -s docker --mirror
Aliyun也可以使用国内 daocloud 一键安装命令:
curl -sSL https://get.daocloud.io/docker | sh
安装时可能会出现报错
这个是由于,我们安装的python3.7与Ubuntu
升级到python3.7会导致python库的引用产生混乱
- 解决方法
先选择删除
python-aptapt-get remove --purge python-apt
安装python-apt
apt-get install -f -y python-apt1
拷贝python3.6的apt-pkg*.so 名重名为python3.7的apt-pkg*.so
cd /usr/lib/python3/dist-packages/
cp apt_pkg.cpython-35m-x86_64-linux-gnu.so apt_pkg.cpython-36m-x86_64-linux-gnu.so
2、Docker 镜像加速
- 参考链接
https://www.runoob.com/docker/docker-mirror-acceleration.html
阿里云,到容器镜像服务里面
将这里所有的命令复制粘贴到shell即可
3、安装docker-compose
参考文章:
https://blog.csdn.net/pushiqiang/article/details/78682323
三、配置Frpc和Frps以及配置ctfd-whale
这个地方我也不懂哈哈哈,直接上视频和相关的文件!!!
链接:http://116.62.164.167/ctfd_file/ctfd.mp4
如果git clone慢的话,可以手动上传到根目录
链接:http://116.62.164.167/ctfd_file/frp_0.29.0_linux_amd64.tar.gz
- Dockerfile
FROM python:3.7-alpine
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories && \
apk update && \
apk add linux-headers libffi-dev gcc make musl-dev py-pip mysql-client git openssl-dev #这里注意1
RUN adduser -D -u 1001 -s /bin/bash ctfd
WORKDIR /opt/CTFd
RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads
COPY requirements.txt .
RUN apk add gcc
RUN apk add musl-dev
RUN apk add libxslt-dev
RUN apk add g++
RUN apk add make
RUN apk add libffi-dev
RUN apk add openssl-dev
RUN apk add libtool
RUN pip install -r requirements.txt -i https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple/ #这里注意2
COPY . /opt/CTFd
RUN for d in CTFd/plugins/*; do \
if [ -f "$d/requirements.txt" ]; then \
pip install -r $d/requirements.txt -i https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple/ ; \
fi; \
done; #同样注意2
RUN chmod +x /opt/CTFd/docker-entrypoint.sh
RUN chown -R 1001:1001 /opt/CTFd
RUN chown -R 1001:1001 /var/log/CTFd /var/uploads
USER 1001
EXPOSE 8000
ENTRYPOINT ["/opt/CTFd/docker-entrypoint.sh"]
- docker-compose.yml
version: '2.2'
services:
ctfd-nginx:
image: nginx:1.17
volumes:
- ./nginx/http.conf:/etc/nginx/nginx.conf #这里注意
user: root
restart: always
ports:
#- "85:80" #我将这里注释掉了,这里通过nginx转发感觉速度访问速度会变慢,可能因为我的配置问题,多次尝试之后直接开8000端口访问不会对服务造成影响
- "443:443"
networks:
default:
internal:
ipv4_address: 172.24.0.2
depends_on:
- ctfd
cpus: '1.00' #可改
mem_limit: 150M #可改
ctfd:
build: .
user: root
restart: always
ports:
- "8000:8000" #这里原本没开端口,直接打开访问网站速度会加快
environment:
- UPLOAD_FOLDER=/var/uploads
- DATABASE_URL=mysql+pymysql://root:ctfd@db/ctfd
- REDIS_URL=redis://cache:6379
- WORKERS=1
- LOG_FOLDER=/var/log/CTFd
- ACCESS_LOG=-
- ERROR_LOG=-
- REVERSE_PROXY=true
volumes:
- .data/CTFd/logs:/var/log/CTFd
- .data/CTFd/uploads:/var/uploads
- .:/opt/CTFd:ro
- /var/run/docker.sock:/var/run/docker.sock #这里是添加的
depends_on:
- db
networks:
default:
internal:
ipv4_address: 172.24.0.5
frp:
ipv4_address: 172.1.0.2
cpus: '1.00' #可改
mem_limit: 450M #可改
db:
image: mariadb:10.4
restart: always
environment:
- MYSQL_ROOT_PASSWORD=ctfd
- MYSQL_USER=ctfd
- MYSQL_PASSWORD=ctfd
volumes:
- .data/mysql:/var/lib/mysql
networks:
internal:
ipv4_address: 172.24.0.4
# This command is required to set important mariadb defaults
command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]
cpus: '1.00' #可改
mem_limit: 750M #可改
cache:
image: redis:4
restart: always
volumes:
- .data/redis:/data
networks:
internal:
ipv4_address: 172.24.0.3
cpus: '1.00' #可改
mem_limit: 450M #可改
frpc:
image: glzjin/frp:latest #赵师傅tql
restart: always
volumes:
- ./frpc:/conf/ #这里注意
entrypoint:
- /usr/local/bin/frpc
- -c
- /conf/frpc.ini
networks:
frp:
ipv4_address: 172.1.0.3 #记住此处
frp-containers:
cpus: '1.00' #可改
mem_limit: 250M #可改
networks:
default:
internal:
driver: bridge
internal: true
ipam:
config:
- subnet: 172.24.0.0/16
gateway: 172.24.0.1
frp:
driver: bridge
ipam:
config:
- subnet: 172.1.0.0/16
frp-containers:
driver: overlay
internal: true
ipam:
config:
- subnet: 172.2.0.0/16
- default.conf
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.3-fpm.sock;
# With php-cgi (or other tcp sockets):
fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
- http.conf
worker_processes 4;
events {
worker_connections 1024;
}
http {
# Configuration containing list of application servers
upstream app_servers {
server ctfd:8000;
}
server {
listen 80;
client_max_body_size 4G;
# Handle Server Sent Events for Notifications
location /events {
proxy_pass http://app_servers;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
# Proxy connections to the application servers
location / {
proxy_pass http://app_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
四、安装CTFd
参考视频:
https://www.bilibili.com/video/BV1sv411B7U4?spm_id_from=333.337.search-card.all.click
- 首先升级 apt-get
apt-get update
apt-get upgrade
- 安装git
apt install -y git
- 安装flask
pip3 install flask
- 下载CTFd的镜像(这里可以用git下载,也可手动下载)
git clone https://github.com/isislab/CTFd
- 进入CTFd目录
cd CTFd
- 安装CTFd的依赖
pip3 install -r requirements.txt
- 安装serve
python3 serve,py
这个时候可以本地访问127.0.0.1:4000就可以进入界面,
- 安装gunicorn
- 方法一、gunicorn方法
pip3 install gunicorn
- 启动外网服务:
gunicorn --bind 0.0.0.0:8000 -w 10 "CTFd:create_app()"
注意这个-w后面10这个参数是线程的数量,可大可小,根据服务器的配置而定
卡在这个地方就说明安装完成,访问设置即可。
- 方法二、利用docker(建议)
- 1、进入CTFd目录
cd
cd CTFd
- 2、修改配置文件Dockerfile
进入CTFd目录,vim Dockerfile,然后修改:
添加:
RUN pip config set global.index-url https://pypi.doubanio.com/simple
RUN pip config set install.trusted-host pypi.doubanio.com
- 3、建docker容器
docker-compose build
第一次运行会比较慢,第二次就快很多
- 4、启动docker镜像
docker-compose up -d
虽然这里报错,但是不影响,照样访问8000端口可以开网页。
这个时候就可以设置题目了。
admin可以进入后台
- 注意:这个时候是将CTFd安装到了主机上
五、上传题目
具体高级版本看赵师傅的文章:
用管理员账号登录,之后到challenge里面点击加号。
如果本地没有镜像,那么会从dockerhub上面下载到本地再进行加载
六、汉化
参考链接:
https://github.com/Gu-f/CTFd_chinese_CN/
- .从github上下载docker-compose二进制文件安装下载最新版的docker-compose文件
sudo curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
- 若是github访问太慢,可以用daocloud下载
sudo curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
- 添加可执行权限
sudo chmod +x /usr/local/bin/docker-compose
- 测试安装结果
docker-compose --version
Comments | NOTHING