最近学校要举办ctf比赛,要搭建一个ctf的平台,ctfd是个不错的选择,是用flask框架写的。

搭建环境:

1
2
3
4
5
Ubuntu18.04.2
mysql 5.7.25
python 2.7.15
Apache 2.4.29
nginx 1.14.0

科学上网(可忽略)
ubuntu安装ssr客户端教程

ctfd

0x1安装Flask

1
python2 -m pip install Flask

0x2下载ctfd

1
git clone https://github.com/CTFd/CTFd.git

0x3安装ctfd

1
2
3

cd CTFd
./prepare.sh

0x4连接mysql数据库

0x4.1安装mysql

1
2
3
1. sudo apt install mysql-server
2. apt install mysql-client
3. sudo apt install libmysqlclient-dev

数据库用户登录和修改问题
参考此链接:https://www.jianshu.com/p/161f612a971c
0x4.2安装pymysql模块

1
python2 -m pip install pymysql

0x4.3在mysql中创建ctf数据库

1
mysql> create database ctfd;

修改一下数据库表的编码为utf-8
要不后台管理会无法输入中文

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
USE ctfd;
ALTER TABLE alembic_version CONVERT TO CHARACTER SET utf8;
ALTER TABLE awards CONVERT TO CHARACTER SET utf8;
ALTER TABLE challenges CONVERT TO CHARACTER SET utf8;
ALTER TABLE config CONVERT TO CHARACTER SET utf8;
ALTER TABLE dynamic_challenge CONVERT TO CHARACTER SET utf8;
ALTER TABLE files CONVERT TO CHARACTER SET utf8;
ALTER TABLE flags CONVERT TO CHARACTER SET utf8;
ALTER TABLE hints CONVERT TO CHARACTER SET utf8;
ALTER TABLE notifications CONVERT TO CHARACTER SET utf8;
ALTER TABLE pages CONVERT TO CHARACTER SET utf8;
ALTER TABLE solves CONVERT TO CHARACTER SET utf8;
ALTER TABLE submissions CONVERT TO CHARACTER SET utf8;
ALTER TABLE tags CONVERT TO CHARACTER SET utf8;
ALTER TABLE teams CONVERT TO CHARACTER SET utf8;
ALTER TABLE tracking CONVERT TO CHARACTER SET utf8;
ALTER TABLE unlocks CONVERT TO CHARACTER SET utf8;
ALTER TABLE users CONVERT TO CHARACTER SET utf8;

允许远程访问

1
2
3
4
5
6
use mysql;
mysql> update user set `host` = '%' where `user` = 'root' LIMIT 1;
#如果已分配过,该步骤可跳过
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root密码' WITH GRANT OPTION;
mysql> flush privileges;
mysql> select host,user from user;

修改mysqld.cnf

1
2
3
 vim /etc/mysql/mysql.conf.d/mysqld.cnf

bind-address = 127.0.0.1注释掉(即在行首加#)

重启myqsl

1
service mysql restart

导入外部的数据库(忽略)

1
2
3
创建数据库:create database js;
选择数据库:use js;
导入mysql文件:source sql文件的详细地址

0x4.4在CTFd根目录下CTFd/config.py中
修改数据库配置:

1
2
#DATABASE_URL = os.getenv('DATABASE_URL') or 'sqlite:///{}/ctfd.db'.format(os.path.dirname(os.path.abspath(__file__)))
DATABASE_URL = 'mysql+pymysql://数据库用户:密码@localhost:3306/ctfd'

0x5本地运行

1
sudo pythons server.py

访问

1
127.0.0.1:4000

此时只能在本地上访问。

0x6让外网访问

安装gunicorn并运行CTFd

1
sudo python2 -m pip install gunicorn

进入 CTFd项目目录运行如下命令

1
sudo gunicorn --bind 0.0.0.0:8080 -w 1 "CTFd:create_app()"

将网站映射到8080端口,外网访问

0x5和0x6的运行方式测试一下玩玩还ok,多人的话就选择apache或nginx,服务器配置高的话就选择apache搭建(此处的apache搭建没成功),配置低的话选择nginx较好。

mod_wsgi+apache 搭建

安装apache

1
sudo apt install apache2

0x1安装mod_swigi

1
2
apt-get install libapache2-mod-wsgi
python2 -m pip install mod_wsgi

如果出现apxs的错误,运行如下命令

1
sudo apt install apache2-dev

要验证安装是否成功,请使用start-server命令运行mod_wsgi-express脚本

1
mod_wsgi-express start-server

0x2修改wsgi.py文件
在CFTd/wsgi.py

1
2
3
4
5
import sys
sys.path.insert(0, '/var/www/CTFd')

from CTFd import create_app
application = create_app()

0x3新建站点文件
详细知识可看apache的站点文件配置
/etc/apache2/sites-available中新建一个ctfd.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<VirtualHost *:80>

DocumentRoot /var/www/html/CTFd
ErrorLog /var/www/html/CTFd/log/error.log
CustomLog /var/www/html/CTFd/log/access.log combined
WSGIDaemonProcess CTFd python-path=/www/var/CTFd user=www-data group=www-data threads=5
WSGIScriptAlias / /var/www/html/CTFd/wsgi.py
<Directory /var/www/html/CTFd/>
WSGIProcessGroup CTFd
WSGIApplicationGroup %{GLOBAL}
#Order deny,allow
#AllowOverride AllRequire all granted
Require all granted
#Allow from all
</Directory>

</VirtualHost>

配置参数信息详细可看
Apache配置文件httpd.conf详解
建立软连接到sites-enabled

1
ln -s /etc/apache2/sites-available/ctfd.conf /etc/apache2/sites-enabled/ctfd.conf

重启apache2

1
/etc/init.d/apache2 restart

还是有点搭建不成功,留着以后思考

nginx+uwsgi搭建

0x1修改wsgi.py文件
在CFTd/wsgi.py

1
2
3
4
5
import sys
sys.path.insert(0, '/var/www/CTFd')

from CTFd import create_app
application = create_app()

0x2 uwsgi

1
2
pip install uwsgi 
apt install uwsgi

/etc/uwsgi/apps-available 新建uwsgi.ini文件

1
2
/etc/uwsgi/apps-available
touch uwsgi.ini

配置uwsgi.int文件内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[uwsgi]
# Where you've put CTFD
chdir = /var/www/CTFd/
#项目文件位置
# If SCRIPT_ROOT is not /
#mount = /ctf=wsgi.py
# SCRIPT_ROOT is /
mount = /="CTFd:create_app()"

# You shouldn't need to change anything past here
plugin = python
module = wsgi
socket= /tmp/uwsgi.sock
chmod-socket = 666
master=true
processes = 400
threads = 10
max-requests = 100
enable-threads = true
vacuum = true
mod-socket = 666
manage-script-name = true
wsgi-file = wsgi.py
callable = application
#具体看wsgi.py中的application = create_app()


die-on-term = true

# If you're not on debian/ubuntu, replace with uid/gid of web user
#socket=/tmp/uwsgi.sock
uid = www-data
gid = www-data
daemonize=/var/log/uwsgi/ctfd.log

建立软连接到apps-enabled/下

1
ln -s /etc/uwsgi/apps-available/uwsgi.ini /etc/uwsgi/apps-enabled/uwsgi.ini

在apps-enabled/下运行

1
uwsgi -d --ini /etc/uwsgi/apps-enabled/uwsgi.ini

CTFd目录用户权限赋值

1
chown -R www-data:www-data CTFd/

如果遇到权限问题
可以看此文章:http://www.voidcn.com/article/p-xohpfusg-bsw.html

如果要杀掉uwsgi进程的命令

1
2
3
4
#通过ps,查看uwsgi相关进程
ps aux|grep uwsgi
#kill pid会发送SIGTERM,只会导致重启,而不是结束掉。需要发送SIGINT或SIGQUIT,对应着是INT才可以
killall -s INT /usr/local/bin/uwsgi

0x3 修改nginx配置文件
修改/etc/ngingx/sites-avaliable下的default文件为

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/CTFd;
# 自行修改项目位置
index index.html index.htm
server_name 120.79.24.186;
location / { try_files $uri @yourapplication; }
location @yourapplication {
#try_files $uri $uri/ =404;
root /var/www/CTFd;
include uwsgi_params;
uwsgi_pass unix:/tmp/uwsgi.sock;
}
location /static {
root /var/www/CTfd/CTFd/themes/core/static/;
}
}

nginx详细的配置文件信息可看
nginx服务器安装及配置文件详解
参考教程:
CTFd搭建CTF平台
http://www.ifuryst.com/archives/CTFd.html
mod_wsgi (Apache)
https://dormousehole.readthedocs.io/en/latest/deploying/mod_wsgi.html
官方搭建教程 https://github.com/CTFd/CTFd/wiki/Getting-Started
ctfd(flask+nginx+redis)搭建日记
https://blog.csdn.net/weixin_41073695/article/details/86697749