一、环境介绍
- 主机:服务器CentOs7
- Docker版本:20.10.21
- Docker-compose版本:1.25.0
- IP地址:公网地址或虚拟机地址
二、安装所需服务
yum -y install git wget yum-utils vim
三、安装docker
更换源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装最新版docker
yum -y install docker-ce
查看是否安装成功
docker --version
启动docker
四、安装docker-compose
下载docker compose
curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
添加可执行权限
chmod +x /usr/local/bin/docker-compose
将文件copy到 /usr/bin/目录下
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
查看版本
docker-compose --version
五、ctfd环境搭建
下载CTFd使用的是赵师傅的版本
git clone https://github.com/glzjin/CTFd.git
下载frp
wget https://github.com/fatedier/frp/releases/download/v0.29.0/frp_0.29.0_linux_amd64.tar.gz
解压frp
tar -zxvf frp_0.29.0_linux_amd64.tar.gz
下载ctfd-whale插件
git clone https://github.com/glzjin/CTFd-Whale.git
mv CTFd-Whale/ ctfd-whale
下载docker版本的frp
git clone https://github.com/glzjin/Frp-Docker-For-CTFd-Whale
将Frp-Docker-For-CTFd-Whale也重命名为小写
mv Frp-Docker-For-CTFd-Whale/ frp-docker-for-ctfd-whale
六、ctfd环境配置
初始化Docker集群
docker swarm init
将刚刚初始化的这个集群加入到节点当中,命令执行后,返回的就是节点ID了,暂时不用管这个节点ID。注意这个linux-1在后面的插件配置地方有,名称不能错。
docker node update --label-add='name=linux-1' $(docker node ls -q)
将ctfd-whale插件放到Ctfd的插件下面
cp ctfd-whale/ CTFd/CTFd/plugins/
七、启动docker版本的frps及frps配置
进入frp-docker-for-ctfd-whale
cd frp-docker-for-ctfd-whale/
创建容器
docker-compose up -d
查看容器状态
docker ps
将frpc传入CTFd中
进入CTFd目录创建 frpc目录
cd ../CTFd/
mkdir frpc
再进入frp_0.29.0_linux_amd64
cd ../frp_0.29.0_linux_amd64
cp frpc.ini ../CTFd/frpc/
cp frpc_full.ini ../CTFd/frpc/
cp frpc ../CTFd/frpc/
cp LICENSE ../CTFd/frpc/
进入刚刚创建的frpc
cd ../CTFd/frpc/
vim frpc.ini
替换下面的内容
[common]
token = randomme
server_addr = 172.1.0.4
server_port = 6490
pool_count = 200
tls_enable = true
admin_addr = 172.1.0.3
admin_port = 7400
返回到CTFd目录下
八、编辑Dockerfile文件
编辑Dockerfile
vim Dockerfile
写入下面的内容
FROM python:3.7-alpine
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \
apk update && \
apk add linux-headers libffi-dev gcc make musl-dev py-pip mysql-client git openssl-dev
RUN adduser -D -u 1001 -s /bin/bash ctfd
WORKDIR /opt/CTFd
RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads
COPY requirements.txt .
RUN apk add gcc
RUN apk add musl-dev
RUN apk add libxslt-dev
RUN apk add g++
RUN apk add make
RUN apk add libffi-dev
RUN apk add openssl-dev
RUN apk add libtool
RUN pip install -r requirements.txt --no-cache-dir -i http://mirrors.aliyun.com/pypi/simple --trusted-host mirrors.aliyun.com
COPY . /opt/CTFd
RUN for d in CTFd/plugins/*; do \
if [ -f "$d/requirements.txt" ]; then \
pip install -r $d/requirements.txt -i https://pypi.doubanio.com/simple; \
fi; \
done;
RUN chmod +x /opt/CTFd/docker-entrypoint.sh
RUN chown -R 1001:1001 /opt/CTFd
RUN chown -R 1001:1001 /var/log/CTFd /var/uploads
USER 1001
EXPOSE 8000
ENTRYPOINT ["/opt/CTFd/docker-entrypoint.sh"]
九、修改docker-compose.yml
删除docker-compose.yml
rm -rf docker-compose.yml
编辑docker-compose.yml
注意!:set paste 然后回车,再按i
vim docker-compose.yml
粘贴下面内容
version: '2.2'
services:
ctfd-nginx:
image: nginx:1.17
volumes:
- ./nginx/http.conf:/etc/nginx/nginx.conf #这里注意
user: root
restart: always
ports:
#- "85:80" #我将这里注释掉了,这里通过nginx转发感觉速度访问速度会变慢,可能因为我的配置问题,多次尝试之后直接开8000端口访问不会对服务造成影响
- "443:443"
networks:
default:
internal:
depends_on:
- ctfd
cpus: '1.00' #可改
mem_limit: 150M #可改
ctfd:
build: .
user: root
restart: always
ports:
- "8000:8000" #这里原本没开端口,直接打开访问网站速度会加快
environment:
- UPLOAD_FOLDER=/var/uploads
- DATABASE_URL=mysql+pymysql://root:ctfd@db/ctfd
- REDIS_URL=redis://cache:6379
- WORKERS=1
- LOG_FOLDER=/var/log/CTFd
- ACCESS_LOG=-
- ERROR_LOG=-
- REVERSE_PROXY=true
volumes:
- .data/CTFd/logs:/var/log/CTFd
- .data/CTFd/uploads:/var/uploads
- .:/opt/CTFd:ro
- /var/run/docker.sock:/var/run/docker.sock #这里是添加的
depends_on:
- db
networks:
default:
internal:
frp:
ipv4_address: 172.1.0.2
cpus: '1.00' #可改
mem_limit: 450M #可改
db:
image: mariadb:10.4
restart: always
environment:
- MYSQL_ROOT_PASSWORD=ctfd
- MYSQL_USER=ctfd
- MYSQL_PASSWORD=ctfd
volumes:
- .data/mysql:/var/lib/mysql
networks:
internal:
# This command is required to set important mariadb defaults
command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]
cpus: '1.00' #可改
mem_limit: 750M #可改
cache:
image: redis:4
restart: always
volumes:
- .data/redis:/data
networks:
internal:
cpus: '1.00' #可改
mem_limit: 450M #可改
frpc:
image: glzjin/frp:latest #赵师傅tql
restart: always
volumes:
- ./frpc:/conf/ #这里注意
entrypoint:
- /usr/local/bin/frpc
- -c
- /conf/frpc.ini
networks:
frp:
ipv4_address: 172.1.0.3 #记住此处
frp-containers:
cpus: '1.00' #可改
mem_limit: 250M #可改
networks:
default:
internal:
internal: true
frp:
driver: bridge
ipam:
config:
- subnet: 172.1.0.0/16
frp-containers:
driver: overlay
internal: true
ipam:
config:
- subnet: 172.2.0.0/16
十、修改requirements.txt
编辑requirements.txt
vim requirements.txt
直接替换就行了
Flask==1.1.1
Werkzeug==0.16.0
Flask-SQLAlchemy==2.4.1
Flask-Caching==1.4.0
Flask-Migrate==2.5.2
Flask-Script==2.0.6
SQLAlchemy==1.3.11
SQLAlchemy-Utils==0.36.0
passlib==1.7.2
bcrypt==3.1.7
six==1.13.0
itsdangerous==1.1.0
requests>=2.20.0
PyMySQL==0.9.3
gunicorn==19.9.0
normality==2.0.0
dataset==1.1.2
mistune==0.8.4
netaddr==0.7.19
redis==3.3.11
datafreeze==0.1.0
python-dotenv==0.10.3
flask-restplus==0.13.0
pathlib2==2.3.5
flask-marshmallow==0.10.1
marshmallow-sqlalchemy==0.17.0
boto3==1.10.39
marshmallow==2.20.2
jinja2==2.11.3
gevent
tzlocal==2.1
markupsafe==1.1.1
十一、nginx操作
创建nginx文件
mkdir nginx
nginx在下面新建http.conf文件
vim nginx/http.conf
将下面内容拷贝到文件中
worker_processes 4;
events {
worker_connections 1024;
}
http {
# Configuration containing list of application servers
upstream app_servers {
server ctfd:8000;
}
server {
listen 80;
client_max_body_size 4G;
# Handle Server Sent Events for Notifications
location /events {
proxy_pass http://app_servers;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
# Proxy connections to the application servers
location / {
proxy_pass http://app_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
十二、开始构建
docker-compose up -d
查看一下状态
docker ps -a
ctfd_frpc_1这个容器的状态是退出状态
docker network inspect ctfd_frp
需要将ctfd_frpc_1,frp-docker-for-ctfd-whale_frps_1这两个容器加入到ctfd_frp网络中
docker network connect --ip 172.1.0.2 ctfd_frp ctfd_ctfd_1 # 存在网络中就不用执行这条
docker network connect --ip 172.1.0.3 ctfd_frp ctfd_frpc_1
docker network connect --ip 172.1.0.4 ctfd_frp frp-docker-for-ctfd-whale_frps_1
重启这两个容器
docker restart ctfd_frpc_1 frp-docker-for-ctfd-whale_frps_1
docker network inspect ctfd_frp
查看ctfd_frpc_1日志
docker logs ctfd_frpc_1
查看frp-docker-for-ctfd-whale_frps_1日志
docker logs frp-docker-for-ctfd-whale_frps_1
十三、初始化CTFd
这里就不截图了
十四、配置ctfd-whale
十五、添加题目
十六、问题
问题一、gevent错误
gevent不指定版本
问题二、Dockerfile
问了师傅说中科大的源地址是http开头的,后来是使用阿里云的docker加速器,并没有去验证是否是因为这个。
部署阿里云的docker加速器:https://cr.console.aliyun.com/?spm=a2c6h.12873639.article-detail.6.5a033b0cSzJOib
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://xxxx.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
问题三、容器一直重启
查看docker日志
docker logs ctfd_ctfd_1根据日志寻找问题
在requirements.txt 加
对应确实的模块
重新下载需要的镜像并构建容器
docker-compose up -d --build
问题四、ctfd_frpc_1
查看CTFd/frpc/frpc.ini是否正确
[common]
token = randomme
server_addr = 172.1.0.4
server_port = 6490
pool_count = 200
tls_enable = true
admin_addr = 172.1.0.3
admin_port = 7400
参考
ctfd+CTFd-Whale环境搭建详细过程(图文)
基于docker搭建支持动态靶机的靶场
CTFd-Whale 推荐部署实践