前言 本文藉鑒文章:https://www.yuque.com/dengfenglai-esbap/kb/mc4k41?#xOxNG 在此基礎上修改了一點(照著原來的做沒成功),感謝這位師傅給的資源。 1、環境準備 1、主機:伺服器CentOs7 2、Docker版本:20.10.2 3、Docke ...
前言
本文藉鑒文章:https://www.yuque.com/dengfenglai-esbap/kb/mc4k41?#xOxNG
在此基礎上修改了一點(照著原來的做沒成功),感謝這位師傅給的資源。
1、環境準備
1、主機:伺服器CentOs7
2、Docker版本:20.10.2
3、Docker-compose版本:1.25.0
4、IP地址:公網地址或虛擬機地址
2、系統環境搭建
1、更新yum源
yum update
2、安裝系統所需服務
yum install -y git nginx mariadb mariadb-server Mysql-python python-pip gcc python-devel yum-utils device-mapper-persistent-data lvm2 epel-release
3、安裝docker
# 換源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安裝docker
yum -y install docker-ce-17.12.1.ce
4、DaoClould配置鏡像源加速
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
5、檢查是否安裝成功
docker --version
6、安裝docker-compose
# 下載docker compose
curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
# 添加可執行許可權
chmod +x /usr/local/bin/docker-compose
# 將文件copy到 /usr/bin/目錄下
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
# 查看版本
docker-compose --version
3、靶場環境搭建
1、下載CTFd
git clone https://github.com/glzjin/CTFd.git
2、下載frp
wget https://github.com/fatedier/frp/releases/download/v0.29.0/frp_0.29.0_linux_amd64.tar.gz
# 解壓
tar -zxvf frp_0.29.0_linux_amd64.tar.gz
3、下載ctfd-whale插件
git clone https://github.com/glzjin/CTFd-Whale.git
# 重命名為小寫
mv CTFd-Whale/ ctfd-whale
4、下載docker版本的frps
git clone https://github.com/glzjin/Frp-Docker-For-CTFd-Whale
# 重命名為小寫
mv Frp-Docker-For-CTFd-Whale/ frp-docker-for-ctfd-whale
4、CTFd環境配置
1、初始化docker集群
docker swarm init
2、加入節點
docker node update --label-add='name=linux-1' $(docker node ls -q)
3、將ctfd-whale放入CTFd的插件目錄
mv ctfd-whale/ CTFd/CTFd/plugins/
4、啟動docker版本的frps及frps配置
cd frp-docker-for-whale/frp
vim frps.ini
進入之後,看到
[common]
bind_port = 6490
token = randomme
可將token進行修改,埠一般採用預設埠。
5、修改完成後返回目錄啟動
cd ..
docker-compose up -d
等待構建完成,用docker ps -a查看是否正在運行
6、將frpc文件移動到CTFd中
cd CTFd/
mkdir frpc
進入frpc的目錄(frp_0.29.0_linux_amd64)將裡面的frpc,frpc.ini,frpc_full.ini,LICENSE這四個文件放在CTFd/frpc文件夾中
cd ../frp_0.29.0_linux_amd64
mv frpc.ini ../CTFd/frpc/
mv frpc_full.ini ../CTFd/frpc/
mv frpc ../CTFd/frpc/
mv LICENSE ../CTFd/frpc/
7、進入剛剛新建的CTFd/fprc目錄,配置frpc.ini文件
[common]
token = randomme
server_addr = 172.1.0.4
server_port = 6490
pool_count = 200
tls_enable = true
admin_addr = 172.1.0.3
admin_port = 7400
!除了token其他的務必和上面一摸一樣
8、配置Dockerfile(這邊做了一點修改)
FROM python:3.6-alpine
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories &&\
apk update && \
apk add python3 python3-dev linux-headers libffi-dev gcc make musl-dev py-pip mysql-client git openssl-dev g++
RUN adduser -D -u 1001 -s /bin/bash ctfd
WORKDIR /opt/CTFd
RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads
RUN python -m pip install --upgrade pip setuptools wheel -i https://pypi.doubanio.com/simple
RUN pip3 config set global.index-url https://pypi.doubanio.com/simple
RUN pip3 config set install.trusted-host pypi.doubanio.com
COPY requirements.txt .
RUN pip install -r requirements.txt -i https://pypi.doubanio.com/simple
COPY . /opt/CTFd
RUN for d in CTFd/plugins/*; do \
if [ -f "$d/requirements.txt" ]; then \
pip install -r $d/requirements.txt -i https://pypi.doubanio.com/simple; \
fi; \
done;
RUN chmod +x /opt/CTFd/docker-entrypoint.sh
RUN chown -R 1001:1001 /opt/CTFd
RUN chown -R 1001:1001 /var/log/CTFd /var/uploads
USER 1001
EXPOSE 8000
ENTRYPOINT ["/opt/CTFd/docker-entrypoint.sh"]
在原有的基礎上加上了一行:
RUN python -m pip install --upgrade pip setuptools wheel -i https://pypi.doubanio.com/simple
9、配置docker-compose.yml
version: '2.2'
services:
ctfd-nginx:
image: nginx:1.17
volumes:
- ./nginx/http.conf:/etc/nginx/nginx.conf
user: root
restart: always
ports:
- "443:443"
networks:
default:
internal:
depends_on:
- ctfd
cpus: '1.00'
mem_limit: 150M
ctfd:
build: .
user: root
restart: always
ports:
- "8000:8000"
environment:
- UPLOAD_FOLDER=/var/uploads
- DATABASE_URL=mysql+pymysql://root:ctfd@db/ctfd
- REDIS_URL=redis://cache:6379
- WORKERS=1
- LOG_FOLDER=/var/log/CTFd
- ACCESS_LOG=-
- ERROR_LOG=-
- REVERSE_PROXY=true
volumes:
- .data/CTFd/logs:/var/log/CTFd
- .data/CTFd/uploads:/var/uploads
- .:/opt/CTFd:ro
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- db
networks:
default:
internal:
frp:
ipv4_address: 172.1.0.2
cpus: '1.00'
mem_limit: 450M
db:
image: mariadb:10.4
restart: always
environment:
- MYSQL_ROOT_PASSWORD=ctfd
- MYSQL_USER=ctfd
- MYSQL_PASSWORD=ctfd
volumes:
- .data/mysql:/var/lib/mysql
networks:
internal:
command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]
cpus: '1.00'
mem_limit: 750M
cache:
image: redis:4
restart: always
volumes:
- .data/redis:/data
networks:
internal:
cpus: '1.00'
mem_limit: 450M
frpc:
image: glzjin/frp:latest
restart: always
volumes:
- ./frpc:/conf/
entrypoint:
- /usr/local/bin/frpc
- -c
- /conf/frpc.ini
networks:
frp:
ipv4_address: 172.1.0.3
frp-containers:
cpus: '1.00'
mem_limit: 250M
networks:
default:
internal:
internal: true
frp:
driver: bridge
ipam:
config:
- subnet: 172.1.0.0/16
frp-containers:
driver: overlay
internal: true
ipam:
config:
- subnet: 172.2.0.0/16
10、配置requirements.txt(這邊我也做了點修改)
Flask==1.1.1
Werkzeug==0.16.0
Flask-SQLAlchemy==2.4.1
Flask-Caching==1.4.0
Flask-Migrate==2.5.2
Flask-Script==2.0.6
SQLAlchemy==1.3.11
SQLAlchemy-Utils==0.36.0
passlib==1.7.2
bcrypt==3.1.7
six==1.13.0
itsdangerous==1.1.0
requests>=2.20.0
PyMySQL==0.9.3
gunicorn==19.9.0
normality==2.0.0
dataset==1.1.2
mistune==0.8.4
netaddr==0.7.19
redis==3.3.11
datafreeze
python-dotenv==0.10.3
flask-restplus==0.13.0
pathlib2==2.3.5
flask-marshmallow==0.10.1
marshmallow-sqlalchemy==0.17.0
boto3==1.10.39
marshmallow==2.20.2
gevent==1.4.0
tzlocal==2.1
去掉了datafreeze的版本限制。
11、配置nginx
在CTFd的目錄下,新建一個文件夾併進入
mkdir nginx
cd nginx
創建http.conf
worker_processes 4;
events {
worker_connections 1024;
}
http {
# Configuration containing list of application servers
upstream app_servers {
server ctfd:8000;
}
server {
listen 80;
client_max_body_size 4G;
# Handle Server Sent Events for Notifications
location /events {
proxy_pass http://app_servers;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
# Proxy connections to the application servers
location / {
proxy_pass http://app_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
12、開始構建
在CTFd文件夾下開始構建鏡像和容器
cd CTFd/
docker-compose up -d
不出意外的話,可以看到
13、查看容器的運行狀態
docker ps -a
可以看到
所有容器均啟動成功
14、訪問
瀏覽器中訪問ip:8000即可打開
