前言
本文借鉴文章:https://www.yuque.com/dengfenglai-esbap/kb/mc4k41?#xOxNG
在此基础上修改了一点(照着原来的做没成功),感谢这位师傅给的资源。
1、环境准备
1、主机:服务器CentOs7
2、Docker版本:20.10.2
3、Docker-compose版本:1.25.0
4、IP地址:公网地址或虚拟机地址
2、系统环境搭建
1、更新yum源
yum update
2、安装系统所需服务
yum install -y git nginx mariadb mariadb-server Mysql-python python-pip gcc python-devel yum-utils device-mapper-persistent-data lvm2 epel-release
3、安装docker
# 换源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker
yum -y install docker-ce-17.12.1.ce
4、DaoClould配置镜像源加速
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
5、检查是否安装成功
docker --version
6、安装docker-compose
# 下载docker compose
curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
# 添加可执行权限
chmod +x /usr/local/bin/docker-compose
# 将文件copy到 /usr/bin/目录下
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
# 查看版本
docker-compose --version
3、靶场环境搭建
1、下载CTFd
git clone https://github.com/glzjin/CTFd.git
2、下载frp
wget https://github.com/fatedier/frp/releases/download/v0.29.0/frp_0.29.0_linux_amd64.tar.gz
# 解压
tar -zxvf frp_0.29.0_linux_amd64.tar.gz
3、下载ctfd-whale插件
git clone https://github.com/glzjin/CTFd-Whale.git
# 重命名为小写
mv CTFd-Whale/ ctfd-whale
4、下载docker版本的frps
git clone https://github.com/glzjin/Frp-Docker-For-CTFd-Whale
# 重命名为小写
mv Frp-Docker-For-CTFd-Whale/ frp-docker-for-ctfd-whale
4、CTFd环境配置
1、初始化docker集群
docker swarm init
2、加入节点
docker node update --label-add='name=linux-1' $(docker node ls -q)
3、将ctfd-whale放入CTFd的插件目录
mv ctfd-whale/ CTFd/CTFd/plugins/
4、启动docker版本的frps及frps配置
cd frp-docker-for-whale/frp
vim frps.ini
进入之后,看到
[common]
bind_port = 6490
token = randomme
可将token进行修改,端口一般采用默认端口。
5、修改完成后返回目录启动
cd ..
docker-compose up -d
等待构建完成,用docker ps -a查看是否正在运行
6、将frpc文件移动到CTFd中
cd CTFd/
mkdir frpc
进入frpc的目录(frp_0.29.0_linux_amd64)将里面的frpc,frpc.ini,frpc_full.ini,LICENSE这四个文件放在CTFd/frpc文件夹中
cd ../frp_0.29.0_linux_amd64
mv frpc.ini ../CTFd/frpc/
mv frpc_full.ini ../CTFd/frpc/
mv frpc ../CTFd/frpc/
mv LICENSE ../CTFd/frpc/
7、进入刚刚新建的CTFd/fprc目录,配置frpc.ini文件
[common]
token = randomme
server_addr = 172.1.0.4
server_port = 6490
pool_count = 200
tls_enable = true
admin_addr = 172.1.0.3
admin_port = 7400
!除了token其他的务必和上面一摸一样
8、配置Dockerfile(这边做了一点修改)
FROM python:3.6-alpine
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories &&\
apk update && \
apk add python3 python3-dev linux-headers libffi-dev gcc make musl-dev py-pip mysql-client git openssl-dev g++
RUN adduser -D -u 1001 -s /bin/bash ctfd
WORKDIR /opt/CTFd
RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads
RUN python -m pip install --upgrade pip setuptools wheel -i https://pypi.doubanio.com/simple
RUN pip3 config set global.index-url https://pypi.doubanio.com/simple
RUN pip3 config set install.trusted-host pypi.doubanio.com
COPY requirements.txt .
RUN pip install -r requirements.txt -i https://pypi.doubanio.com/simple
COPY . /opt/CTFd
RUN for d in CTFd/plugins/*; do \
if [ -f "$d/requirements.txt" ]; then \
pip install -r $d/requirements.txt -i https://pypi.doubanio.com/simple; \
fi; \
done;
RUN chmod +x /opt/CTFd/docker-entrypoint.sh
RUN chown -R 1001:1001 /opt/CTFd
RUN chown -R 1001:1001 /var/log/CTFd /var/uploads
USER 1001
EXPOSE 8000
ENTRYPOINT ["/opt/CTFd/docker-entrypoint.sh"]
在原有的基础上加上了一行:
RUN python -m pip install --upgrade pip setuptools wheel -i https://pypi.doubanio.com/simple
9、配置docker-compose.yml
version: '2.2'
services:
ctfd-nginx:
image: nginx:1.17
volumes:
- ./nginx/http.conf:/etc/nginx/nginx.conf
user: root
restart: always
ports:
- "443:443"
networks:
default:
internal:
depends_on:
- ctfd
cpus: '1.00'
mem_limit: 150M
ctfd:
build: .
user: root
restart: always
ports:
- "8000:8000"
environment:
- UPLOAD_FOLDER=/var/uploads
- DATABASE_URL=mysql+pymysql://root:ctfd@db/ctfd
- REDIS_URL=redis://cache:6379
- WORKERS=1
- LOG_FOLDER=/var/log/CTFd
- ACCESS_LOG=-
- ERROR_LOG=-
- REVERSE_PROXY=true
volumes:
- .data/CTFd/logs:/var/log/CTFd
- .data/CTFd/uploads:/var/uploads
- .:/opt/CTFd:ro
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- db
networks:
default:
internal:
frp:
ipv4_address: 172.1.0.2
cpus: '1.00'
mem_limit: 450M
db:
image: mariadb:10.4
restart: always
environment:
- MYSQL_ROOT_PASSWORD=ctfd
- MYSQL_USER=ctfd
- MYSQL_PASSWORD=ctfd
volumes:
- .data/mysql:/var/lib/mysql
networks:
internal:
command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]
cpus: '1.00'
mem_limit: 750M
cache:
image: redis:4
restart: always
volumes:
- .data/redis:/data
networks:
internal:
cpus: '1.00'
mem_limit: 450M
frpc:
image: glzjin/frp:latest
restart: always
volumes:
- ./frpc:/conf/
entrypoint:
- /usr/local/bin/frpc
- -c
- /conf/frpc.ini
networks:
frp:
ipv4_address: 172.1.0.3
frp-containers:
cpus: '1.00'
mem_limit: 250M
networks:
default:
internal:
internal: true
frp:
driver: bridge
ipam:
config:
- subnet: 172.1.0.0/16
frp-containers:
driver: overlay
internal: true
ipam:
config:
- subnet: 172.2.0.0/16
10、配置requirements.txt(这边我也做了点修改)
Flask==1.1.1
Werkzeug==0.16.0
Flask-SQLAlchemy==2.4.1
Flask-Caching==1.4.0
Flask-Migrate==2.5.2
Flask-Script==2.0.6
SQLAlchemy==1.3.11
SQLAlchemy-Utils==0.36.0
passlib==1.7.2
bcrypt==3.1.7
six==1.13.0
itsdangerous==1.1.0
requests>=2.20.0
PyMySQL==0.9.3
gunicorn==19.9.0
normality==2.0.0
dataset==1.1.2
mistune==0.8.4
netaddr==0.7.19
redis==3.3.11
datafreeze
python-dotenv==0.10.3
flask-restplus==0.13.0
pathlib2==2.3.5
flask-marshmallow==0.10.1
marshmallow-sqlalchemy==0.17.0
boto3==1.10.39
marshmallow==2.20.2
gevent==1.4.0
tzlocal==2.1
去掉了datafreeze的版本限制。
11、配置nginx
在CTFd的目录下,新建一个文件夹并进入
mkdir nginx
cd nginx
创建http.conf
worker_processes 4;
events {
worker_connections 1024;
}
http {
# Configuration containing list of application servers
upstream app_servers {
server ctfd:8000;
}
server {
listen 80;
client_max_body_size 4G;
# Handle Server Sent Events for Notifications
location /events {
proxy_pass http://app_servers;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
# Proxy connections to the application servers
location / {
proxy_pass http://app_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
12、开始构建
在CTFd文件夹下开始构建镜像和容器
cd CTFd/
docker-compose up -d
不出意外的话,可以看到
13、查看容器的运行状态
docker ps -a
可以看到
所有容器均启动成功
14、访问
浏览器中访问ip:8000即可打开
