CTFd

CTFd是一款开源的CTF比赛平台，GitHub

搭建

环境配置

Git（可选）

Git官网下载或通过命令行安装

以Ubuntu为例

1 2	sudo apt-get update sudo apt-get install git

Docker

Docker Docs

Install Docker Engine

按照官方文档指导进行安装

以Ubuntu为例

卸载系统中Docker相关依赖

for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

设置Docker源仓库

# 安装Docker仓库GPG密钥
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# 添加APT源仓库
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

安装Docker

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
测试Docker

sudo docker run hello-world

下载CTFd

从Git下载

使用命令git clone https://github.com/CTFd/CTFd进行下载
使用命令cd CTFd进入CTFd目录

从Release下载

以Ubuntu为例

进入CTFd的Release页Release
找到对应版本，点击Sourse Code或命令行下载wget <URL>

使用unzip或tar进行解压

# zip
unzip <version>.zip
# tar
tar -zxvf <version>.tar.gz

进入CTFd目录cd CTFd-<version>

启动CTFd

首次启动

首次启动时为方便查看错误，在前台启动，使用Docker命令sudo docker compose up启动

更新插件后启动

更新插件后为方便调试，在前台启动，使用Docker命令sudo docker compose up --build启动

后台启动

使用Docker命令sudo docker compose up -d启动

访问CTFd

启动后CTFd默认端口8000，Nginx代理端口80，访问时直接使用IP访问

配置

Docker Compose配置

文件位于CTFd/docker-compose.yml

version: '2' # docker-compose版本

services: # 服务列表
  ctfd: # ctfd
    build: . # 构建目录
    user: root # 运行用户
    restart: always # 自动重启
    ports: # 端口映射关系
      - "8000:8000" # 默认端口8000映射到8000
    environment: # 环境变量
      - UPLOAD_FOLDER=/var/uploads # 上传目录
      - DATABASE_URL=mysql+pymysql://ctfd:ctfd@db/ctfd # 数据库地址
      - REDIS_URL=redis://cache:6379 # 缓存地址
      - WORKERS=1 # 工作数
      - LOG_FOLDER=/var/log/CTFd # 日志目录
      - ACCESS_LOG=- # 访问日志
      - ERROR_LOG=- # 错误日志
      - REVERSE_PROXY=true # 反向代理
    volumes: # 卷映射
      - .data/CTFd/logs:/var/log/CTFd # 日志目录
      - .data/CTFd/uploads:/var/uploads # 上传目录
      - .:/opt/CTFd:ro # ctfd目录
    depends_on: # 依赖容器
      - db # 数据库启动后启动
    networks: # 网络信息
        default: # 默认网络
        internal: # 内部网络

  nginx: # 反向代理
    image: nginx:stable # nginx镜像名
    restart: always # 自动重启
    volumes: # 卷映射
      - ./conf/nginx/http.conf:/etc/nginx/nginx.conf # nginx配置信息
    ports: # 端口映射
      - 80:80 # 默认端口80映射到80
    depends_on: # 依赖容器
      - ctfd # ctfd启动后启动

  db: # 数据库
    image: mariadb:10.4.12 # mariadb镜像名
    restart: always # 自动重启
    environment: # 环境变量
      - MYSQL_ROOT_PASSWORD=ctfd # 数据库root密码
      - MYSQL_USER=ctfd # 数据库用户
      - MYSQL_PASSWORD=ctfd # 数据库密码
      - MYSQL_DATABASE=ctfd # 数据库名
    volumes: # 卷映射
      - .data/mysql:/var/lib/mysql # 数据库数据文件夹
    networks: # 网络信息
        internal: # 内部网络
    # This command is required to set important mariadb defaults
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0] # 启动命令

  cache: # 缓存
    image: redis:4 # redis镜像名
    restart: always # 自动重启
    volumes: # 卷映射
    - .data/redis:/data # 缓存数据文件夹
    networks: # 网络信息
        internal: # 内部网络

networks: # 网络配置
    default: # 默认网络
    internal: # 内部网络
        internal: true # 仅内部访问

CTFd配置

文件位于CTFd/CTFd/config.ini

# CTFd Configuration File
# CTFd配置文件
#
# Use this file to configure aspects of how CTFd behaves. Additional attributes can be specified for
# plugins and other additional behavior.
#
# If a configuration item is specified but left empty, CTFd will do the following:
# 如果配置项为空，CTFd会做以下操作
#
#   1. Look for an environment variable under the same name and use that value if found
#   1. 查找同名环境变量
#   2. Use a default value specified in it's own internal configuration
#   2. 使用默认值
#   3. Use a null value (i.e. None) or empty string for the configuration value
#   3. 使用空或空字符串


[server]
# SECRET_KEY:
# 密钥
# The secret value used to creation sessions and sign strings. This should be set to a random string. In the
# interest of ease, CTFd will automatically create a secret key file for you. If you wish to add this secret key
# to your instance you should hard code this value to a random static value.
# 密钥用于创建session和签名，密钥应该是一个随机字符串，CTFd会自动创建一个密钥文件，如果你想使用密钥应该硬编码这个值
#
# You can also remove .ctfd_secret_key from the .gitignore file and commit this file into whatever repository
# you are using.
#
# http://flask.pocoo.org/docs/latest/quickstart/#sessions
SECRET_KEY =

# DATABASE_URL
# 数据库地址
# The URI that specifies the username, password, hostname, port, and database of the server
# used to hold the CTFd database.
# 地址中应该指定用户名、密码、主机名、端口和数据库名
#
# If neither this setting nor `DATABASE_HOST` is specified, CTFd will automatically create a SQLite database for you to use
# 如果这个配置和`DATABASE_HOST`都没有指定，CTFd会自动创建一个SQLite数据库
# e.g. mysql+pymysql://root:<YOUR_PASSWORD_HERE>@localhost/ctfd
DATABASE_URL =

# DATABASE_HOST
# 数据库主机
# The hostname of the database server used to hold the CTFd database.
# If `DATABASE_URL` is set, this setting will have no effect.
# 数据库主机名用于连接数据库，如果指定了`DATABASE_URL`则此配置无效
#
# This option, along with the other `DATABASE_*` options, are an alternative to specifying all connection details in the single `DATABASE_URL`.
# If neither this setting nor `DATABASE_URL` is specified, CTFd will automatically create a SQLite database for you to use.
# 这个配置和其他`DATABASE_*`配置指定`DATABASE_URL`中信息
# 如果这个配置和`DATABASE_URL`都没有指定，CTFd会自动创建一个SQLite数据库
DATABASE_HOST =

# DATABASE_PROTOCOL
# 数据库协议
# The protocol used to access the database server, if `DATABASE_HOST` is set. Defaults to `mysql+pymysql`.
# 如果设置了`DATABASE_HOST`，默认值为`mysql+pymysql`
DATABASE_PROTOCOL =

# DATABASE_USER
# 数据库用户名
# The username used to access the database server, if `DATABASE_HOST` is set. Defaults to `ctfd`.
# 如果设置了`DATABASE_HOST`，默认值为`ctfd`
DATABASE_USER =

# DATABASE_PASSWORD
# 数据库密码
# The password used to access the database server, if `DATABASE_HOST` is set.
DATABASE_PASSWORD =

# DATABASE_PORT
# 数据库端口
# The port used to access the database server, if `DATABASE_HOST` is set.
DATABASE_PORT =

# DATABASE_NAME
# 数据库名
# The name of the database to access on the database server, if `DATABASE_HOST` is set. Defaults to `ctfd`.
# 如果设置了`DATABASE_HOST`，默认值为`ctfd`
DATABASE_NAME =

# REDIS_URL
# 缓存地址
# The URL to connect to a Redis server. If neither this setting nor `REDIS_HOST` is specified,
# CTFd will use the .data folder as a filesystem cache.
# 
#
# e.g. redis://user:password@localhost:6379
# http://pythonhosted.org/Flask-Caching/#configuring-flask-caching
REDIS_URL =

# REDIS_HOST
# 缓存主机
# The hostname of the Redis server to connect to.
# If `REDIS_URL` is set, this setting will have no effect.
# 缓存主机用于连接缓存服务器，如果指定了`REDIS_URL`则此配置无效
#
# This option, along with the other `REDIS_*` options, are an alternative to specifying all connection details in the single `REDIS_URL`.
# If neither this setting nor `REDIS_URL` is specified, CTFd will use the .data folder as a filesystem cache.
# 这个配置和其他`REDIS_*`配置指定`REDIS_URL`中信息
# 如果这个配置和`REDIS_URL`都没有指定，CTFd会使用.data文件夹作为文件系统缓存
REDIS_HOST =

# REDIS_PROTOCOL
# 缓存协议
# The protocol used to access the Redis server, if `REDIS_HOST` is set. Defaults to `redis`.
# 如果设置了`REDIS_HOST`，默认值为`redis`
#
# Note that the `unix` protocol is not supported here; use `REDIS_URL` instead.
# 注意`unix`在这里不支持，请使用`REDIS_URL`
REDIS_PROTOCOL =

# REDIS_USER
# 缓存用户名
# The username used to access the Redis server, if `REDIS_HOST` is set.
REDIS_USER =

# REDIS_PASSWORD
# 缓存密码
# The password used to access the Redis server, if `REDIS_HOST` is set.
REDIS_PASSWORD =

# REDIS_PORT
# 缓存端口
# The port used to access the Redis server, if `REDIS_HOST` is set.
REDIS_PORT =

# REDIS_DB
# 缓存数据库名
# The index of the Redis database to access, if `REDIS_HOST` is set.
REDIS_DB =

[security]
# SESSION_COOKIE_HTTPONLY
# Cookie中HttpOnly
# Controls if cookies should be set with the HttpOnly flag. Defaults to True.
# 控制cookie是否包含HttpOnly标识，默认为true
SESSION_COOKIE_HTTPONLY = true

# SESSION_COOKIE_SAMESITE
# Cookie中SameSite
# Controls the SameSite attribute on session cookies. Can be Lax or Strict.
# 控制cookie中SameSite属性，可选值为Lax或Strict
# Should be left as Lax unless the implications are well understood
# 除非充分理解其含义，否则应保留为Lax
SESSION_COOKIE_SAMESITE = Lax

# PERMANENT_SESSION_LIFETIME
# 永久Session有效期
# The lifetime of a session. The default is 604800 seconds (7 days).
# Session的有效期，默认为604800秒（7天）
PERMANENT_SESSION_LIFETIME = 604800

[email]
# MAILFROM_ADDR
# 发送邮件的地址
# The email address that emails are sent from if not overridden in the configuration panel.
# 发送邮件的地址，可以被配置面板中配置覆盖
# 
MAILFROM_ADDR =

# MAIL_SERVER
# 邮件服务器
# The mail server that emails are sent from if not overriden in the configuration panel.
# 发送邮件的服务器，可以被配置面板中配置覆盖
MAIL_SERVER =

# MAIL_PORT
# 邮件端口
# The mail port that emails are sent from if not overriden in the configuration panel.
# 邮件服务器的端口，可以被配置面板中配置覆盖
MAIL_PORT =

# MAIL_USEAUTH
# 邮件认证
# Whether or not to use username and password to authenticate to the SMTP server
# 是否使用用户名和密码进行认证，可以被配置面板中配置覆盖
MAIL_USEAUTH =

# MAIL_USERNAME
# 邮箱用户名
# The username used to authenticate to the SMTP server if MAIL_USEAUTH is defined
# 用于SMTP服务器认证的用户名，需要开启`MAIL_USEAUTH`
MAIL_USERNAME =

# MAIL_PASSWORD
# 邮箱密码
# The password used to authenticate to the SMTP server if MAIL_USEAUTH is defined
# 用于SMTP服务器认证的用户名，需要开启`MAIL_USEAUTH`
MAIL_PASSWORD =

# MAIL_TLS
# 使用TLS
# Whether to connect to the SMTP server over TLS
# 连接SMTP服务器时是否使用TLS
MAIL_TLS =

# MAIL_SSL
# 使用SSL
# Whether to connect to the SMTP server over SSL
# 连接SMTP服务器时是否使用SSL
MAIL_SSL =

# MAILSENDER_ADDR
# 发送者地址
# The email address that is responsible for the transmission of emails.
# This is very often the MAILFROM_ADDR value but can be specified if your email
# is delivered by a different domain than what's specified in your MAILFROM_ADDR.
# If this isn't specified, the MAILFROM_ADDR value is used.
# It is fairly rare to need to set this value.
# 通常使用`MAILFROM_ADDR`，邮件不通过`MAILFROM_ADDR`发送时设置此值
MAILSENDER_ADDR =

# MAILGUN_API_KEY
# Mailgun API密钥
# Mailgun API key to send email over Mailgun. As of CTFd v3, Mailgun integration is deprecated.
# Installations using the Mailgun API should migrate over to SMTP settings.
# 通过Mailgun发送邮件时的API密钥，在CTFd v3中弃用
MAILGUN_API_KEY =

# MAILGUN_BASE_URL
# Mailgun地址
# Mailgun base url to send email over Mailgun. As of CTFd v3, Mailgun integration is deprecated.
# Installations using the Mailgun API should migrate over to SMTP settings.
# Mailgun地址，在CTFd v3中弃用
MAILGUN_BASE_URL =

# MAIL_PROVIDER
# 邮件服务提供者
# Specifies the email provider that CTFd will use to send email.
# By default CTFd will automatically detect the correct email provider based on the other settings
# specified here or in the configuration panel. This setting can be used to force a specific provider.
# 指定CTFd使用的发送邮件方式，CTFd会根据配置自动确定或由配置面板设置，此设置可以强制指定提供者
MAIL_PROVIDER =

[uploads]
# UPLOAD_PROVIDER
# 上传服务提供着
# Specifies the service that CTFd should use to store files.
# Can be set to filesystem or s3
# 指定CTFd使用的存储文件方式，可使用文件系统或s3
UPLOAD_PROVIDER =

# UPLOAD_FOLDER
# 上传文件夹
# The location where files are uploaded under the filesystem uploader.
# The default destination is the CTFd/uploads folder.
# 使用文件系统时文件上传的位置，默认为CTFd/uploads
UPLOAD_FOLDER =

# AWS_ACCESS_KEY_ID
# AWS access token used to authenticate to the S3 bucket. Only used under the s3 uploader.
AWS_ACCESS_KEY_ID =

# AWS_SECRET_ACCESS_KEY
# AWS secret token used to authenticate to the S3 bucket. Only used under the s3 uploader.
AWS_SECRET_ACCESS_KEY =

# AWS_S3_BUCKET
# The unique identifier for your S3 bucket. Only used under the s3 uploader.
AWS_S3_BUCKET =

# AWS_S3_ENDPOINT_URL
# A URL pointing to a custom S3 implementation. Only used under the s3 uploader.
AWS_S3_ENDPOINT_URL =

# AWS_S3_REGION
# The aws region that hosts your bucket. Only used in the s3 uploader.
AWS_S3_REGION =

# AWS_S3_ADDRESSING_STYLE
# The S3 addressing style to use for URLs. Only used under the s3 uploader.
# Defaults to auto; can be set to virtual or path.
# See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html
AWS_S3_ADDRESSING_STYLE =

# AWS_S3_CUSTOM_DOMAIN
# A hostname that replaces the default hostname in the generated S3 download URLs. Required by some S3 providers or CDNs.
# Only used under the s3 uploader.
AWS_S3_CUSTOM_DOMAIN =

[logs]
# LOG_FOLDER
# 日志文件夹
# The location where logs are written. These are the logs for CTFd key submissions, registrations, and logins. The default location is the CTFd/logs folder.
# CTFd会记录提交、注册和登录日志，默认为CTFd/logs
LOG_FOLDER =

[optional]
# REVERSE_PROXY
# 反向代理
# Specifies whether CTFd is behind a reverse proxy or not. Set to true if using a reverse proxy like nginx.
# You can also specify a comma seperated set of numbers specifying the reverse proxy configuration settings.
# See https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/#werkzeug.middleware.proxy_fix.ProxyFix.
# For example to configure `x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1` specify `1,1,1,1,1`.
# If you specify `true` CTFd will default to the above behavior with all proxy settings set to 1.
# 指定CTFd是否在一个反向代理下，例如使用了nginx之类的反向代理，你也可以指定反向代理配置设置，用逗号隔开，例如配置`x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1`指定为`1,1,1,1,1`，指定为true时CTFd会默认所有代理设置为1
REVERSE_PROXY =

# THEME_FALLBACK
# theme回退
# Specifies whether CTFd will fallback to the default "core" theme for missing pages/content. Useful for developing themes or using incomplete themes.
# Defaults to true.
# 指定当使用的主题中缺少页面或内容时是否使用core主题补全，当开发或使用不完整主题时可用，默认为true
THEME_FALLBACK =

# TEMPLATES_AUTO_RELOAD
# 模板自动重载
# Specifies whether Flask should check for modifications to templates and reload them automatically. Defaults to true.
# 指定Flask是否应该检查模板的更改并自动重载，默认为true
TEMPLATES_AUTO_RELOAD =

# SQLALCHEMY_TRACK_MODIFICATIONS
# SQLAlchemy修改跟踪
# Automatically disabled to suppress warnings and save memory.
# You should only enable this if you need it.
# Defaults to false.
# 你应该在需要的时候开启，关闭时可以减少警告和节省内存，默认为false
SQLALCHEMY_TRACK_MODIFICATIONS =

# SWAGGER_UI
# Enable the Swagger UI endpoint at /api/v1/
# 启用Swagger UI接口
SWAGGER_UI =

# UPDATE_CHECK
# 检查更新
# Specifies whether or not CTFd will check whether or not there is a new version of CTFd. Defaults True.
# 指定CTFd是否检查新版本，默认为true
UPDATE_CHECK =

# APPLICATION_ROOT
# 应用根目录
# Specifies what path CTFd is mounted under. It can be used to run CTFd in a subdirectory.
# Example: /ctfd
# 指定CTFd挂载位置，当在一个子目录中运行CTFd时可用，例如/ctfd
APPLICATION_ROOT =

# SERVER_SENT_EVENTS
# SSE
# Specifies whether or not to enable the Server-Sent Events based Notifications system.
# Defaults to true
# 指定是否启用基于通知系统的SSE，默认为true
SERVER_SENT_EVENTS =

# HTML_SANITIZATION
# HTML净化
# Specifies whether CTFd should sanitize HTML content
# Defaults to false
# 指定CTFd是否对HTML内容净化，默认为false
HTML_SANITIZATION =

# SQLALCHEMY_MAX_OVERFLOW
# SQLAlchemy最大溢出数
# Specifies the max_overflow setting for SQLAlchemy's Engine
# https://docs.sqlalchemy.org/en/13/core/engines.html#sqlalchemy.create_engine
# https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/#configuration-keys
# 指定SQLAlchemy引擎最大溢出数设置
SQLALCHEMY_MAX_OVERFLOW =

# SQLALCHEMY_POOL_PRE_PING
# SQLAlchemy连接池Ping
# Specifies the pool_pre_ping setting for SQLAlchemy's Engine
# https://docs.sqlalchemy.org/en/13/core/engines.html#sqlalchemy.create_engine
# https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/#configuration-keys
# 指定SQLAlchemy引擎连接前Ping设置
SQLALCHEMY_POOL_PRE_PING =

# SAFE_MODE
# 安全模式
# If SAFE_MODE is enabled, CTFd will not load any plugins which may alleviate issues preventing CTFd from starting
# Defaults to false
# 开启安全模式后CTFd不会加载任何插件，这可能缓解CTFd无法启动的问题
SAFE_MODE =

[oauth]
# OAUTH_CLIENT_ID
# Register an event at https://majorleaguecyber.org/ and use the Client ID here
OAUTH_CLIENT_ID =

# OAUTH_CLIENT_ID
# Register an event at https://majorleaguecyber.org/ and use the Client Secret here
OAUTH_CLIENT_SECRET =

[extra]
# The extra section can be used to specify additional values to be loaded into CTFd's configuration
# 额外节用于指定加载进CTFd配置的附加值

Nginx配置

文件位于CTFd/conf/nginx/http.conf

worker_processes 4; # Worker数

events { # Event设置

  worker_connections 1024; # 单Worker最大连接数
}

http { # HTTP设置

  # Configuration containing list of application servers
  # 包含应用程序服务器列表配置
  upstream app_servers { # 上游服务器组

    server ctfd:8000; # 服务器地址
  }

  server { # 服务组

    listen 80; # 监听端口

    gzip on; # Gzip压缩

    client_max_body_size 4G; # 客户端最大Body大小

    # Handle Server Sent Events for Notifications
    # 处理SSE通知
    location /events { # 事件URL

      proxy_pass http://app_servers; # 代理地址
      proxy_set_header Connection ''; # 代理请求头设置
      proxy_http_version 1.1; # 代理HTTP版本
      chunked_transfer_encoding off; # 关闭分块编码
      proxy_buffering off; # 关闭代理缓冲
      proxy_cache off; # 关闭代理缓存
      proxy_redirect off; # 关闭代理重定向
      proxy_set_header Host $host; # 代理请求头设置
      proxy_set_header X-Real-IP $remote_addr; # 代理请求头设置
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 代理请求头设置
      proxy_set_header X-Forwarded-Host $server_name; # 代理请求头设置
    }

    # Proxy connections to the application servers
    # 代理连接到应用服务器
    location / { # 应用URL

      proxy_pass http://app_servers; # 代理地址
      proxy_redirect off; # 关闭代理重定向
      proxy_set_header Host $host; # 代理请求头设置
      proxy_set_header X-Real-IP $remote_addr; # 代理请求头设置
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 代理请求头设置
      proxy_set_header X-Forwarded-Host $server_name; # 代理请求头设置
    }
  }
}