今儿突然奇想在PVE上搭建gz::ctf给隔壁信息安全组做测试。最近真的太闲了就想折腾。
系统:Centos7.9
1、安装docker和docker-compose
# 配置阿里云仓库
$ mv /etc/yum.repos.d/* /media/
$ wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
$ wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
$ yum clean all && yum makecache
$ yum makecache fast
$ yum install -y docker-ce docker-ce-cli containerd.io
$ systemctl start docker && systemctl enable docker
# 配置镜像加速(阿里云或者华为云的镜像加速就行)
$ cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": [
"https://XXX.mirror.aliyuncs.com",
"https://XXX.mirror.swr.myhuaweicloud.com"
]
}
EOF
$ systemctl daemon-reload && systemctl restart docker
# 配置docker-compose
$ curl -SL https://get.daocloud.io/docker/compose/releases/download/v2.17.2/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
$ chmod +x /usr/local/bin/docker-compose
$ docker-compose version
Docker Compose version v2.17.2
2、编写appsettings.json
<Your POSTGRES_PASSWORD>:设置postgresql的密码,后面的要跟现在的密码一致。
<Your XOR_KEY>:比赛私钥。参数值为任意字符串。
<Your PUBLIC_ENTRY>:用于创建容器,外部访问地址。
{
"AllowedHosts": "*",
"ConnectionStrings": {
"Database": "Host=db:5432;Database=gzctf;Username=postgres;Password=<Your POSTGRES_PASSWORD>"
},
"EmailConfig": {
"SendMailAddress": "",
"UserName": "",
"Password": "",
"Smtp": {
"Host": "localhost",
"Port": 587
}
},
"XorKey": "<Your XOR_KEY>",
"ContainerProvider": {
"Type": "Docker", // or "Kubernetes"
"PortMappingType": "Default", // or "PlatformProxy"
"EnableTrafficCapture": false,
"PublicEntry": "<Your PUBLIC_ENTRY>", // or "xxx.xxx.xxx.xxx"
// optional
"DockerConfig": {
"SwarmMode": false,
"Uri": "unix:///var/run/docker.sock"
}
},
"RequestLogging": false,
"DisableRateLimit": true,
"RegistryConfig": {
"UserName": "",
"Password": "",
"ServerAddress": ""
},
"CaptchaConfig": {
"Provider": "None", // or "CloudflareTurnstile" or "GoogleRecaptcha"
"SiteKey": "<Your SITE_KEY>",
"SecretKey": "<Your SECRET_KEY>",
// optional
"GoogleRecaptcha": {
"VerifyAPIAddress": "https://www.recaptcha.net/recaptcha/api/siteverify",
"RecaptchaThreshold": "0.5"
}
},
"ForwardedOptions": {
"ForwardedHeaders": 5,
"ForwardLimit": 1,
"TrustedNetworks": ["192.168.12.0/8"]
}
}
编写docker-compose.yml
GZCTF_ADMIN_PASSWORD:初始密码。
POSTGRES_PASSWORD:数据库密码。与appsettings.json设置一致。
services:
gzctf:
image: registry.cn-shanghai.aliyuncs.com/gztime/gzctf:develop
restart: always
environment:
- "LANG=zh_CN.UTF-8"
# choose your backend language `en_US` / `zh_CN` / `ja_JP`
- "GZCTF_ADMIN_PASSWORD=<Your GZCTF_ADMIN_PASSWORD>"
ports:
- "80:8080"
volumes:
- "./data/files:/app/files"
- "./appsettings.json:/app/appsettings.json:ro"
# - "./kube-config.yaml:/app/kube-config.yaml:ro"
# this is required for k8s deployment
- "/var/run/docker.sock:/var/run/docker.sock" # this is required for docker deployment
depends_on:
- db
cache:
image: redis:alpine
restart: always
db:
image: postgres:alpine
restart: always
environment:
- "POSTGRES_PASSWORD=<Your POSTGRES_PASSWORD>"
volumes:
- "./data/db:/var/lib/postgresql/data"
3、执行启动容器,上述两个文件都要在同一个目录下
$ docker compose up -d
$ docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
ctf-cache-1 redis:alpine "docker-entrypoint.s…" cache 3 hours ago Up 3 hours 6379/tcp
ctf-db-1 postgres:alpine "docker-entrypoint.s…" db 3 hours ago Up 3 hours 5432/tcp
ctf-gzctf-1 gztime/gzctf:latest "dotnet GZCTF.dll" gzctf 3 hours ago Up 3 hours (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp
4、设置管理员(仅限于管理员密码登不上的解决办法)
登录网页我们首先创建一个用户然后进入命令行
$ docker compose exec db psql -U postgres
psql (15.2)
Type "help" for help.
postgres=# \c gzctf
You are now connected to database "gzctf" as user "postgres".
gzctf=UPDATE "AspNetUsers" SET "Role"=3 WHERE "UserName"='新建的用户名';
gzctf=exit
