This part of the qFALL project is based on the CTF platform CTFd. We integrate a plugin to individualize the challenges, provide cryptographic challenges and an easy setup of TLS.
This repository is currently being developed by the project group qFALL - quantum resistant fast lattice library in the winter term 2022 and summer term 2023 by the Codes and Cryptography research group in Paderborn.
This project is dedicated to the educational part of qFALL. We provide this CTF platform and its challenges to enable lecturers among the world to provide even more engaging lectures on cryptography (specifically focussing on lattice-based cryptography).
Please refer to our website as a central information point. To use our library for your project, please refer to our tutorial. It provides a step-by-step guide to install the required libraries and gives further insights into the usage of our crates.
Currently, we are in the development phase and interfaces might change. Feel free to check out the current progress, but be aware, that the content will change in the upcoming weeks and months. An official release will most likely be published in the second half of 2024.
This repository contains a configuration of the open-source platform CTFd that any lecturer can setup within 10 minutes to provide engaging CTF challenges for their students. Below, you can find step-by-step instructions to deploy our instance using Docker based on any Debian-based Linux distribution. If you want to test the deployment on your localhost first, please ignore and remove any certificate-related commands and lines in the configuration files.
Requirements
- A server with ...
- at least two threads (four are recommended)
- at least 1 GB of RAM (2 GB are recommended)
- a static public IP address
- an operating system based on Debian
- A registered domain that points to this IP address
- Opened HTTP (80), HTTPS (443), SSH (22) ports
- Preferably close all other ports - if there is no firewall in place, you can use ufw to setup one
- An SSH connection to your server
Once you are connected to your server via SSH, we make sure that all required packages are installed including snap, git, and Docker.
sudo apt-get update
sudo apt-get install snapd git
sudo snap install snapd dockerThen, clone this git repository and enter the directory using the following command.
git clone https://github.com/qfall/ctf.git && cd ./ctf/Now, we need to make some changes to the following files: docker-compose.yml and conf/nginx/http.conf using your favorite editor.
- In the
docker-compose.ymlfile, please change theSECRET_KEYvalue and adjust the number ofWORKERSappropriately to your system setup. - In the
conf/nginx/http.conffile, adjust the number ofworker_processesaccording to your setup and replace<your_domain.org>by your domain everywhere. Please make sure that you made all 5 substitutions of the domain!
Now, it's time to start the system.
docker compose up -dNote that for some systems, docker-compose might need to be connected via a dash.
The -d tells the docker container to run detached from the console.
You can always join the feed using docker compose attach.
You can also stop, restart, pause, unpause, ... via docker compose.
If you ever want to remove it, call docker compose down.
Currently, your system is up and running, but there is no certificate available to establish secure connections.
To get a certificate using Let'sEncrypt and Certbot, execute the following command (replacing your_domain.org by your domain).
docker compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d your_domain.orgAttach --dry-run to test this command in order to avoid hitting the maximum number of signing requests if something went wrong.
Enter your email and any other requested information to get a signed certificate.
After successfully obtaining a signed certificate, restart the Nginx server by executing the following line.
docker compose restart nginxConnect to your server for the first time. You should be able to setup your new CTFd instance.
Your certificate is valid for three months. Renewing the certificate will be done by the following command if it is near to expiration.
docker compose run --rm certbot renewFurthermore, you need to restart the Nginx server afterwards to load the new certificates.
As you probably don't want to run these commands every third month, we setup a 'cron job', which executes these commands daily. As the certificate will only be renewed close to its expiration date, the commands will only restart Nginx if this happens.
Setup a cron job by executing the following line.
sudo crontab -ePlace the following at the end of the file and replace directory_of_your_ctf_instance by the path to your ctf directory.
30 3 * * * cd /path_to_ctf_directory/ && docker compose run --rm certbot renew --post-hook "docker compose restart nginx"Now, the server will try to renew the certificate every day at 3:30 am and restart the nginx server if a new certificate was issued.