Backstory
During the last weekend, a small cyber security club at my town organized their first online CTF competition. I offered to take care of the infrastructure since I’ve been tinkering with CTFd for a couple of weeks and surprisingly everything went well! (Except two server outages that didn’t last long ) That’s why I’m here sharing with you the process of how I set up, configured, and monitored a CTF platform that handled 150+ users simultaneously totally FOR FREE
Roadmap
- Create and configure a Linux VM on the cloud
- Deploy CTFd using docker-compose
- Set up CTFd Admin Panel and settings
- Get a domain name and link it with the VM
- Enable HTTPS by generating a certificate
Before we start make sure you have the GitHub Student Pack since it’s the only way to have all these perks for free. Make sure also to link Microsoft Azure to your GitHub Student account.
First step: Linux VM on the cloud!
This step is fairly simple. You just create a new instance/resource/linode/machine/VM whatever your provider calls it. In my case I made an Ubuntu Server VM on Microsoft Azure portal.
The most important things during this step are:
- Choose a strong SSH password and keep it to yourself
- Enable inbound ports 80 and 443 for HTTP and HTTPS
Once you finish this process, you’ll have SSH access to your VM. It’s time for a quick apt update && apt upgrade
followed by a nice apt install docker.io docker-compose
. At this point you’re ready for step 2!
Second step: Deploying CTFd with docker
We start by cloning the CTFd github repo: git clone https://github.com/CTFd/CTFd.git
Then, you could add one of the themes in this repository to your themes
folder to make your CTF shine in fashion!
Finally, go on and build your docker image by running:sudo docker-compose up
. It will take some time but by the end of it, you will have CTFd up and running.
Third step: setting up the admin panel
This process is pretty straight-forward. Navigate to your VM IP in your browser and you’ll be welcomed by this:
All you gotta do is follow the onscreen instructions and you’ll be ready to go. Don’t forget to select the theme you uploaded in step 2.
Fourth step: Link the domain name!
Believe it or not, this is the easiest step in this guide. After claiming your preferred domain name from namecheap or any other provider that gives free domains to students, all you need to do is add these records in your DNS settings.
Congratulations! Now instead of typing the IP in the address bar, you can type your new domain name instead
Final step: Enabling HTTPS
This article right here contains a well-explained guide on how to generate a SSL certificate and configure it with your domain name and server. By the end of it you’ll have a nice shiny green lock next to your domain name.
And that’s how you host your own CTF for free!
Author: Jihed Kdiss • My portfolio: jihedkdiss.me
Feel free to contact me in case you run into some trouble.