Skip to content

A scaleable and secure CTFd (Capture the Flag framework) using Azure PaaS

License

Notifications You must be signed in to change notification settings

w33vils/ctfd-azure-paas

 
 

Repository files navigation

CTFd on Azure PaaS

This project sets up a self-hosted, secured CTFd environment, using Azure PaaS, that is easy to maintain. It supports the Capture-the-Flag with CTFd on Azure PaaS content on the [Azure Architecture Center](link.com TODO:).

Features

CTFd architecture

This project provides the following features:

Getting Started

Prerequisites

  • Azure CLI
  • Azure Subscription with at least a Resource-Group's Contributor access

Quickstart

Deploy to Azure

git clone https://github.com/Azure-Samples/ctfd-azure-paas.git
cd ctfd-azure-paas

DB_PASSWORD='YOUR PASSWORD'
RESOURCE_GROUP_NAME='RESOURCE GROUP NAME'

az deployment group create --resource-group $RESOURCE_GROUP_NAME --template-file ctfd.bicep --parameters administratorLoginPassword=$DB_PASSWORD 

Access and Configure CTFd

  • Navigate your browser to the App Service URL, in the form of *https://[YOUR APP SERVICE NAME].azurewebsites.net*
  • Configure your Capture the Flag event using the administrator dashboard. more info here

Troubleshooting and debugging

  • Navigate to the Log Analytics workspace in the resource group.
  • Check logs from CTFd container(s) using the table AppServiceConsoleLogs

Adjustable Network Isolation

By default the solution isolates network traffic from the CTFd App Service to the internal services (database, cache and key mangement) using a virtual network. You may reduce the solution complexity and potentially optimize cost by provisioning it without network isolation using the following command:

az deployment group create --resource-group $RESOURCE_GROUP_NAME --template-file ctfd.bicep --parameters administratorLoginPassword=$DB_PASSWORD  --vnet False

When provisioing the solution without a virtual network, the archicture diagram should look like this:

CTFd architecture without vnet

Cleanup

Delete the resource group using the following command

az group delete -n $RESOURCE_GROUP_NAME

Additinal Configuratin Options

The template deployment can be further configured using the following parameters:

  • resourcesLocation - Location for all resources. Defaults to the resource group location.
  • vnet - Deploy the solution with VNet. Defaults to True
  • redisSkuName - Azure Cache for Redis SKU Name. More info at Azure Cache for Redis Pricing
  • redisSkuSize - Azure Cache for Redis SKU Size. More info at Azure Cache for Redis Pricing
  • administratorLogin - Admin Login of Azure Database for MariaDB
  • administratorLoginPassword - Admin Password of Azure Database for MariaDB
  • databaseVCores -Azure Database for MariaDB VCores. More info at Azure Database for MariaDB Pricing
  • appServicePlanSkuName - Azure App Service Plan SKU Name. More info at Azure App Service Pricing
  • webAppName - Azure App Service Name. Controls the DNS name of the CTF site.

Contribute to this project

Follow the Contribution Guide

Resources

About

A scaleable and secure CTFd (Capture the Flag framework) using Azure PaaS

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Bicep 97.9%
  • Dockerfile 2.1%