Dockerise everything!

[matthew5025]

This aims to simplify the deployment of this application through containerisation.

[matthew5025]

At this stage, the application should be deployable with a simple docker-compose up
This will break non docker hosting, so it is not fit for merging atm.
This PR is open so testing can be done by others and to consolidate all discussion on this

• Automated secret and salt generation
• Deployment nginx config
• Feel free to add anything else

Opinions needed on:

1. Should an admin account be automatically generated on first deployment?
2. Is docker going to be the preferred way for deployment going forward?
   This would mean if changes are needed for docker vs standalone, the default in the repo would be the one for docker

[152334H]

does not work on my machine 👎

---

More seriously, docker-compose up produces errors. Our server doesn't accept version: 3.9 for some reason, so I tried lowering the version to the next non-erroring version (3.7). This gave another error message: Service web-api has neither an image nor a build context specified. At least one must be provided.

I don't know what to make of that, beacuse all the services have a build: / image: attribute.

I went to download the latest version of docker-compose, and (with version: 3.9) I still got the same issue of Service web-api...

In case exact info is required:

~/ctf_platform$ git branch
* dockerise
  master
~/ctf_platform$ git diff
~/ctf_platform$ docker-compose up
ERROR: Version in "./docker-compose.yml" is unsupported. You might be seeing this error because you're using the wrong Compose file version. Either specify a supported version (e.g "2.2" or "3.3") and place your service definitions under the `services` key, or omit the `version` key and place your service definitions at the root of the file to use version 1.
For more on the Compose file format versions, see https://docs.docker.com/compose/compose-file/
~/ctf_platform$ ./docker-compose-Linux-x86_64 up
ERROR: The Compose file is invalid because:
Service web-api has neither an image nor a build context specified. At least one must be provided.
~/ctf_platform$ cat docker-compose.yml
version: "3.9"
services:
  mongodb:
    image: "mongo"
    container_name: "mongodb"
    command: -vv
    ports:
      - "27017:27017"
  web-api:
    build:
      dockerfile: Dockerfile-api
    ports:
      - "20001:20001"
    links:
      - "mongodb"
    depends_on:
      - "mongodb"
  web-client:
    build:
      dockerfile: Dockerfile-client
    ports:
      - "20002:20002"
    depends_on:
      - "web-api"```

[matthew5025]

@152334H Seems like the context was required. Could you pull and try again?

[152334H]

good shit

---

Should an admin account be automatically generated on first deployment?

I want to say yes, but this kind of thing has been historically considered as a bug on other CTF platforms (like CTFd <= 2.1.5).

You could add a mandatory env var for admin credentials, or maybe generate a randomized password to be displayed when building the container?

Is docker going to be the preferred way for deployment going forward?

The lead developer for this project says: at least not for IRS-cybersec. 🤷

Docker is definitely more simple for me, but I am not a web-developer anyway.

[matthew5025]

You could add a mandatory env var for admin credentials, or maybe generate a randomized password to be displayed when building the container?

I think that would be the best; perhaps on first run rather than building. I think generation on build would mean that if the image is hosted on a registry server, all pulled images will have the same values.
Might do the same to the env secrets; I think in general it is better for the app to be secure by default rather than rely on the user to change the default values to make it secure

[matthew5025]

@Tkaixiang fyi i changed some stuff so you might want to stash your changes b4 you pull

[matthew5025]

Should an admin account be automatically generated on first deployment?

This is tracked using PR #93

[matthew5025]

Secret and salt generation tracked in #94

[Tkaixiang]

Looks good to me

[matthew5025]

Test Results

Bare Metal

• API Server Starts

• Admin credentials generated

Notes

1. ctf_platform\api\utils\mongoDB.js
   mongodb://ctf-mongodb:27017 needs to be changed to mongodb://localhost:27017

Local Docker Compose (Windows)

• Docker Compose builds

• Docker Compose comes up

• Web UI accessible over localhost:20002

• Admin credentials generated

• Logs in to Admin account with generated credentials

• Scoreboard websocket connects

Hosted Docker Compose (Ubuntu 20.04 (LTS) x64)

• Git pull succeeds

• Docker Compose builds

• Docker Compose comes up

• Nginx configuration ctf_platform.conf is valid in the sites-enabled folder

• Web UI accessible through http://ctf.nat.ninja

• Admin credentials generated

• Logs in to Admin account with generated credentials

• Scoreboard websocket connects

• Certbot succeeds in issusing and installing HTTPS cert

• HTTP to HTTPS redirection works

• Web UI accessible through https://ctf.nat.ninja

• Logs in to Admin account with generated credentials over HTTPS

• Scoreboard websocket connects over wss

Notes

1. ctf_platform\ctf_platform.conf
   server_name ctf.example.com needs to be changed to your desired domain

[matthew5025]

LGTM

[Tkaixiang]

LGTM, great job 😄 !