A bad clone of YouTube in PHP for learning to hack. This application is load balanced between one or more PHP applications relying on a single MySQL database.
This is an intentionally insecure web app! It goes without saying that this should never be used in any sort of production environment. This application was used in a cyber defense competition at Iowa State University for the 2015 IT Olympics (a high school competition). A set of anomalies (side challenges) associated with this application can be found in the included anomalies directory (contains spoilers!).
Note you may need to install flash player on Linux to play videos in Firefox. Run sudo apt-get install flashplugin-installer
.
On the Completely Digital Clips service, users will be able to upload, share, and view videos. In the interests of privacy and security, users must login before they are able to upload videos or view private profile information. Of the utmost importance is the ability to scale and grow with the increasing amounts of users.
To enable scalability a load balancer accepts and forwards requests to several different copies of the web service (running on machines called application servers). The different copies of the web service all connect to the same backend database.
Run sudo apt-get update
Run sudo apt-get install mysql-server
Edit etc/mysql/my.cnf
Set bind-address = 0.0.0.0
Run sudo service mysql restart
Run mysql -u root -p
Execute the following queries:
GRANT ALL ON *.* to 'root'@'%' IDENTIFIED BY 'cdc';
FLUSH PRIVILEGES;
exit
Checkout application source
Run sudo apt-get install git
Run git clone https://github.com/ISEAGE-ISU/itocdc-2015-www.git
Run database deployment script
cd itocdc-2015-www.git
./create_application_database.sh
To optionally install phpMyAdmin perform the following:
Run sudo apt-get install apache2
Run sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt php5-mysql libapache2-mod-auth-mysql
Run sudo apt-get install phpmyadmin apache2-utils
Edit /etc/apache2/apache2.conf
Add Include /etc/phpmyadmin/apache.conf
at the end of the file.
Run sudo service apache2 restart
Check that you can access http://localhost/phpmyadmin.
For each application server perform the following:
Run sudo apt-get update
Run sudo apt-get install git
Run sudo apt-get install apache2
Run sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt php5-mysql libapache2-mod-auth-mysql
Edit /etc/php5/apache2/php.ini
Set file_uploads = On
Set upload_max_filesize = 100M
Set post_max_size = 100M
Run sudo service apache2 restart
Run sudo apt-get install ffmpeg
Checkout application source
git clone https://github.com/ISEAGE-ISU/itocdc-2015-www.git
Run application deployment script
cd itocdc-2015-www.git
./deploy_application_server.sh
The load balancer is powered by HAProxy.
Run sudo apt-get update
Run sudo apt-get install haproxy
Edit /etc/default/haproxy
Set ENABLED=1
Run sudo mv /etc/haproxy/haproxy.cfg{,.original}
Create /etc/haproxy/haproxy.cfg
Add the following (replacing the IP addresses with the correct IPs of your machines):
global
log 127.0.0.1 local0 notice
maxconn 2000
user haproxy
group haproxy
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
timeout connect 5000
timeout client 10000
timeout server 10000
listen video_servers 0.0.0.0:80
stats enable
stats uri /stats
balance roundrobin
option httpclose
option forwardfor
server video1 192.168.1.76:80 check
server video2 192.168.1.21:80 check
listen database 0.0.0.0:8080
stats enable
stats uri /stats
balance roundrobin
option httpclose
option forwardfor
server database 192.168.1.105:80 check
Run sudo service haproxy start
or sudo service haproxy restart