Facebook开源项目FBCTF安装后无法启动？

Question

  

什么是FBCTF？链接到这里Github Link

     

Facebook CTF是举办Jeopardy和“山丘之王”的平台   风格夺旗游戏。

我按照这里的说明进行操作 生产

The target system needs to be Ubuntu 14.04. Run the following commands:
sudo apt-get install git
git clone https://github.com/facebook/fbctf
cd fbctf
./extra/provision.sh prod `pwd`
This will place the code in the /var/www/fbctf directory, install all dependencies, and start the server. Be ready to provide the path for your SSL certificate's CSR and key files.

sudo apt-get install git git clone https://github.com/facebook/fbctf cd fbctf ./extra/provision.sh prod `pwd`

在最终代码执行后，它询问我在哪里安装ssl证书和ssl_keys，所以我在项目文件夹中创建了一个ssl空文件夹，然后我再次执行了命令。这给了我一个错误

root@sai:/home/ubuntu/fbctf# ./extra/provision.sh prod `pwd`
[+] Provisioning in prod mode
[+] Creating code folder /var/www/fbctf
[+] Copying all CTF code to destination folder
chmod: cannot access ‘/etc/update-motd.d/51-cloudguest’: No such file or directory
[+] language-pack-en is already installed. skipping.
[+] emacs is already installed. skipping.
[+] Adding osquery repository keys
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.aGSiJeuAvn --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/webupd8team-sublime-text-3.gpg --keyserver keyserver.ubuntu.com --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
gpg: requesting key C9D8B80B from hkp server keyserver.ubuntu.com
gpg: key C9D8B80B: "osquery (osquery) <osquery@fb.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
[+] Adding MyCLI repository keys
OK
[+] apt-transport-https is already installed. skipping.
deb https://packagecloud.io/amjith/mycli/ubuntu/ trusty main
[+] Adding HHVM key
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.pkVxhp2x4w --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/webupd8team-sublime-text-3.gpg --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
gpg: requesting key 1BE7A449 from hkp server keyserver.ubuntu.com
gpg: key 1BE7A449: "Paul Tarjan <pt@fb.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
[+] Adding HHVM repo
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]
2% [Waiting for headers] [1 InRelease 1,086 B/65.9 kB 2%] [Waiting for he                                                                         Ign http://extras.ubuntu.com trusty InRelease
                                                                         Hit http://ppa.launchpad.net trusty InRelease
21% [Waiting for headers] [1 InRelease 13.7 kB/65.9 kB 21%] [Waiting for                                                                          Ign http://in.archive.ubuntu.com trusty InRelease
                                                                         Hit http://dl.hhvm.com trusty InRelease
                                                                         21% 
W: You may want to run apt-get update to correct these problems
[+] osquery is already installed. skipping.
[+] mycli is already installed. skipping.
[+] memcached is already installed. skipping.
[+] htop is already installed. skipping.
[+] Installing MySQL
[+] mysql-server is already installed. skipping.
[+] git is already installed. skipping.
[+] hhvm is already installed. skipping.
[+] Copying HHVM configuration
; php options

pid = /var/run/hhvm/pid

; hhvm specific

hhvm.jit = true
hhvm.enable_xhp = true
hhvm.force_hh = true
hhvm.server.port = 9000
hhvm.server.type = fastcgi
hhvm.server.default_document = index.php
hhvm.server.upload.upload_max_file_size = 25M
hhvm.log.level = Error
hhvm.log.use_log_file = true
hhvm.log.file = /var/log/hhvm/error.log
hhvm.log.header = true
hhvm.log.access[default][file] = /var/log/hhvm/access.log
hhvm.log.access[default][format] = "%h %l %u %t \"%r\" %>s %b"
hhvm.server.source_root = /var/www/fbctf/
hhvm.repo.central.path = /tmp/hhvm.hhbc
hhvm.mysql.socket = /var/run/mysqld/mysqld.sock
hhvm.pdo_mysql.socket = /var/run/mysqld/mysqld.sock
hhvm.mysqli.socket = /var/run/mysqld/mysqld.sock
[+] HHVM as PHP systemwide
[+] Enabling HHVM to start by default
 System start/stop links for /etc/init.d/hhvm already exist.
[+] Restart HHVM
 * Restarting HHVM FastCGI Daemon hhvm                                      [ OK ] 
[+] Installing composer
All settings correct for using Composer
Downloading 1.1.0...

Composer successfully installed to: /var/www/fbctf/composer.phar
Use it: php composer.phar
Running composer as root/super user is highly discouraged as packages, plugins and scripts cannot always be trusted
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Nothing to install or update
Generating autoload files
Running composer as root/super user is highly discouraged as packages, plugins and scripts cannot always be trusted
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Nothing to install or update
Generating autoload files
[+] npm is already installed. skipping.
[+] nodejs-legacy is already installed. skipping.

/usr/local/bin/flow -> /usr/local/lib/node_modules/flow-bin/cli.js

> flow-bin@0.24.2 postinstall /usr/local/lib/node_modules/flow-bin
> node lib/install.js

  ✔ flow binary test passed successfully
flow-bin@0.24.2 /usr/local/lib/node_modules/flow-bin
├── logalot@2.1.0 (figures@1.6.0, squeak@1.3.0)
└── bin-wrapper@3.0.2 (lazy-req@1.1.0, os-filter-obj@1.0.3, each-async@1.1.1, bin-version-check@2.1.0, bin-check@2.0.0, download@4.4.3)
Running "force:eslint" (force) task

Running "force-internal:pre:eslint" (force-internal) task
>> Enable force mode for task eslint.

Running "eslint:dist" (eslint) task

/var/www/fbctf/src/static/js/plugins.js
  51:9  error  Move function declaration to function body root  no-inner-declarations

✖ 1 problem (1 error, 0 warnings)

Warning: Task "eslint:dist" failed. Used --force, continuing.

Running "force-internal:post:eslint" (force-internal) task
>> Reset force mode for task eslint.

Running "run:flow" (run) task
No errors!

Running "browserify:dist" (browserify) task
>> Bundle src/static/build/app-browserify.js created.

Running "copy:browserify" (copy) task
Copied 1 file

Running "sass:dist" (sass) task

Done, but with warnings.
[+] nginx is already installed. skipping.
[+] Deploying certificates
 -> SSL Certificate file location? /ssl
 -> SSL Key Certificate file location? /ssl
cp: cannot stat ‘/ssl’: No such file or directory
cp: cannot stat ‘/ssl’: No such file or directory
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
................................+.........................+.........................................+..........................................................................................................................................................................+............+................................+.............................................+..................................................................................................................................................................................................................................................................+......................................................+....................................+..............................................................................................+............................................+......................................................................+..............................++*++*
# Do not send nginx version number in error pages or server header
server_tokens off;

add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self'; frame-src 'self'; object-src 'none'";

server {
  listen 80;
  rewrite ^ https://$host$request_uri? permanent;
}

server {
  listen 443;

  ssl on;
  ssl_certificate /etc/nginx/certs/fbctf.csr;
  ssl_certificate_key /etc/nginx/certs/fbctf.key;

  ssl_prefer_server_ciphers on;
  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

  ssl_dhparam /etc/nginx/certs/dhparam.pem;

  ssl_session_cache shared:SSL:10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8 8.8.4.4 valid=300s;
  resolver_timeout 5s;

  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

  add_header Cache-Control "no-cache, no-store";
  add_header Pragma "no-cache";
  expires -1;

  root /var/www/fbctf/src;
  index index.php;
  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
  error_page 400 401 402 403 404 500 /error.php;
  client_max_body_size 25M;
}
rm: cannot remove ‘/etc/nginx/sites-enabled/default’: No such file or directory
ln: failed to create symbolic link ‘/etc/nginx/sites-enabled/fbctf.conf’: File exists
nginx: [emerg] BIO_new_file("/etc/nginx/certs/fbctf.csr") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/fbctf.csr','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
 * Restarting nginx nginx                                                   [fail] 
[+] Installing Unison 2.48.3
[+] Remember install the same version of unison (2.48.3) in your host machine
[+] Creating DB - fbctf
ERROR 1007 (HY000) at line 1: Can't create database 'fbctf'; database exists
[+] Importing schema...
[+] Importing countries...
[+] Importing logos...
[+] Creating user...
ERROR 1396 (HY000) at line 1: Operation CREATE USER failed for 'ctf'@'localhost'
[+] DB Connection file
[+] Adding default admin user
[+] The password for admin is: 73d8adba7b2fe3f64e2f8300aa248a8f
[+] fbctf deployment is complete! Ready in https://10.10.10.5
```

任何人都可以知道如何解决这些问题，以及之前是否有人使用此问题可能会有所帮助

Answer 1

看起来缺少证书文件 - 你的nginx配置说：

ssl_certificate /etc/nginx/certs/fbctf.csr;
ssl_certificate_key /etc/nginx/certs/fbctf.key;

检查这两个文件是否存在。

如果它们不存在 - 只需创建它们：

cd /etc/nginx/certs
openssl genrsa -des3 -out self-ssl.key 2048
openssl req -new -key self-ssl.key -out self-ssl.csr
cp -v self-ssl.{key,original}
openssl rsa -in self-ssl.original -out self-ssl.key
rm -v self-ssl.original
openssl x509 -req -days 4000 -in self-ssl.csr -signkey self-ssl.key -out self-ssl.crt
mv self-ssl.crt fbctf.csr
mv self-ssl.key fbctf.key

然后重启你的nginx服务器：

service nginx restart

Answer 2

如果您愿意尝试其他方法，也许您可​​以尝试使用docker运行。我写了一些说明here。您可以在dev和prod模式下运行。在prod模式下运行时，我使用Let's Encrypt为您生成证书，因此您不必担心。

对于您的问题，配置脚本不会询问您在哪里安装证书，而是询问您生成的证书所在的位置，请参阅here。因此，您需要生成证书并告诉脚本它们的位置。

Answer 3

尝试使用./extra/provision.sh dev 'pwd'

它解决了我的问题^ ^脚本会自动处理SSL证书