Add front_synchro container
This commit is contained in:
nemunaire
parent
9d8e29da6f
commit
de88470a0d
4 changed files with 166 additions and 20 deletions
66
README.md
66
README.md
|
|
@ -72,26 +72,6 @@ As machines aren't always in safe place (transportation, night before CTF,
|
|||
|
||||
**Always set strong password when it is possible** eg. SSL certificats, ...
|
||||
|
||||
#### Frontend
|
||||
|
||||
Keep in mind that this is the machine exposed to participant.
|
||||
|
||||
##### Requirements
|
||||
|
||||
* `nginx` with those modules: `aio` (for fast delivery of huge
|
||||
content), `fastcgi`, `rewrite`, `ssl`;
|
||||
* `php-fpm` with `mcrypt` module (for submission encryption);
|
||||
|
||||
##### Firewall rules
|
||||
|
||||
Expose to participants only 80 and 443 ports.
|
||||
|
||||
Expose on synchronization interface the 22 port, used for synchronization and
|
||||
administration purpose from backend.
|
||||
|
||||
DROP **has to be** the default rule for INPUT, FORWARD and OUTPUT chains; use
|
||||
CONNTRACK states.
|
||||
|
||||
|
||||
#### Backend
|
||||
|
||||
|
|
@ -246,6 +226,52 @@ synchronization with frontend (only `launch.sh`), submission checking and
|
|||
smart static pages regeneration.
|
||||
|
||||
|
||||
#### Frontend
|
||||
|
||||
Keep in mind that this is the machine exposed to participant.
|
||||
|
||||
##### Docker containers
|
||||
|
||||
1. Generate the synchronization SSH key on the backend:
|
||||
|
||||
```
|
||||
sudo su -c "ssh-keygen -t rsa -b 8192 -N '' -f ~synchro/.ssh/id_rsa" synchro
|
||||
```
|
||||
|
||||
2. Copy `~synchro/.ssh/id_rsa.pub` into `front_synchro/authorized_keys` file.
|
||||
|
||||
3. Run the `front_synchro` container:
|
||||
|
||||
```
|
||||
docker build -t synchro front_synchro/
|
||||
docker run -d --name fsync -p 2242:22 synchro
|
||||
```
|
||||
|
||||
4. Run the frontend container:
|
||||
|
||||
```
|
||||
docker build -t frontend front/
|
||||
docker run --rm -p 80:80 -p 443:443 --volumes-from fsync front
|
||||
```
|
||||
|
||||
|
||||
##### Requirements
|
||||
|
||||
* `nginx` with those modules: `aio` (for fast delivery of huge
|
||||
content), `fastcgi`, `rewrite`, `ssl`;
|
||||
* `php-fpm` with `mcrypt` module (for submission encryption);
|
||||
|
||||
##### Firewall rules
|
||||
|
||||
Expose to participants only 80 and 443 ports.
|
||||
|
||||
Expose on synchronization interface the 22 port, used for synchronization and
|
||||
administration purpose from backend.
|
||||
|
||||
DROP **has to be** the default rule for INPUT, FORWARD and OUTPUT chains; use
|
||||
CONNTRACK states.
|
||||
|
||||
|
||||
### History
|
||||
|
||||
#### FIC2014
|
||||
|
|
|
|||
Reference in a new issue