-
Notifications
You must be signed in to change notification settings - Fork 29
Configuration
- Database config:
config/database.yml - Secret keys:
config/secrets.yml - Config of development, test, production:
config/environments/*.rb.
Production:
-
S3_KEY,S3_SECRET,S3_BUCKET- Used for syncing S3 certificates between the CTF VPN server and the scoreboard. -
RAILS_SERVE_STATIC_FILES- More information: https://devcenter.heroku.com/changelog-items/617 -
RAILS_LOG_TO_STDOUT- More information: https://blog.heroku.com/container_ready_rails_5#stdout-logging -
SENDGRID_USERNAME- Used for https://elements.heroku.com/addons/sendgrid -
SENDGRID_PASSWORD- Used for https://elements.heroku.com/addons/sendgrid -
APP_URL- Used in order to properly generate email links in mailers.
Secret:
-
SECRET_KEY_BASE- https://medium.com/@michaeljcoyne/understanding-the-secret-key-base-in-ruby-on-rails-ce2f6f9968a1
Sentry:
-
SENTRY_DSN- https://elements.heroku.com/addons/sentry
reCAPTCHA:
RECAPTCHA_SECRET_KEYRECAPTCHA_SITE_KEYRECAPTCHA_DISABLE
ActionMailer:
https://api.rubyonrails.org/classes/ActionMailer/Base.html
MAILER_DEFAULT_URL_OPTIONS_HOSTMAILER_ADDRESSMAILER_PORTMAILER_DOMAINMAILER_AUTHENTICATIONMAILER_TLSMAILER_OPENSSL_VERIFY_MODEYMAILER_ENABLE_STARTTLS_AUTOMAILER_SMTP_SERVER_USERNAMEMAILER_SMTP_SERVER_PASSWORD
This task will run all below tasks.
- This task will walk you through creating an administrator in the database.
- It is recommended that you run this task to easily create an administrator account and proceed to the Game configuration.
- This task can be run more than once to create multiple administrator accounts.
- This task will walk you through configuring
ActionMailer::BaseSMTP settings. - See https://api.rubyonrails.org/classes/ActionMailer/Base.html and search for smtp_settings to see a full explanation of the configuration this task is asking for.
- This task requires that the Rails server be restarted for any settings to apply.
- This task can be run again to overwrite the configuration.
If you do not wish to use this task because you are hosting in Heroku or similar, you can set the appropriate environment variables found in the Environment section above.
- This task will walk you through configuring reCAPTCHA.
- You will need to have a reCAPTCHA site and secret key available.
- To disable reCAPTCHA functionality, set the
RECAPTCHA_DISABLEenvironment variable. - This task can be run again to overwrite this configuration.
If you do not wish to use this task because you are hosting in Heroku or similar, you can set the appropriate environment variables found in the Environment section above.
The Game is a singleton object within the application. Everything the application does depends on a Game being created.
The game has several configuration options that are required (bold) and optional. When setting up your game, please refer to the below explanations to pick appropriate values.
Title: The title of the game. The title of the game is intended to be the title of your event. The title of the game will appear in automated emails sent to competitors, on the application's index page, on the navbar of the application.
Start: When the game will "open". This is the beginning of the competition and when competitors will be able view challenge descriptions and to submit flags.
Stop: When the game will "close". This is the end of the competition and when competitors will be unable to view challenge descriptions and submit flags.
Description: A description of the game that is visible on the application's index page. This variable is a free text box that supports Markdown formatting. The description should be used to provide participants introductory or logistical information.
Terms of service: A markdown-formatable text field that should contain any terms of service for the participation in the competition or use of the application. A link to the terms is found in the footer.
Disable flags an hour graph: Turns off graphics and graphs on the game's summary page and team summary page. Defaults to false (i.e. Graphs on).
Organization: The organization that is hosting the CTF. Separate from the title of the game. If you set this variable it is recommended to NOT include your organization name in the Game's title. The organization name will appear in the application's automated emails and the navbar.
Contact url: A URL that is present in the navbar that will allow participants to contact competition organizers beyond email. For example, this has been used in the past to provide links to a Discord Server.
Footer: Sets additional plaintext in the footer of the application to the left of the links to Terms of Service and Terms and Conditions. Could be used for a copyright notice or link to organization website.
Team size: Sets the maximum number of users per team for the Game. Defaults to five users per team.
Do not reply email: An email address, which will be used as the 'from' address when the application sends automated emails.
Contact email: An email address where participants can reach the competition organizers. Typically this email address is monitored throughout the registration period and the competition so that participants with questions can reach out and get answers. This email address is displayed on the application's index page under the "Help I'm Stuck!" subheading.
Open source url: If the challenges are open-sourced, the email will include a link to this URL to the challenges. Used in an automated email.
Prizes available: Select this option if the competition intends to award prizes for the top team. This enables automated emails to collect participant information. When settings this option it is a good idea to consider utilizing the "Terms and conditions" text field to display giveaway legalese. Defaults to false (i.e. prizes not available).
Recruitment text: This is a markdown-formatable text field that is included in an automated email for teams/participants that gained at least some points in the competition. The text in this field is included in the automated "Ranking" email sent to participants at the conclusion of the Game. It will not be included in the ranking email if this is left blank in the Game configuration. Typically this text will have further information about employment opportunities for the organization that hosted the CTF (links to job requisitions, places to view available jobs, etc.).
Enable completion certificates: Select this option of the competition should automatically send out certificates for completion. The completion certificate is send to all participants and essentially thanks them for participating and states their rank. Defaults to false (i.e. No certificates will be sent out).
Completion certificate template: Use this option to upload a PDF for the background of the template. See "Enable completion certificates" for more information.
Terms and conditions: A markdown-formatable text field that should contain any terms and conditions for the prizes available for competition participants. A link to the terms is found in the footer.
Type: The application configures itself differently based on what type of game is selected. Select the most appropriate. Available choices: "PointGame" or "PentestGame". PointGame: Is the traditional jeopardy style game where challenges are arranged under a category grouping. PentestGame: A unique game type designed for the penetration test of feature implementations. Scoring is based off a combination of attacking, defending, and implementing features.