Installation Instructions

  1. Install Dependencies:

    sudo apt-get install build-essential nginx supervisor python3-pip python3 postgresql postgresql-client redis-server memcached libevent-dev libzmq3-dev python3-dev libldap2-dev libxml2-dev libsasl2-dev libssl-dev libjpeg-dev
    sudo pip install -r requirements.txt
    
  2. Install Optional Dependencies

  • Push Notifications
    • sudo apt-get install libffi-dev
  1. Install IScorE:

    sudo python setup.py install
    
  2. Create Database User:

    create user iscore with password '<insert your password here>';
    
  3. Create Database:

    create database scores ENCODING utf8 OWNER iscore;
    
  4. Configure Application (PostgresSQL)

    Create a mysql user and database for iscore, granting the user all permissions on it. Edit settingslocal.py and modify this section to match it. These are the defaults:

    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.postgresql_psycopg2',
            'NAME': 'scores',
            'USER': 'iscore',
            'PASSWORD': 'scorepass',
            'HOST': '127.0.0.1',
            'PORT': '',
        }
    }
    
  5. Configure gunicorn

    Take a look at gunicorn.conf.py and note the port that it binds to. You can change it as needed (but shouldn’t need to if port 8000 is okay):

    import multiprocessing
    bind = "127.0.0.1:8000"
    workers = multiprocessing.cpu_count() * 2 + 1
    
  1. Configure supervisor to manage gunicorn

    Create a .conf file in /etc/supervisor/conf.d with the following:

    [program:iscore]
    command=/usr/local/bin/gunicorn iscore_wsgi -c path/to/iscore/gunicorn.conf.py
    directory=/path/to/iscore/
    user=www-data
    group=www-data
    autostart=true
    autorestart=true
    stdout_logfile=/var/log/iscore.log
    stdout_errfile=/var/log/iscore-error.log
    

    Create another .conf file in /etc/supervisor/conf.d/ with the following:

    [program:iscore_worker]
    command=/usr/local/bin/celery -A iscore.celeryapp worker
    directory=/path/to/iscore/
    user=www-data
    group=www-data
    autostart=true
    autorestart=true
    stdout_logfile=/var/log/iscore.log
    stdout_errfile=/var/log/iscore-error.log
    

    Create another .conf file in /etc/supervisor/conf.d/ with the following:

    [program:iscore_beat]
    command=/usr/local/bin/celery -A iscore.celeryapp beat
    directory=/path/to/iscore/
    user=www-data
    group=www-data
    autostart=true
    autorestart=true
    stdout_logfile=/var/log/iscore.log
    stdout_errfile=/var/log/iscore-error.log
    

Replace /path/to/iscore/ with the appropriate directory in the all the files above.

Ensure the directory /path/to/iscore/static/upload/ is writable by the user your specified above.
  1. Reload supervisor

    sudo supervisorctl reload

    Then you can start and stop green unicorn with

    sudo supervisorctl start|stop|restart iscore

  2. Initialize Database

    Execute the following command to setup the database:

    python manage.py migrate
    

    It will prompt you to create a superuser for the application; you will use this to login for the first time.

    (use –fake-initial when upgrading from a previous version)

  1. Configure nginx

    Edit /etc/nginx/nginx.conf. The first few lines will have basic overall config. The http block is truncated here, you will add lines at the end right before the Virtual Host Configs section:

    user www-data
    # Edit this number based on the number of CPU cores
    worker_processes 4;
    pid /var/run/nginx.pid;
    
    worker_rlimit_nofile 8192;
    
    events {
        #Adjust this number to your liking
        worker_connections 1024;
        # multi_accept on;
        use epoll;
    }
    
    http {
        # ****THERE WILL BE STUFF HERE, LEAVE IT ****
        ssl_session_cache shared:SSL:16m;
        ssl_session_timeout 10m;
    
        # Add HSTS header
        add_header Strict-Transport_Security "max-age=5184000; includeSubdomains";
    
        upstream gunicorn {
             # Port you configured gunicorn to use
             server 127.0.0.1:8000 fail_timeout=1;
        }
    
        server {
            # Redirects everything to https
            listen 80;
            rewrite ^(.*) https://$host$1 permanent;
        }
    
        server {
            listen 443;
            ssl on;
    
            # Change this to reflect your environment
            server_name iscore.iserink.com;
    
            # **** Don't forget to make the certificates ****
            # Be sure to create these files in ``/etc/nginx/ssl/``
            ssl_certificate ssl/server.crt;
            ssl_certificate_key ssl/server.key;
            client_max_body_size 4G;
            keepalive_timeout 5;
    
            # Edit this to be the path where you installed iscore
            root /path/to/iscore;
    
            location ^~ /static/ {
                # Edit this to be the path where you installed iscore
                root /path/to/iscore;
                gzip_static on;
                expires max;
            }
    
            location ^~ /static/upload/flag {
                deny all;
                return 404;
            }
    
            location ^~ /static/upload/redwiki {
                deny all;
                return 404;
            }
    
            location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_pass http://gunicorn;
            }
        }
    
        ##
        # Virtual Host Configs
        ##
    
        # **** COMMENT THESE OUT ***
        #include /etc/nginx/conf.d/*.conf;
        #include /etc/nginx/sites-enabled/*;
    }
    

    Reload nginx:

    sudo service nginx reload
    
  2. Static Routes

    Depending on your setup, IScorE will need static routes defined for each of the IP ranges in the competition network (blue range). This will allow the service scanner to access team servers in the competition range.