Configuring SSL Reverse Proxy

For security reasons, especially if you want to access it outside your intranet, we strongly encourage you to set up an SSL Reverse Proxy.

Since there are already several industrial grade, battle-tested reverse proxy servers that handle SSL very well, CTFreak does not handle it itself.

After a fresh install, CTFreak is accessible via http://localhost:6700.

We want it to be available at https://ctfreak.mycompany.com.

Running CTFreak behind a Caddy2 reverse proxy

In this simple case, the caddy file of the reverse proxy should look like this:

ctfreak.mycompany.com {
    reverse_proxy localhost:6700
}

External URL setting

Once your reverse proxy is up and running, log in to the UI as an administrator, go to Settings → Global and set your External URL as https://ctfreak.mycompany.com.

A bad external url configuration will prevent OpenId Connect authentication providers from working, as well as links sent in notifications.