CTFGarden

Appearance

Exposing services

Exposing services works by declaring ports like you'd expect.

However, all services are only exposed over TLS, so we can use SNI to distinguish services.

INFO

Yes, just giving everything a separate IPv6 address would be more flexible and allow for UDP and other stuff. I know, but I don't want to deal with that.

To make exposing services nicer, we support the long port syntax of the compose specification:

YAML
services:
    main:
        # ...

        ports:
          - name: web
            target: 80
            protocol: tcp
            app_protocol: http

If app_protocol is HTTP (case insensitive), the web ui of the platform will show a HTTP link. If it's unset, it will instead show an ncat --ssl-verify hostname 443 command.

SSH services

We also support ssh (case insensitive) as a protocol. For the SSH case, you should also provide a x-username and x-password, like this:

YAML
services:
    main:
        # ...

        ports:
          - name: web
            target: 22
            protocol: tcp
            app_protocol: ssh
            x-username: admin
            x-password: ctf

These are the credentials that the SSH gateway uses to connect to your service.

Users will then get their own credentials automatically assigned.

Imprint

© 2026 Nirvati UG (haftungsbeschränkt)