search

Configuration

This page describes all environment variables used to configure your CTF. Each variable can be set in your .env file at the root of the pwnthemall project.

hashtag
Database configuration

hashtag
POSTGRES_USER

PostgreSQL database username. This user will be created and used by the application to connect to the database.

Default: pwnthemall

hashtag
POSTGRES_PASSWORD

Password for the PostgreSQL database user. Change this to a strong password in production environments.

Default: pwnthemall

hashtag
POSTGRES_DB

Name of the PostgreSQL database that will be created and used by the platform.

Default: pwnthemall-db

hashtag
PTA_SEED_DATABASE

Controls whether the database should be seeded with initial data on startup.

Values: true | false Default: true

hashtag
PTA_SEED_CASBIN_CSV

Determines if Casbin authorization rules should be loaded from CSV files during database seeding.

Values: true | false Default: true

hashtag
PTA_SEED_CASBIN

Enables or disables Casbin policy seeding. When disabled, authorization rules must be configured manually.

Values: true | false Default: false

hashtag
Application configuration

hashtag
PTA_SITE_NAME

Display name of your CTF event. This name appears throughout the platform interface.

Default: "pwnthemall"

hashtag
PTA_PUBLIC_DOMAIN

Hostname where the Caddy reverse proxy will listen for incoming connections. This is the public domain where users will access your CTF platform.

Required: Yes Default: "pwnthemall.local"

hashtag
PTA_REGISTRATION_ENABLED

Controls whether new users can register accounts on the platform.

Values: true | false Default: true

hashtag
PTA_CTF_START_TIME

Timestamp marking the official start of the CTF competition. Challenges may be restricted before this time.

Format: ISO 8601 datetime Default: Empty (no restriction)

hashtag
PTA_CTF_END_TIME

Timestamp marking the end of the CTF competition. The platform may restrict submissions after this time.

Format: ISO 8601 datetime Default: Empty (no restriction)

hashtag
PTA_DEMO

Enables demo mode for testing and presentations. May activate additional features or modify behavior for demonstration purposes.

Values: true | false Default: false

hashtag
PTA_DEBUG_ENABLED

Enables debug mode with verbose logging and error messages. Should be disabled in production for security and performance.

Values: true | false Default: false

hashtag
Backend configuration

hashtag
JWT_SECRET

Secret key used for signing JSON Web Tokens for user authentication. Must be changed to a secure random value in production.

Required: Yes Default: d6r9h3UCI7qd6r9Js7ci2gFIZ2yym9

hashtag
REFRESH_SECRET

Secret key used for signing refresh tokens. Must be changed to a secure random value in production.

Required: Yes Default: 9Js7ci2gFIZ2yym9gXWAgYsFUCI7q

hashtag
Frontend configuration

hashtag
NEXT_PUBLIC_API_URL

Public URL where the frontend will send API requests. Should match your public domain with HTTPS protocol.

Default: "https://$PTA_PUBLIC_DOMAIN"

hashtag
MinIO configuration

hashtag
MINIO_ROOT_USER

Root username for MinIO object storage. Used to authenticate administrative operations.

Default: pwnthemall

hashtag
MINIO_ROOT_PASSWORD

Root password for MinIO object storage. Change this to a strong password in production.

Default: vv7Eh3UCI7qd6r94C68sxgXWAgYsFHh3UCI7q

hashtag
MINIO_DEFAULT_BUCKETS

Comma-separated list of storage buckets to create automatically on MinIO startup.

Default: challenges IMPORTANT NOTE: Changing this value can currently break sync process of challenges. Please keep this value.

hashtag
MINIO_NOTIFY_WEBHOOK_AUTH_TOKEN_DBSYNC

Authentication token for MinIO webhook notifications used in database synchronization. Change to a secure random value in production.

Default: QJs7ci2gFMG4C68sxh3UCI7qd6r9mtmvv7EmcMG4C6

hashtag
Docker configuration

hashtag
PTA_DOCKER_WORKER_IP

IP address or hostname that will replace all $ip placeholders in challenge connection_info fields. This is the address users will use to connect to their challenge instances.

Default: 127.0.0.1

hashtag
PTA_DOCKER_WORKER_URL

Docker daemon connection URL. Supports SSH (ssh://) and TCP protocols. The backend uses this to manage challenge containers.

Examples:

  • "ssh://docker@docker-worker" (SSH connection)

  • "/var/run/docker.sock" (Local socket)

Default: "ssh://docker@docker-worker"

hashtag
PTA_DOCKER_IMAGE_PREFIX

Prefix applied to all Docker images built during the event. Helps organize and identify CTF-related images.

Default: "pta-"

hashtag
PTA_DOCKER_MAXMEM_PER_INSTANCE

Maximum memory allocation per Docker container instance in megabytes. Prevents resource exhaustion.

Unit: MB Default: 256

hashtag
PTA_DOCKER_MAXCPU_PER_INSTANCE

Maximum CPU allocation per Docker container instance as a decimal fraction of one CPU core.

Example: 0.01 = 1% of one CPU core Default: 0.01

hashtag
PTA_DOCKER_INSTANCES_BY_USER

Maximum number of concurrent Docker containers a single user can run simultaneously.

Default: 5

hashtag
PTA_DOCKER_INSTANCES_BY_TEAM

Maximum number of concurrent Docker containers a team can run simultaneously across all members.

Default: 15

hashtag
PTA_DOCKER_CHALL_BASE_CIDR

Base CIDR network range used for challenge container networking. Used when network isolation is enabled.

Status: BETA Default: "172.80.0.0/16"

hashtag
PTA_DOCKER_INSTANCE_TIMEOUT

Time in minutes after which idle challenge containers are automatically stopped and removed.

Unit: Minutes Default: 60

hashtag
PTA_DOCKER_INSTANCE_COOLDOWN_SECONDS

Rate limit cooldown period in seconds between launching new container instances per user. Prevents abuse and resource exhaustion.

Unit: Seconds Default: 15

hashtag
PTA_DOCKER_ISOLATION

Enables network isolation between challenge instances. When enabled, each team or user gets isolated network access.

Status: BETA Values: true | false Default: false

hashtag
PTA_DIND

Enables Docker-in-Docker support for challenges that require nested container functionality.

Status: BETA Values: true | false Default: false

hashtag
Plugins configuration

hashtag
PTA_PLUGINS_ENABLED

Enables the plugin system for extending platform functionality with custom modules.

Status: BETA Values: true | false Default: false

hashtag
PTA_PLUGIN_MAGIC_VALUE

Authentication token or magic value used by the plugin system for verification and security.

Status: BETA Default: b551b87718b35cd13e81

hashtag
Workers configuration

hashtag
DOCKER_WORKER_PASSWORD

SSH password for authenticating to the Docker worker node. Required when using SSH-based Docker connections.

Required: Yes Default: KAUifma4GIv9vtgVXXlDnpih5

hashtag
LIBVIRT_WORKER_PASSWORD

Password for authenticating to libvirt worker nodes if VM-based challenges are used.

Required: Yes Default: K4zBjFFP3QScfs3VbDXAvqZ4cZY

hashtag
Caddy configuration

hashtag
CADDY_ENV

Environment preset for Caddy reverse proxy configuration. Determines which Caddyfile template to use.

Required: Yes Default: default

PreviousInstallationNextUsage

Last updated