Removed nginx setup

PRODUCTION_README.md

@@ -8,13 +8,11 @@ This application is ready for production deployment with proper security measure
 
 - Environment variable support (.env files)
 - Secrets excluded from git (.gitignore)
-- HTTPS/SSL configuration (via Let's Encrypt)
 - JWT-based authentication
-- Nginx reverse proxy configuration
 - Systemd service for process management
 - Firewall configuration
 - Automated backups
-- Security headers
+- Ready for reverse proxy integration (nginx, caddy, traefik, etc.)
 
 ## Prerequisites
 
@@ -39,37 +37,44 @@ This application is ready for production deployment with proper security measure
 
 3. The script will:
    - Install all dependencies
-   - Configure Nginx
-   - Get SSL certificate
    - Setup systemd service
    - Configure firewall
    - Setup automated backups
+   - Start the application on HTTP
 
 4. Follow prompts to:
-   - Enter your domain name
-   - Enter your email (for SSL)
+   - Choose application port (default: 8000)
    - Configure your .env file with secrets
 
+5. Configure your reverse proxy separately for HTTPS
+
 ## Manual Setup
 
 See [DEPLOYMENT.md](DEPLOYMENT.md) for detailed step-by-step instructions.
 
-## Free Domain Options
+## Reverse Proxy Options (for HTTPS)
 
-### Option 1: DuckDNS (Recommended)
-- Visit https://www.duckdns.org
-- Sign in and create a subdomain (e.g., `myfaction.duckdns.org`)
-- Note your token for DNS updates
-- Free HTTPS support with Let's Encrypt
+The application runs on HTTP. You'll need to configure a reverse proxy for HTTPS:
 
-### Option 2: FreeDNS
-- Visit https://freedns.afraid.org
-- Create free subdomain
-- Choose from many domain options
+### Option 1: Nginx
+- Simple configuration
+- Widely used and documented
+- Free SSL with Let's Encrypt/Certbot
 
-### Option 3: No-IP
-- Visit https://www.noip.com
-- Free tier includes dynamic DNS
+### Option 2: Caddy
+- Automatic HTTPS with built-in Let's Encrypt
+- Simple configuration file
+- Recommended for ease of use
+
+### Option 3: Traefik
+- Great for containerized deployments
+- Automatic SSL certificate management
+- Dynamic configuration
+
+### Free Domain Options:
+- **DuckDNS** (https://www.duckdns.org) - Free subdomain
+- **FreeDNS** (https://freedns.afraid.org) - Multiple domain options
+- **No-IP** (https://www.noip.com) - Dynamic DNS support
 
 ## Critical Security Steps
 
@@ -112,7 +117,8 @@ See [DEPLOYMENT.md](DEPLOYMENT.md) for detailed step-by-step instructions.
 
 ### Access Your Application
 ```
-https://yourdomain.com
+Local: http://localhost:8000 (or your configured port)
+Remote: http://YOUR_SERVER_IP:8000
 ```
 
 ### Check Service Status
@@ -130,10 +136,17 @@ sudo journalctl -u faction-war -f
 sudo systemctl restart faction-war
 ```
 
+### Configure Reverse Proxy
+Set up your reverse proxy (nginx, caddy, etc.) to:
+- Listen on ports 80/443
+- Forward requests to `http://127.0.0.1:8000` (or your configured port)
+- Handle SSL/TLS termination
+- Add security headers
+
 ## Configuration
 
 ### Option 1: Web Interface (Recommended)
-1. Visit `https://yourdomain.com/config`
+1. Visit your application URL (e.g., `http://yourserver:8000/config`)
 2. Configure all settings through the UI
 3. Settings are saved to `data/config.json`
 
@@ -147,20 +160,22 @@ sudo systemctl restart faction-war
 
 **Priority**: Environment variables > config.json > defaults
 
+**Note**: Once you configure your reverse proxy with HTTPS, access via secure URL
+
 ## Security Checklist
 
 Before going live, verify:
 
 - [ ] Strong AUTH_PASSWORD generated and set
 - [ ] Strong JWT_SECRET generated and set
-- [ ] HTTPS/SSL certificate installed
-- [ ] Firewall configured (only ports 22, 80, 443)
-- [ ] Port 8000 blocked from external access
+- [ ] Reverse proxy configured with HTTPS/SSL
+- [ ] Firewall configured (SSH + application port only)
+- [ ] Application port accessible only via reverse proxy (if using one)
 - [ ] .env file has permissions 600
 - [ ] data/ directory has permissions 700
-- [ ] Automatic SSL renewal working
 - [ ] Backups configured (2 AM daily)
 - [ ] Logs accessible and monitoring setup
+- [ ] Security headers configured on reverse proxy
 
 ## File Structure
 
@@ -195,12 +210,8 @@ sudo -u factionwar venv/bin/pip install --upgrade -r requirements.txt
 sudo systemctl restart faction-war
 ```
 
-### Update SSL Certificate
-```bash
-# Auto-renewal is configured by certbot
-# Test renewal:
-sudo certbot renew --dry-run
-```
+### Update Reverse Proxy Configuration
+Configure SSL certificate renewal in your reverse proxy (nginx, caddy, etc.)
 
 ## Backups
 
@@ -223,23 +234,23 @@ sudo journalctl -u faction-war -n 50
 sudo -u factionwar /opt/faction-war/app/venv/bin/python /opt/faction-war/app/main.py
 ```
 
-### 502 Bad Gateway
+### Cannot Connect to Application
 ```bash
 # Check if app is running
 sudo systemctl status faction-war
 
-# Check if listening on port 8000
-sudo netstat -tlnp | grep 8000
+# Check if listening on configured port
+sudo netstat -tlnp | grep 8000  # or your configured port
+
+# Check firewall rules
+sudo ufw status
+
+# Test direct connection
+curl http://localhost:8000
 ```
 
-### SSL Certificate Issues
-```bash
-# Renew manually
-sudo certbot renew
-
-# Check certificate status
-sudo certbot certificates
-```
+### Reverse Proxy Issues
+Refer to your reverse proxy documentation (nginx, caddy, etc.) for SSL/HTTPS troubleshooting
 
 ## Support
 
@@ -256,7 +267,6 @@ sudo systemctl status faction-war
 
 # View logs
 sudo journalctl -u faction-war -f
-sudo tail -f /var/log/nginx/faction-war-error.log
 
 # Update application
 cd /opt/faction-war/app && git pull && sudo systemctl restart faction-war
@@ -264,28 +274,31 @@ cd /opt/faction-war/app && git pull && sudo systemctl restart faction-war
 # Manual backup
 /opt/faction-war/backup.sh
 
-# Renew SSL
-sudo certbot renew
+# Check if application is listening
+sudo netstat -tlnp | grep 8000  # or your port
+
+# Test application directly
+curl http://localhost:8000
 ```
 
 ## Monitoring
 
 Monitor these logs regularly:
 - Application: `sudo journalctl -u faction-war -f`
-- Nginx Access: `/var/log/nginx/faction-war-access.log`
-- Nginx Errors: `/var/log/nginx/faction-war-error.log`
+- Reverse Proxy: Check your proxy logs (nginx, caddy, etc.)
 - System: `sudo tail -f /var/log/syslog`
 
 ## Production Best Practices
 
 1. **Use strong passwords** - Generate with OpenSSL
-2. **Keep dependencies updated** - Regular `pip install --upgrade`
-3. **Monitor logs** - Check for errors and suspicious activity
-4. **Backup regularly** - Automated daily backups configured
-5. **Use HTTPS only** - HTTP auto-redirects to HTTPS
+2. **Configure HTTPS** - Use a reverse proxy with SSL/TLS
+3. **Keep dependencies updated** - Regular `pip install --upgrade`
+4. **Monitor logs** - Check for errors and suspicious activity
+5. **Backup regularly** - Automated daily backups configured
 6. **Restrict firewall** - Only necessary ports open
 7. **Update system** - Regular `apt update && apt upgrade`
 8. **Test backups** - Periodically restore from backup to verify
+9. **Secure headers** - Configure security headers on your reverse proxy
 
 ## Features
 

caddy-reverse-proxy.example

@@ -0,0 +1,72 @@
+# Example Caddy Reverse Proxy Configuration
+# This is an OPTIONAL configuration if you want to use Caddy as your reverse proxy
+# The application runs on HTTP and does not require Caddy - you can use any reverse proxy
+#
+# Caddy is recommended for its simplicity and automatic HTTPS with Let's Encrypt
+
+# Step 1: Install Caddy
+# Ubuntu/Debian:
+# sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
+# curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+# curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+# sudo apt update
+# sudo apt install caddy
+
+# Step 2: Create/edit /etc/caddy/Caddyfile with the content below
+# Replace 'yourdomain.com' with your actual domain
+# Replace '8000' with your application port if different
+
+# ========== Caddyfile Content ==========
+
+yourdomain.com {
+    # Caddy automatically handles HTTPS with Let's Encrypt!
+
+    # Reverse proxy to your application
+    reverse_proxy localhost:8000
+
+    # Optional: Add security headers
+    header {
+        # Enable HSTS
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+
+        # Prevent clickjacking
+        X-Frame-Options "SAMEORIGIN"
+
+        # Prevent MIME type sniffing
+        X-Content-Type-Options "nosniff"
+
+        # Enable XSS protection
+        X-XSS-Protection "1; mode=block"
+    }
+
+    # Optional: Custom logging
+    log {
+        output file /var/log/caddy/faction-war.log
+    }
+}
+
+# ========== End Caddyfile Content ==========
+
+# Step 3: Validate configuration
+# sudo caddy validate --config /etc/caddy/Caddyfile
+
+# Step 4: Reload Caddy
+# sudo systemctl reload caddy
+
+# Step 5: Configure firewall
+# sudo ufw allow 80/tcp
+# sudo ufw allow 443/tcp
+
+# That's it! Caddy will automatically:
+# - Get SSL certificate from Let's Encrypt
+# - Renew certificates automatically
+# - Redirect HTTP to HTTPS
+# - Handle all SSL/TLS configuration
+
+# Your application will now be accessible at https://yourdomain.com
+
+# Useful Caddy commands:
+# sudo systemctl status caddy     # Check status
+# sudo systemctl restart caddy    # Restart Caddy
+# sudo journalctl -u caddy -f     # View logs
+# caddy version                   # Check Caddy version

main.py

@@ -98,13 +98,21 @@ async def start_bot():
 
 # Main Entry Point
 async def main():
+    # Parse command-line arguments
+    import argparse
+    parser = argparse.ArgumentParser(description="Faction War Dispatch Bot")
+    parser.add_argument("--port", type=int, default=8000, help="Port to run the application on (default: 8000)")
+    parser.add_argument("--host", type=str, default="127.0.0.1", help="Host to bind to (default: 127.0.0.1)")
+    args = parser.parse_args()
+
     # Start Discord bot in background
     bot_task = asyncio.create_task(start_bot())
 
     # Configure and run FastAPI server
-    config = uvicorn.Config(app, host="127.0.0.1", port=8000, log_level="info")
+    config = uvicorn.Config(app, host=args.host, port=args.port, log_level="info")
     server = uvicorn.Server(config)
 
+    print(f"Starting server on {args.host}:{args.port}")
     await server.serve()
 
 if __name__ == "__main__":

nginx-reverse-proxy.example

@@ -0,0 +1,89 @@
+# Example Nginx Reverse Proxy Configuration
+# This is an OPTIONAL configuration if you want to use Nginx as your reverse proxy
+# The application runs on HTTP and does not require nginx - you can use any reverse proxy
+
+# Step 1: Install nginx and certbot
+# sudo apt install nginx certbot python3-certbot-nginx
+
+# Step 2: Create this file at /etc/nginx/sites-available/faction-war
+# Replace 'yourdomain.com' with your actual domain
+# Replace '8000' with your application port if different
+
+# HTTP - Redirect to HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name yourdomain.com;  # REPLACE WITH YOUR DOMAIN
+
+    # Redirect all HTTP to HTTPS
+    return 301 https://$server_name$request_uri;
+}
+
+# HTTPS - Main Application
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name yourdomain.com;  # REPLACE WITH YOUR DOMAIN
+
+    # SSL Configuration (will be managed by Certbot)
+    # After running certbot, these lines will be automatically added:
+    # ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
+    # ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
+    # include /etc/letsencrypt/options-ssl-nginx.conf;
+    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    # Security Headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # Logging
+    access_log /var/log/nginx/faction-war-access.log;
+    error_log /var/log/nginx/faction-war-error.log;
+
+    # Proxy settings
+    location / {
+        # Replace 8000 with your application port if different
+        proxy_pass http://127.0.0.1:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket support (if needed in future)
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+
+    # Static files (optional optimization)
+    location /static/ {
+        alias /opt/faction-war/app/static/;
+        expires 1d;
+        add_header Cache-Control "public, immutable";
+    }
+}
+
+# Step 3: Enable the site
+# sudo ln -s /etc/nginx/sites-available/faction-war /etc/nginx/sites-enabled/
+
+# Step 4: Test configuration
+# sudo nginx -t
+
+# Step 5: Get SSL certificate with Certbot
+# sudo certbot --nginx -d yourdomain.com
+
+# Step 6: Reload nginx
+# sudo systemctl reload nginx
+
+# Step 7: Configure firewall
+# sudo ufw allow 80/tcp
+# sudo ufw allow 443/tcp
+
+# Your application will now be accessible at https://yourdomain.com

setup_production.sh

@@ -26,24 +26,14 @@ if [ "$EUID" -ne 0 ]; then
     exit 1
 fi
 
-# Get domain name
-read -p "Enter your domain name (e.g., faction.yourdomain.com): " DOMAIN
-if [ -z "$DOMAIN" ]; then
-    echo "Domain name is required!"
-    exit 1
-fi
-
-# Get email for Let's Encrypt
-read -p "Enter your email for SSL certificate (Let's Encrypt): " EMAIL
-if [ -z "$EMAIL" ]; then
-    echo "Email is required for SSL certificate!"
-    exit 1
-fi
+# Get port to run on (default 8000)
+read -p "Enter port to run application on (default: 8000): " APP_PORT
+APP_PORT=${APP_PORT:-8000}
 
 echo ""
 echo "Installing required packages..."
 apt update
-apt install -y python3 python3-pip python3-venv nginx certbot python3-certbot-nginx git
+apt install -y python3 python3-pip python3-venv git
 
 echo ""
 echo "Creating application user..."
@@ -120,47 +110,10 @@ fi
 chown factionwar:factionwar .env
 chmod 600 .env
 
-echo ""
-echo "Setting up Nginx configuration..."
-# Create a basic HTTP-only config first (Certbot will add SSL)
-cat > /etc/nginx/sites-available/faction-war << EOF
-# Basic HTTP configuration - Certbot will add SSL
-server {
-    listen 80;
-    listen [::]:80;
-    server_name $DOMAIN;
-
-    location / {
-        proxy_pass http://127.0.0.1:8000;
-        proxy_set_header Host \$host;
-        proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto \$scheme;
-    }
-}
-EOF
-
-ln -sf /etc/nginx/sites-available/faction-war /etc/nginx/sites-enabled/faction-war
-
-# Remove default nginx site if it exists
-rm -f /etc/nginx/sites-enabled/default
-
-echo ""
-echo "Testing Nginx configuration..."
-nginx -t
-
-echo ""
-echo "Reloading Nginx..."
-systemctl reload nginx
-
-echo ""
-echo "Getting SSL certificate from Let's Encrypt..."
-echo "Certbot will automatically configure SSL in the Nginx config"
-certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email $EMAIL --redirect
-
 echo ""
 echo "Setting up systemd service..."
-cp faction-war.service /etc/systemd/system/faction-war.service
+# Update the service file with the configured port
+sed "s|ExecStart=.*|ExecStart=/opt/faction-war/app/venv/bin/python main.py --port $APP_PORT|g" faction-war.service > /etc/systemd/system/faction-war.service
 systemctl daemon-reload
 systemctl enable faction-war
 systemctl start faction-war
@@ -169,8 +122,7 @@ echo ""
 echo "Configuring firewall..."
 ufw --force enable
 ufw allow ssh
-ufw allow 80/tcp
-ufw allow 443/tcp
+ufw allow $APP_PORT/tcp
 
 echo ""
 echo "Setting up backup cron job..."
@@ -196,7 +148,7 @@ echo "========================================"
 echo "Setup Complete!"
 echo "========================================"
 echo ""
-echo "Your application should now be running at: https://$DOMAIN"
+echo "Your application should now be running on port $APP_PORT"
 echo ""
 echo "User Account Information:"
 echo "  - Service user: factionwar (no password by default)"
@@ -208,9 +160,12 @@ echo "Important next steps:"
 echo "1. Configure /opt/faction-war/app/.env with your secrets (if not done already)"
 echo "   - Edit with: sudo -u factionwar nano /opt/faction-war/app/.env"
 echo "   - Then restart: sudo systemctl restart faction-war"
-echo "2. Visit https://$DOMAIN and log in with your AUTH_PASSWORD"
-echo "3. Configure your API keys in the Settings page (or use .env)"
-echo "4. Test the application functionality"
+echo "2. Access the application:"
+echo "   - Local: http://localhost:$APP_PORT"
+echo "   - Remote: http://YOUR_SERVER_IP:$APP_PORT"
+echo "3. Configure your reverse proxy (nginx, caddy, etc.) to handle HTTPS"
+echo "4. Configure your API keys in the Settings page (or use .env)"
+echo "5. Test the application functionality"
 echo ""
 echo "Useful commands:"
 echo "  - Check status: sudo systemctl status faction-war"
@@ -220,6 +175,7 @@ echo "  - Update code: cd /opt/faction-war/app && sudo -u factionwar git pull &&
 echo "  - Edit config: sudo -u factionwar nano /opt/faction-war/app/.env"
 echo ""
 echo "Security reminders:"
+echo "  - Configure HTTPS on your reverse proxy"
 echo "  - Keep your .env file secure (chmod 600)"
 echo "  - Regularly update: apt update && apt upgrade"
 echo "  - Monitor logs for suspicious activity"