jerick/faction_war_dispatch_bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d11840cf13ebebe1b7f132c05ed78d8356054ac5
faction_war_dispatch_bot/PRODUCTION_README.md
jerick b70d87c797 prod preparations
2026-01-28 08:53:21 -05:00

7.2 KiB
Raw Blame History

Faction War Dispatch Bot - Production Deployment

Quick Summary

This application is ready for production deployment with proper security measures. Follow the steps below to deploy to your Linux server.

Security Features Implemented

  • Environment variable support (.env files)
  • Secrets excluded from git (.gitignore)
  • HTTPS/SSL configuration (via Let's Encrypt)
  • JWT-based authentication
  • Nginx reverse proxy configuration
  • Systemd service for process management
  • Firewall configuration
  • Automated backups
  • Security headers

Prerequisites

  • Server: Linux VM (Ubuntu 20.04+ or Debian 11+)
  • RAM: 512MB minimum, 1GB recommended
  • Domain: Free domain from DuckDNS, FreeDNS, or No-IP
  • Port Access: Ports 80 and 443 open to the internet

Automated Setup (Recommended)

  1. Upload files to your server:

    scp -r * user@your-server:/opt/faction-war/app/

  2. Run the setup script:

    ssh user@your-server
cd /opt/faction-war/app
sudo bash setup_production.sh

  3. The script will:

    • Install all dependencies
    • Configure Nginx
    • Get SSL certificate
    • Setup systemd service
    • Configure firewall
    • Setup automated backups

  4. Follow prompts to:

    • Enter your domain name
    • Enter your email (for SSL)
    • Configure your .env file with secrets

Manual Setup

See DEPLOYMENT.md for detailed step-by-step instructions.

Free Domain Options

Option 1: DuckDNS (Recommended)

  • Visit https://www.duckdns.org
  • Sign in and create a subdomain (e.g., myfaction.duckdns.org)
  • Note your token for DNS updates
  • Free HTTPS support with Let's Encrypt

Option 2: FreeDNS

Option 3: No-IP

Critical Security Steps

Before Deployment:

  1. Generate Strong Secrets:

    # Generate AUTH_PASSWORD
openssl rand -base64 32

# Generate JWT_SECRET
openssl rand -hex 64

  2. Configure .env File:

    cp .env.example .env
nano .env

    Update these values:

    AUTH_PASSWORD=<generated-password>
JWT_SECRET=<generated-secret>
TORN_API_KEY=<your-api-key>
DISCORD_TOKEN=<your-bot-token>

  3. Secure .env File:

    chmod 600 .env

  4. Never Commit Secrets:

    • .env is in .gitignore
    • data/config.json is in .gitignore
    • Never commit API keys or passwords

Post-Deployment

Access Your Application

https://yourdomain.com

Check Service Status

sudo systemctl status faction-war

View Logs

sudo journalctl -u faction-war -f

Restart Service

sudo systemctl restart faction-war

Configuration

Option 1: Web Interface (Recommended)

  1. Visit https://yourdomain.com/config
  2. Configure all settings through the UI
  3. Settings are saved to data/config.json

Option 2: Environment Variables

  1. Edit /opt/faction-war/app/.env
  2. Restart service: sudo systemctl restart faction-war

Option 3: JSON File

  1. Edit data/config.json directly
  2. Restart service to apply changes

Priority: Environment variables > config.json > defaults

Security Checklist

Before going live, verify:

  • Strong AUTH_PASSWORD generated and set
  • Strong JWT_SECRET generated and set
  • HTTPS/SSL certificate installed
  • Firewall configured (only ports 22, 80, 443)
  • Port 8000 blocked from external access
  • .env file has permissions 600
  • data/ directory has permissions 700
  • Automatic SSL renewal working
  • Backups configured (2 AM daily)
  • Logs accessible and monitoring setup

File Structure

/opt/faction-war/app/
├── main.py                 # Application entry point
├── config.py               # Configuration loader
├── .env                    # Environment variables (NEVER COMMIT)
├── .env.example            # Example environment file
├── requirements.txt        # Python dependencies
├── faction-war.service     # Systemd service template
├── nginx.conf.example      # Nginx configuration template
├── setup_production.sh     # Automated setup script
├── DEPLOYMENT.md           # Detailed deployment guide
├── data/                   # Persistent data (NEVER COMMIT)
│   ├── config.json        # Web UI configuration
│   ├── discord_mapping.json
│   └── ...
├── routers/               # API routes
├── services/              # Business logic
├── static/                # Frontend assets
└── templates/             # HTML templates

Updates

Update Application

cd /opt/faction-war/app
git pull
sudo -u factionwar venv/bin/pip install --upgrade -r requirements.txt
sudo systemctl restart faction-war

Update SSL Certificate

# Auto-renewal is configured by certbot
# Test renewal:
sudo certbot renew --dry-run

Backups

Automated daily backups run at 2 AM:

  • Location: /opt/faction-war/backups/
  • Retention: 7 days
  • Manual backup: 
    /opt/faction-war/backup.sh

Troubleshooting

Application Won't Start

# Check logs
sudo journalctl -u faction-war -n 50

# Test manually
sudo -u factionwar /opt/faction-war/app/venv/bin/python /opt/faction-war/app/main.py

502 Bad Gateway

# Check if app is running
sudo systemctl status faction-war

# Check if listening on port 8000
sudo netstat -tlnp | grep 8000

SSL Certificate Issues

# Renew manually
sudo certbot renew

# Check certificate status
sudo certbot certificates

Support

For detailed deployment instructions, see DEPLOYMENT.md

Quick Commands Reference

# Service management
sudo systemctl start faction-war
sudo systemctl stop faction-war
sudo systemctl restart faction-war
sudo systemctl status faction-war

# View logs
sudo journalctl -u faction-war -f
sudo tail -f /var/log/nginx/faction-war-error.log

# Update application
cd /opt/faction-war/app && git pull && sudo systemctl restart faction-war

# Manual backup
/opt/faction-war/backup.sh

# Renew SSL
sudo certbot renew

Monitoring

Monitor these logs regularly:

  • Application: sudo journalctl -u faction-war -f
  • Nginx Access: /var/log/nginx/faction-war-access.log
  • Nginx Errors: /var/log/nginx/faction-war-error.log
  • System: sudo tail -f /var/log/syslog

Production Best Practices

  1. Use strong passwords - Generate with OpenSSL
  2. Keep dependencies updated - Regular pip install --upgrade
  3. Monitor logs - Check for errors and suspicious activity
  4. Backup regularly - Automated daily backups configured
  5. Use HTTPS only - HTTP auto-redirects to HTTPS
  6. Restrict firewall - Only necessary ports open
  7. Update system - Regular apt update && apt upgrade
  8. Test backups - Periodically restore from backup to verify

Features

  • Secure authentication (JWT + password)
  • Web-based configuration
  • Real-time activity logging
  • Active user tracking
  • Automated hit assignment
  • Chain timer monitoring
  • Server-side state persistence
  • Multi-device support

Ready to deploy? Run setup_production.sh on your server to get started!

Reference in New Issue View Git Blame Copy Permalink