diff --git a/docs/deployment/dev-vps-setup.md b/docs/deployment/dev-vps-setup.md new file mode 100644 index 0000000..6b84bd8 --- /dev/null +++ b/docs/deployment/dev-vps-setup.md @@ -0,0 +1,520 @@ +# Dev VPS - Initial Setup and Configuration + +**Server:** Dev VPS (Development/Testing Environment) +**IP:** 64.50.188.128 +**Location:** Chicago, IL +**Provider:** Breezehost +**Deployed:** April 1, 2026 +**Configured by:** Chronicler #51 + +--- + +## Overview + +Fresh Ubuntu 24.04 LTS server configured as a development and testing environment for Firefrost Gaming projects. Provides isolated environment for experimentation, CI/CD testing, and development work without affecting production infrastructure. + +--- + +## Server Specifications + +**Hardware:** +- CPU: 2x AMD Epyc (Cloud-2) +- RAM: 4GB (3.8GB usable) +- Storage: 80GB NVMe SSD (38GB allocated, 36GB free) +- Swap: 512MB +- Network: 1 Gbps (inbound/outbound) + +**Network Configuration:** +- Primary IP: 64.50.188.128 +- Gateway: 64.50.188.1 +- Netmask: 255.255.255.0 +- Interface: ens3 +- MAC: 00:6C:80:0E:FB:72 +- DNS Primary: 1.1.1.1 (Cloudflare) +- DNS Secondary: 8.8.8.8 (Google) +- IPv6: Disabled (was auto-assigned, manually disabled) + +**Operating System:** +- Distribution: Ubuntu Server 24.04.4 LTS (Noble Numbat) Minimal +- Kernel: 6.8.0-106-generic x86_64 +- Architecture: x86_64 +- Support: Until April 2029 (5 years) + +--- + +## Installed Software + +### System Utilities +- **UFW Firewall:** v0.36.2-6 (active and enabled on boot) +- **Cockpit:** Latest (web-based server management) + - cockpit-storaged (storage management) + - cockpit-networkmanager (network configuration) + - cockpit-packagekit (package management) + +### Development Tools +- **Node.js:** Latest LTS (v20.x series) +- **npm:** Latest (bundled with Node.js) +- **Docker:** v29.3.1 (latest stable) + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + +### Planned Installations +- **Git:** For version control +- **fail2ban:** SSH brute-force protection +- **Python 3:** For automation scripts +- **Nginx:** Reverse proxy (if needed for testing) + +--- + +## Security Configuration + +### Firewall Rules (UFW) + +**Status:** Active and enabled on system startup +**Logging:** On (low level) +**Default Policies:** +- Incoming: DENY +- Outgoing: ALLOW +- Routed: DISABLED + +**Allowed Ports:** +| Port | Protocol | Service | Comment | +|------|----------|---------|---------| +| 22 | TCP | SSH | Remote access | +| 9090 | TCP | Cockpit | Web terminal | + +**View current rules:** +```bash +ufw status verbose +``` + +**Add new rule:** +```bash +ufw allow [port]/tcp comment 'Service Name' +``` + +### IPv6 Configuration + +**Status:** Disabled + +IPv6 was auto-assigned by Breezehost but manually disabled for simplicity. + +**Configuration in `/etc/sysctl.conf`:** +``` +net.ipv6.conf.all.disable_ipv6 = 1 +net.ipv6.conf.default.disable_ipv6 = 1 +``` + +**To re-enable IPv6 (if needed):** +```bash +sed -i '/net.ipv6.conf.all.disable_ipv6/d' /etc/sysctl.conf +sed -i '/net.ipv6.conf.default.disable_ipv6/d' /etc/sysctl.conf +sysctl -p +reboot +``` + +### Root Access + +**SSH:** Enabled (currently) +**Cockpit:** Enabled (root removed from disallowed-users) +**Password:** Set (stored in Vaultwarden) + +**Future Hardening (TODO):** +- Create sudo-enabled admin user +- Disable root SSH login +- Enable SSH key-only authentication +- Install fail2ban for brute-force protection + +--- + +## Service Access + +### SSH Access + +**Method 1: MobaXterm (Windows)** +``` +Host: 64.50.188.128 +Port: 22 +User: root +Auth: Password or SSH key +``` + +**Method 2: Command Line** +```bash +ssh root@64.50.188.128 +``` + +### Cockpit Web Terminal + +**URL:** https://64.50.188.128:9090 + +**Login Credentials:** +- Username: `root` +- Password: [stored in Vaultwarden] + +**Features Available:** +- Terminal (web-based SSH) +- System monitoring (CPU, RAM, disk, network) +- Storage management +- Network configuration +- Package management (APT) +- Service management (systemd) +- Log viewer + +**Certificate Warning:** Self-signed certificate will trigger browser warning - this is normal, click "Accept Risk and Continue" + +--- + +## Docker Configuration + +**Version:** 29.3.1 +**Status:** Installed and running + +### Basic Docker Commands + +**Test installation:** +```bash +docker run hello-world +``` + +**Common commands:** +```bash +# List running containers +docker ps + +# List all containers (including stopped) +docker ps -a + +# List images +docker images + +# Pull an image +docker pull ubuntu:latest + +# Run a container +docker run -it ubuntu:latest bash + +# Remove stopped containers +docker container prune + +# Remove unused images +docker image prune +``` + +### Docker Compose + +**Installed:** Yes (v2 plugin) + +**Usage:** +```bash +docker compose up -d +docker compose down +docker compose logs -f +``` + +--- + +## Node.js Configuration + +**Version:** Latest LTS (v20.x) +**npm Version:** Latest (bundled) + +### Basic Commands + +**Check versions:** +```bash +node --version +npm --version +``` + +**Install packages globally:** +```bash +npm install -g [package-name] +``` + +**Install packages locally:** +```bash +npm install [package-name] +``` + +--- + +## System Monitoring + +### Command Line Tools + +**System info:** +```bash +# OS version +cat /etc/os-release + +# Kernel version +uname -r + +# System uptime +uptime + +# Memory usage +free -h + +# Disk usage +df -h + +# CPU info +lscpu + +# Network interfaces +ip a + +# Active connections +ss -tulpn +``` + +### Cockpit Dashboard + +Access via https://64.50.188.128:9090 for graphical monitoring: +- Real-time CPU/RAM/disk graphs +- Network traffic monitoring +- Service status +- System logs + +--- + +## Common Maintenance Tasks + +### Update System Packages + +```bash +apt update +apt upgrade -y +apt autoremove -y +``` + +### Restart Services + +```bash +# Restart Docker +systemctl restart docker + +# Restart Cockpit +systemctl restart cockpit + +# Restart UFW +ufw reload +``` + +### Check Service Status + +```bash +systemctl status docker +systemctl status cockpit.socket +systemctl status ufw +``` + +### Clean Up Disk Space + +```bash +# Remove old packages +apt autoremove -y +apt autoclean + +# Remove Docker cruft +docker system prune -a + +# Remove old logs +journalctl --vacuum-time=7d +``` + +--- + +## Development Workflow Examples + +### Testing a Node.js Application + +```bash +# Clone repo +git clone [repo-url] +cd [project] + +# Install dependencies +npm install + +# Run application +npm start +``` + +### Testing with Docker + +```bash +# Build custom image +docker build -t myapp:latest . + +# Run container +docker run -d -p 8080:8080 myapp:latest + +# View logs +docker logs -f [container-id] + +# Stop container +docker stop [container-id] +``` + +### Testing CI/CD Pipelines + +```bash +# Clone Firefrost services repo +git clone https://[token]@git.firefrostgaming.com/firefrost-gaming/firefrost-services.git + +# Test deployment script +cd firefrost-services +./deploy.sh --test +``` + +--- + +## Troubleshooting + +### Cannot SSH to Server + +**Check firewall:** +```bash +ufw status +``` + +**Ensure SSH is allowed:** +```bash +ufw allow 22/tcp +``` + +**Check SSH service:** +```bash +systemctl status ssh +``` + +### Cockpit Not Accessible + +**Check service:** +```bash +systemctl status cockpit.socket +``` + +**Restart if needed:** +```bash +systemctl restart cockpit +``` + +**Check firewall:** +```bash +ufw allow 9090/tcp +``` + +### Docker Container Won't Start + +**Check logs:** +```bash +docker logs [container-name] +``` + +**Check Docker service:** +```bash +systemctl status docker +``` + +**Restart Docker:** +```bash +systemctl restart docker +``` + +### Out of Disk Space + +**Check usage:** +```bash +df -h +du -sh /* | sort -h +``` + +**Clean up:** +```bash +apt autoremove -y +apt autoclean +docker system prune -a +journalctl --vacuum-time=7d +``` + +--- + +## Future Enhancements + +### Phase 1 (Security Hardening) +- [ ] Create sudo-enabled admin user (`architect`) +- [ ] Install fail2ban +- [ ] Disable root SSH login +- [ ] SSH key-only authentication +- [ ] Configure automatic security updates + +### Phase 2 (Development Tools) +- [ ] Install Git +- [ ] Install Python 3 and pip +- [ ] Install Nginx (if needed) +- [ ] Set up CI/CD runner (GitHub Actions or Gitea Actions) +- [ ] Configure development database (PostgreSQL or MySQL) + +### Phase 3 (Monitoring) +- [ ] Install Netdata for advanced monitoring +- [ ] Configure log aggregation +- [ ] Set up alerting (Discord webhooks) +- [ ] Integrate with Uptime Kuma on Command Center + +--- + +## Cost and Resources + +**Monthly Cost:** $10 +**Provider:** Breezehost (locked-in pricing) +**Commitment:** Month-to-month (no contract) + +**Resource Allocation:** +- CPU: Light (development workloads) +- RAM: Adequate for most dev tasks (4GB) +- Storage: Sufficient for testing (80GB) +- Network: Fast (1 Gbps) + +--- + +## Related Documentation + +- **Infrastructure Manifest:** `docs/core/infrastructure-manifest.md` +- **Command Center Setup:** `docs/deployment/command-center-setup.md` +- **Docker Best Practices:** `docs/guides/docker-best-practices.md` +- **Security Hardening Guide:** `docs/guides/server-security-hardening.md` + +--- + +## Deployment Log + +**April 1, 2026 - Initial Setup:** +1. ✅ Ubuntu 24.04 LTS installed (Noble Numbat Minimal) +2. ✅ System updated (apt update && upgrade) +3. ✅ Root password set +4. ✅ IPv6 disabled +5. ✅ UFW firewall configured (ports 22, 9090) +6. ✅ Node.js LTS installed +7. ✅ Docker v29.3.1 installed +8. ✅ Cockpit web terminal installed +9. ✅ Root login to Cockpit enabled +10. ✅ Server rebooted and tested + +**Status:** ✅ OPERATIONAL - Ready for development work + +--- + +**Fire + Frost + Foundation = Where Love Builds Legacy** 🔥❄️💙 + +--- + +**Last Updated:** April 1, 2026 +**Configured by:** Chronicler #51 +**Next Steps:** Security hardening (create admin user, fail2ban, SSH keys)