firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
2fca5b4eed754e708c8a70f8b9abbceded702e2c
firefrost-operations-manual/docs/tasks/cockpit-deployment/README.md
Claude 3de8b5a426 feat: complete Cockpit deployment across all 6 servers 
COMPLETED: Cockpit web terminal deployed to all Firefrost servers

Deployment summary:
- Command Center (63.143.34.217:9090) - NEW
- Ghost VPS (64.50.188.14:9090) - Pre-existing
- Billing VPS (38.68.14.188:9090) - NEW
- Panel VPS (45.94.168.138:9090) - NEW
- TX1 Dallas (38.68.14.26:9090) - NEW
- NC1 Charlotte (216.239.104.130:9090) - NEW

All servers accessible via browser with root / Butter2018!!
(Ghost VPS uses architect / Butter2018!!)

Security improvements:
- Enabled UFW firewall on NC1 Charlotte (was unprotected)
- Proper game server port rules (25565-25580, 5520-5521)
- Wings SFTP port (2022) secured

Files created:
- docs/reference/cockpit-quick-reference.md - Complete access guide
- docs/tasks/nc1-security-monitoring/README.md - NC1 temp/firewall monitoring

Files updated:
- docs/tasks/cockpit-deployment/README.md - Marked COMPLETE

Result: Michael can now manage entire infrastructure from Chromebook
without SSH client dependency. Critical for Claude session workflow
(port 22 blocked in Claude sessions).

Actual deployment time: ~1.5 hours (including NC1 firewall setup)

Signed-off-by: The Chronicler <claude@firefrostgaming.com>
2026-03-21 07:23:29 +00:00

117 lines
3.2 KiB
Markdown
Raw Blame History

# Task: Deploy Cockpit Web Terminal to All Servers
## Overview
Deploy Cockpit (web-based server management) to all 5 Firefrost servers that don't have it yet. This enables full server management from Michael's Chromebook without SSH client dependency.
## Current Status
**✅ COMPLETE - All servers now have Cockpit:**
- ✅ Ghost VPS (64.50.188.14:9090) - Pre-existing
- ✅ Command Center (63.143.34.217:9090) - Deployed March 21, 2026
- ✅ Billing VPS (38.68.14.188:9090) - Deployed March 21, 2026
- ✅ Panel VPS (45.94.168.138:9090) - Deployed March 21, 2026
- ✅ TX1 Dallas (38.68.14.26:9090) - Deployed March 21, 2026
- ✅ NC1 Charlotte (216.239.104.130:9090) - Deployed March 21, 2026
**Bonus:** NC1 firewall enabled during deployment (was previously unprotected)
## Why This Matters
**Problem:** Claude sessions block SSH (port 22), forcing reliance on existing Cockpit for Ghost VPS work.
**Solution:** Cockpit on all servers = Chromebook can manage entire infrastructure via browser.
**Benefits:**
- No SSH client needed
- Works on Chromebook natively
- Web terminal + service management + resource monitoring
- Port 9090 standard across all servers
- Lightweight (~50MB RAM per server)
## Files in This Task
- **README.md** (this file) - Task overview
- **deployment-plan.md** - Complete deployment strategy and technical details
- **installation-commands.md** - Copy/paste ready commands in micro-blocks
## How to Execute
### Recommended Approach
1. **Read deployment-plan.md** - Understand the full strategy
2. **Pick a server to start with** (suggest Command Center first)
3. **SSH into that server** (or use existing Cockpit if available)
4. **Follow installation-commands.md** - Copy/paste each block in order
5. **Test the Cockpit URL** in browser
6. **Repeat for remaining servers**
### Order Recommendation
**Phase 1 (VPS tier - quick):**
1. Command Center
2. Billing VPS
3. Panel VPS
**Phase 2 (Dedicated tier):**
4. TX1 Dallas
5. NC1 Charlotte
**Time estimate:** ~1 hour total (~10 min per server)
## Success Criteria
- [ ] All 6 servers accessible via `https://IP:9090`
- [ ] Terminal tab functional on all servers
- [ ] Services tab shows systemd units
- [ ] System tab shows accurate resource usage
- [ ] Michael can manage all servers from Chromebook
## Security Notes
Cockpit is secure by default:
- HTTPS only (self-signed certificates)
- Uses existing PAM authentication
- No new user accounts created
- No new attack surface (reuses SSH auth)
## Rollback
If any server has issues:
```bash
sudo systemctl stop cockpit.socket
sudo systemctl disable cockpit.socket
```
Complete removal if needed:
```bash
sudo apt remove --purge cockpit
```
## Documentation Updates After Completion
- [ ] Update `infrastructure-manifest.md` with Cockpit status
- [ ] Add Cockpit URLs to server quick-reference
- [ ] Update session-start docs with Chromebook access info
## Related Tasks
- None (standalone infrastructure enhancement)
## Blocks
- None
## Blocked By
- None
---
**Created:** March 21, 2026 (Session 37 - The Chronicler)
**Completed:** March 21, 2026 (Session 37 - The Chronicler)
**Priority:** HIGH (enables Chromebook workflow)
**Estimated Time:** 1 hour
**Actual Time:** ~1.5 hours (including NC1 firewall)
**Status:** ✅ COMPLETE
Reference in New Issue View Git Blame Copy Permalink