firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
d4e92bb27e4f5a24a87d324a554a0ee83ba7f645
firefrost-operations-manual/docs/tasks/whitelist-manager
History
Claude 1722dfb17e docs: Add Command Center security hardening deployment guide 
Created comprehensive security hardening guide (500+ lines):

Defense-in-Depth Strategy:
- Layer 1: Fail2Ban auto-banning
- Layer 2: SSH key-only authentication
- Layer 3: UFW firewall optimization

5-Phase Deployment (1 hour total):
- Phase 1: Test SSH key access (CRITICAL - prevents lockout)
- Phase 2: Install and configure Fail2Ban (20 min)
- Phase 3: SSH hardening (20 min)
- Phase 4: UFW firewall review (15 min)
- Phase 5: Additional security (automatic updates, AIDE)

Security Features:
- Fail2Ban monitors SSH, Nginx, bad bots
- SSH: Key-only auth, MaxAuthTries=3, rate limiting
- UFW: Management IP whitelist, unnecessary ports closed
- Automatic security updates
- File integrity checking (AIDE)

Critical Safety Measures:
- Mandatory SSH key testing before disabling passwords
- Keep session open while testing
- Backup access via console/IPMI
- Step-by-step verification at each phase
- Comprehensive troubleshooting (lockout recovery)

Monitoring & Maintenance:
- Daily: Check Fail2Ban bans and auth logs
- Weekly: Review UFW logs and security updates
- Monthly: AIDE file integrity check

Ready to deploy when SSH access available.
Risk level: MEDIUM (can lock out if keys not tested)

Task: Command Center Security Hardening (Tier 1)
FFG-STD-002 compliant
2026-02-17 23:59:44 +00:00
..
deployment-plan.md
Move deployment plan to proper task directory
2026-02-16 06:19:35 -06:00
prerequisites.md
Add prerequisites checklist for whitelist-manager
2026-02-16 06:21:05 -06:00
README.md
docs: Add Command Center security hardening deployment guide
2026-02-17 23:59:44 +00:00

README.md

Whitelist Manager Web Dashboard

Status: DEPLOYMENT READY
Owner: Michael "Frostystyle" Krause
Priority: Tier 0 - Immediate Win
Last Updated: 2026-02-17
Time Estimate: 30-45 minutes deployment

Quick Links

  • Deployment Plan - Complete 6-phase build guide
  • Prerequisites - What you need before starting
  • (usage-guide.md - To be created after deployment)
  • (troubleshooting.md - To be created after deployment)

Overview

Web dashboard at whitelist.firefrostgaming.com for managing player whitelists across all 11 Minecraft servers. Replaces manual SSH and Pterodactyl console work.

The Problem:

  • Currently requires manual SSH to each node (TX1, NC1)
  • Update whitelist on each server individually via Pterodactyl console
  • Time-consuming (15+ minutes per change)
  • Error-prone
  • No visibility into current whitelist status

The Solution:

  • Web interface with server list and status
  • Toggle whitelist ON/OFF per server (one click)
  • Add/remove players from individual servers
  • Bulk add/remove across all servers
  • Staff-accessible (Michael, Meg, trusted staff)

Key Deliverables

  • Web Dashboard: whitelist.firefrostgaming.com
  • Backend: Python Flask application
  • Frontend: HTML + TailwindCSS responsive design
  • Authentication: Basic auth (username/password) via HTTPS
  • Hosting: Billing VPS (38.68.14.188, Chicago) - "Money on Billing" principle

Managed Servers

11 Minecraft Servers:

Texas Node (TX1):

  • Reclamation
  • Stoneblock 4
  • Society: Sunlit Valley
  • Vanilla 1.21.11
  • All The Mons

North Carolina Node (NC1):

  • The Ember Project
  • Minecolonies: Create and Conquer
  • All The Mods 10
  • Homestead
  • EMC Subterra Tech

Excluded (Non-Minecraft):

  • FoundryVTT (TX)
  • Hytale (NC)

Tech Stack

  • Backend: Python 3 + Flask
  • API Integration: Pterodactyl API v1 (console commands)
  • Frontend: HTML5 + TailwindCSS
  • Web Server: Nginx (reverse proxy)
  • SSL: Let's Encrypt
  • Process Manager: systemd
  • Authentication: Flask-HTTPAuth (basic auth)

Success Metrics

  • 15-minute task → 30 seconds (time savings)
  • Zero-error whitelist management (reliability)
  • Full visibility across all servers (transparency)
  • Staff accessible without SSH access (usability)

Dependencies

Blocks:

  • None (standalone tool)

Blocked By:

  • None (ready to build)

Prerequisites:

  • Pterodactyl panel URL and API key
  • Ghost VPS SSH access
  • DNS A record: whitelist.firefrostgaming.com → Ghost VPS IP
  • Admin credentials for dashboard

Current Status

COMPLETE - Ready for Deployment:

  • Complete Flask web application built
  • Fire & Frost themed TailwindCSS UI
  • Pterodactyl API integration complete
  • All configuration files created
  • Deployment scripts and guides ready
  • Security implemented (HTTPS, auth, API key management)
  • Awaiting SSH access to Billing VPS for deployment

Deployment Package Location: /deployments/whitelist-manager/ in operations manual repository

Next Steps:

  1. Obtain SSH access to Billing VPS (38.68.14.188)
  2. Configure DNS: whitelist.firefrostgaming.com38.68.14.188
  3. Run deployment (30-45 minutes using provided scripts)
  4. Test all functions
  5. Document credentials in Vaultwarden

Documentation in This Directory

Core Documents

deployment-plan.md (40+ pages)

  • Complete 6-phase deployment guide
  • Prerequisites checklist
  • Code examples (Flask, Nginx, systemd)
  • Testing procedures
  • Security considerations
  • Maintenance guidelines
  • Future enhancements roadmap

prerequisites.md

  • Pterodactyl API access
  • Ghost VPS requirements
  • DNS configuration
  • Authentication setup

To Be Created

usage-guide.md (after deployment)

  • Staff usage instructions
  • Common workflows
  • Access control
  • Screenshots

troubleshooting.md (after deployment)

  • Common issues and solutions
  • Error messages
  • Recovery procedures
  • Service restart procedures

maintenance.md (after deployment)

  • Daily/weekly/monthly tasks
  • Update procedures
  • Log rotation
  • Health checks

Future Enhancements (Phase 2)

Discord Bot Integration:

  • /whitelist add player command in Discord
  • Automated notifications when players added/removed

Paymenter Integration:

  • Auto-whitelist on subscription payment
  • Auto-remove on subscription cancellation
  • Grace period handling

Advanced Features:

  • Whitelist sync verification (ensure all servers match)
  • Player activity tracking
  • Automated whitelist backups
  • Whitelist import/export (CSV)
  • Bulk operations via file upload

UI Improvements:

  • Real-time server status indicators
  • Player search/filter
  • Recent changes history
  • Multi-server checkbox selection

Authentication Upgrades:

  • SSO integration with Wiki.js
  • Role-based permissions (admin/moderator/viewer)
  • 2FA support
  • API tokens for automation

Related Documents

Fire + Frost + Foundation = Where Love Builds Legacy 💙🔥❄️

Document Status: ACTIVE
Task Status: Planning
Ready to Build: Yes (awaiting medical clearance)

Reference in New Issue View Git Blame Copy Permalink