16 KiB
16 KiB
Deployment Guide for ACC Server Manager
Overview
This guide provides comprehensive instructions for deploying the ACC Server Manager in various environments, from development to production. It covers security considerations, performance optimization, monitoring setup, and maintenance procedures.
🚀 Quick Start Deployment
Prerequisites Checklist
- Windows 10/11 or Windows Server 2016+
- Go 1.23.0 or later installed
- Administrative privileges
- Valid Steam account
- Internet connection for Steam downloads
Minimum System Requirements
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4+ cores |
| RAM | 4 GB | 8+ GB |
| Storage | 10 GB free | 50+ GB SSD |
| Network | 10 Mbps | 100+ Mbps |
📦 Installation Methods
Method 1: Binary Deployment (Recommended)
-
Download Release Binary
# Download the latest release from GitHub # Extract to your installation directory cd C:\ACC-Server-Manager -
Configure Environment
copy .env.example .env # Edit .env with your configuration -
Generate Secrets
# Generate JWT secret openssl rand -base64 64 # Generate app secrets openssl rand -hex 32 # Generate encryption key openssl rand -hex 32 -
Run Application
.\acc-server-manager.exe
Method 2: Source Code Deployment
-
Clone Repository
git clone https://github.com/FJurmanovic/acc-server-manager.git cd acc-server-manager -
Install Dependencies
go mod download go mod verify -
Build Application
# Development build go build -o acc-server-manager.exe cmd/api/main.go # Production build (optimized) go build -ldflags="-w -s" -o acc-server-manager.exe cmd/api/main.go -
Configure and Run
copy .env.example .env # Configure your .env file .\acc-server-manager.exe
🔧 Environment Configuration
Production Environment Variables
Create a production .env file:
# ========================================
# PRODUCTION CONFIGURATION
# ========================================
# Security (REQUIRED - Generate unique values)
JWT_SECRET=your-production-jwt-secret-64-chars-minimum
APP_SECRET=your-production-app-secret-32-chars
APP_SECRET_CODE=your-production-secret-code-32-chars
ENCRYPTION_KEY=your-production-encryption-key-32-bytes
# Server Configuration
PORT=8080
HOST=0.0.0.0
PRODUCTION=true
FORCE_HTTPS=true
# Database
DB_NAME=acc_production.db
DB_PATH=./data
# CORS (Set to your actual domain)
CORS_ALLOWED_ORIGIN=https://yourdomain.com
# Security Settings
RATE_LIMIT_GLOBAL=1000
RATE_LIMIT_AUTH=10
SESSION_TIMEOUT=120
MAX_LOGIN_ATTEMPTS=5
LOCKOUT_DURATION=30
# Steam Configuration
STEAMCMD_PATH=C:\steamcmd\steamcmd.exe
NSSM_PATH=C:\nssm\nssm.exe
# Logging
LOG_LEVEL=warn
LOG_FILE=./logs/production.log
LOG_MAX_SIZE=100
LOG_MAX_FILES=10
# Monitoring
HEALTH_CHECK_ENABLED=true
METRICS_ENABLED=true
PERFORMANCE_MONITORING=true
# Backup
AUTO_BACKUP=true
BACKUP_INTERVAL=12
BACKUP_RETENTION=30
BACKUP_DIR=./backups
Development Environment Variables
# ========================================
# DEVELOPMENT CONFIGURATION
# ========================================
# Security (Use secure values even in dev)
JWT_SECRET=dev-jwt-secret-but-still-secure-64-chars-minimum
APP_SECRET=dev-app-secret-32-chars-here
APP_SECRET_CODE=dev-secret-code-32-chars-here
ENCRYPTION_KEY=dev-encryption-key-32-bytes-here
# Server Configuration
PORT=3000
HOST=localhost
DEV_MODE=true
DEBUG_ENDPOINTS=true
# Database
DB_NAME=acc_dev.db
# CORS
CORS_ALLOWED_ORIGIN=http://localhost:3000,http://localhost:5173
# Relaxed Security (Development Only)
RATE_LIMIT_GLOBAL=1000
DISABLE_SECURITY=false
# Logging
LOG_LEVEL=debug
LOG_COLORS=true
ENABLE_SQL_LOGGING=true
# Development Tools
HOT_RELOAD=true
ENABLE_TEST_FIXTURES=true
🔒 Security Hardening
SSL/TLS Configuration
-
Obtain SSL Certificate
# Option 1: Let's Encrypt (Free) certbot certonly --webroot -w /var/www/html -d yourdomain.com # Option 2: Commercial Certificate # Purchase and install certificate from CA -
Configure Reverse Proxy (Nginx)
server { listen 443 ssl http2; server_name yourdomain.com; ssl_certificate /path/to/certificate.crt; ssl_certificate_key /path/to/private.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE+AESGCM:ECDHE+AES256:ECDHE+AES128:!aNULL:!MD5:!DSS; location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # Redirect HTTP to HTTPS server { listen 80; server_name yourdomain.com; return 301 https://$server_name$request_uri; } -
Configure Application for SSL
FORCE_HTTPS=true CORS_ALLOWED_ORIGIN=https://yourdomain.com
Firewall Configuration
-
Windows Firewall Rules
# Allow application through Windows Firewall New-NetFirewallRule -DisplayName "ACC Server Manager" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow # Allow ACC server ports (adjust range as needed) New-NetFirewallRule -DisplayName "ACC Servers TCP" -Direction Inbound -Protocol TCP -LocalPort 9600-9700 -Action Allow New-NetFirewallRule -DisplayName "ACC Servers UDP" -Direction Inbound -Protocol UDP -LocalPort 9600-9700 -Action Allow -
Network Security Groups (Azure)
{ "securityRules": [ { "name": "AllowHTTPS", "properties": { "protocol": "TCP", "sourcePortRange": "*", "destinationPortRange": "443", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*", "access": "Allow", "priority": 1000, "direction": "Inbound" } } ] }
User Access Control
-
Create Dedicated Service Account
# Create service account New-LocalUser -Name "ACCServiceUser" -Description "ACC Server Manager Service Account" -NoPassword Add-LocalGroupMember -Group "Users" -Member "ACCServiceUser" # Set permissions on application directory icacls "C:\ACC-Server-Manager" /grant "ACCServiceUser:(OI)(CI)F" -
Configure Service Permissions
# Grant service logon rights secedit /export /cfg security.inf # Edit security.inf to add ACCServiceUser to SeServiceLogonRight secedit /configure /db security.sdb /cfg security.inf
🏗️ Service Installation
Windows Service with NSSM
-
Install NSSM
# Download NSSM from https://nssm.cc/ # Extract nssm.exe to C:\nssm\ -
Create Service
# Install service C:\nssm\nssm.exe install "ACCServerManager" "C:\ACC-Server-Manager\acc-server-manager.exe" # Configure service C:\nssm\nssm.exe set "ACCServerManager" DisplayName "ACC Server Manager" C:\nssm\nssm.exe set "ACCServerManager" Description "Assetto Corsa Competizione Server Manager" C:\nssm\nssm.exe set "ACCServerManager" Start SERVICE_AUTO_START C:\nssm\nssm.exe set "ACCServerManager" AppDirectory "C:\ACC-Server-Manager" C:\nssm\nssm.exe set "ACCServerManager" ObjectName ".\ACCServiceUser" "password" # Configure logging C:\nssm\nssm.exe set "ACCServerManager" AppStdout "C:\ACC-Server-Manager\logs\service.log" C:\nssm\nssm.exe set "ACCServerManager" AppStderr "C:\ACC-Server-Manager\logs\service-error.log" # Start service C:\nssm\nssm.exe start "ACCServerManager" -
Service Management
# Check service status Get-Service -Name "ACCServerManager" # Start/Stop service Start-Service -Name "ACCServerManager" Stop-Service -Name "ACCServerManager" # Remove service (if needed) C:\nssm\nssm.exe remove "ACCServerManager" confirm
Systemd Service (Linux/WSL)
[Unit]
Description=ACC Server Manager
After=network.target
[Service]
Type=simple
User=accmanager
WorkingDirectory=/opt/acc-server-manager
ExecStart=/opt/acc-server-manager/acc-server-manager
Restart=always
RestartSec=10
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
EnvironmentFile=/opt/acc-server-manager/.env
[Install]
WantedBy=multi-user.target
📊 Monitoring Setup
Health Check Monitoring
-
Configure Health Checks
HEALTH_CHECK_ENABLED=true HEALTH_CHECK_PATH=/health HEALTH_CHECK_TIMEOUT=10 -
External Monitoring (UptimeRobot)
# Monitor endpoint: https://yourdomain.com/health # Expected response: 200 OK with JSON health status
Log Management
-
Log Rotation Configuration
LOG_MAX_SIZE=100 LOG_MAX_FILES=10 LOG_MAX_AGE=30 -
Centralized Logging (Optional)
# docker-compose.yml for ELK Stack version: '3' services: elasticsearch: image: elasticsearch:7.14.0 logstash: image: logstash:7.14.0 kibana: image: kibana:7.14.0
Performance Monitoring
-
Enable Metrics
METRICS_ENABLED=true METRICS_PORT=9090 PERFORMANCE_MONITORING=true -
Prometheus Configuration
# prometheus.yml global: scrape_interval: 15s scrape_configs: - job_name: 'acc-server-manager' static_configs: - targets: ['localhost:9090']
🔄 Database Management
Database Backup Strategy
-
Automated Backups
AUTO_BACKUP=true BACKUP_INTERVAL=12 BACKUP_RETENTION=30 BACKUP_DIR=./backups BACKUP_COMPRESS=true -
Manual Backup
# Create manual backup $timestamp = Get-Date -Format "yyyyMMdd-HHmmss" Copy-Item "acc.db" "backups/acc-backup-$timestamp.db" # Compress backup Compress-Archive "backups/acc-backup-$timestamp.db" "backups/acc-backup-$timestamp.zip" -
Backup Verification
# Test backup integrity sqlite3 backup.db "PRAGMA integrity_check;"
Database Migration
-
Pre-Migration Backup
# Always backup before migration copy acc.db acc-pre-migration-backup.db -
Migration Process
# Migration runs automatically on startup # Check logs for migration status tail -f logs/app.log | grep -i migration
🌐 Load Balancing (High Availability)
Multiple Instance Setup
-
Load Balancer Configuration (HAProxy)
global daemon defaults mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms frontend acc_frontend bind *:80 default_backend acc_servers backend acc_servers balance roundrobin server acc1 10.0.0.10:8080 check server acc2 10.0.0.11:8080 check server acc3 10.0.0.12:8080 check -
Shared Database Setup
# Use network-attached storage for database # Mount shared volume on all instances net use Z: \\fileserver\acc-shared
Session Clustering
# Redis for session storage
REDIS_URL=redis://localhost:6379
SESSION_STORE=redis
🔧 Maintenance Procedures
Regular Maintenance Tasks
-
Daily Tasks
# Check service status Get-Service -Name "ACCServerManager" # Check disk space Get-WmiObject -Class Win32_LogicalDisk | Select-Object DeviceID, Size, FreeSpace # Review error logs Get-Content "logs/error.log" -Tail 50 -
Weekly Tasks
# Update system patches Install-Module PSWindowsUpdate Get-WUInstall -AcceptAll -AutoReboot # Clean old log files Get-ChildItem "logs\" -Name "*.log.*" | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-30)} | Remove-Item # Verify backup integrity sqlite3 backups/latest.db "PRAGMA integrity_check;" -
Monthly Tasks
# Update dependencies go get -u ./... go mod tidy # Security scan go install github.com/securecodewarrior/gosec/v2/cmd/gosec@latest gosec ./... # Performance review # Review metrics and optimize based on usage patterns
Update Procedures
-
Backup Current Installation
# Stop service Stop-Service -Name "ACCServerManager" # Backup application Copy-Item -Recurse "C:\ACC-Server-Manager" "C:\ACC-Server-Manager-Backup-$(Get-Date -Format 'yyyyMMdd')" -
Deploy New Version
# Download new version # Replace executable # Update configuration if needed # Start service Start-Service -Name "ACCServerManager" -
Rollback Procedure
# Stop service Stop-Service -Name "ACCServerManager" # Restore backup Remove-Item -Recurse "C:\ACC-Server-Manager" Copy-Item -Recurse "C:\ACC-Server-Manager-Backup-$(Get-Date -Format 'yyyyMMdd')" "C:\ACC-Server-Manager" # Start service Start-Service -Name "ACCServerManager"
🐛 Troubleshooting
Common Issues
-
Service Won't Start
# Check service status Get-Service -Name "ACCServerManager" # Check service logs Get-Content "logs/service-error.log" -Tail 50 # Check Windows Event Log Get-EventLog -LogName System -Source "ACCServerManager" -Newest 10 -
Database Connection Issues
# Check database file permissions icacls acc.db # Test database connection sqlite3 acc.db ".tables" # Check for database locks lsof acc.db # Linux -
Steam Integration Issues
# Verify SteamCMD installation C:\steamcmd\steamcmd.exe +quit # Check Steam credentials # Review Steam-related logs
Performance Issues
-
High CPU Usage
# Check for resource-intensive operations # Monitor process performance Get-Process -Name "acc-server-manager" | Select-Object CPU, WorkingSet -
Memory Leaks
# Monitor memory usage over time # Enable detailed memory profiling go tool pprof http://localhost:8080/debug/pprof/heap -
Database Performance
-- Analyze database performance PRAGMA table_info(servers); EXPLAIN QUERY PLAN SELECT * FROM servers WHERE status = 'running';
📞 Support and Resources
Documentation Resources
- README.md - Getting started guide
- SECURITY.md - Security guidelines
- API.md - API documentation
- CONFIGURATION.md - Configuration reference
Community Support
- GitHub Issues - Bug reports and feature requests
- Discord Community - Real-time community support
- Wiki - Community-maintained documentation
Professional Support
- Enterprise Support - Professional deployment assistance
- Consulting Services - Custom implementation and optimization
- Training - Team training and best practices
Emergency Contacts
Production Issues: support@yourdomain.com
Security Issues: security@yourdomain.com
Emergency Hotline: +1-XXX-XXX-XXXX
📋 Deployment Checklist
Pre-Deployment
- System requirements verified
- Dependencies installed
- Secrets generated and secured
- Configuration reviewed
- Security hardening applied
- Backup strategy implemented
- Monitoring configured
Post-Deployment
- Service running successfully
- Health checks passing
- Logs being written correctly
- Database accessible
- API endpoints responding
- Frontend integration working
- Monitoring alerts configured
- Documentation updated
Production Readiness
- SSL/TLS configured
- Firewall rules applied
- Performance monitoring active
- Backup procedures tested
- Update procedures documented
- Disaster recovery plan created
- Team training completed
Remember: Always test deployments in a staging environment before applying to production!