Backend Setup

Complete guide for deploying the Citadel backend API.

Installation

# From the project root — installs backend + frontend
npm install

Configuration

On first run, Citadel launches a setup wizard that generates the .env file with secure defaults:

npm start

The wizard will:

1. Generate a secure JWT_SECRET
2. Create your admin account
3. Configure SteamCMD (for mod management)
4. Set up your first DayZ server profile

You can also run the setup wizard standalone:

npm run setup

Or create .env manually from .env.example — see Environment Variables for the full reference.

Minimum Configuration

# Security (auto-generated by setup wizard)
JWT_SECRET=your-secure-random-string

# Server
PORT=3001
NODE_ENV=production

# Admin credentials (set during setup wizard)
ADMIN_USERNAME=admin
ADMIN_PASSWORD=your-secure-password

# DayZ Server
DAYZ_SERVER_IP=127.0.0.1
DAYZ_INSTALL_DIR=C:\DayZ\Server
RCON_PASSWORD=your-rcon-password

Running as Administrator

[!CAUTION] Citadel requires Administrator privileges for full functionality. Without admin rights:

• Windows Firewall rules will trigger individual UAC prompts
• Windows Service installation will fail
• Some process management operations may be restricted

Option 1: Windows Service (Recommended)

Install Citadel as a Windows Service that starts automatically on boot:

# Run from an Administrator terminal
npm run service:install    # Install the service
npm run service:start      # Start it
npm run service:status     # Check status

The CitadelServer service:

• Runs under the Local System account (full admin rights)
• Starts automatically on Windows boot
• Restarts on failure
• Manageable from services.msc or via CLI:

npm run service:stop       # Stop the service
npm run service:uninstall  # Remove the service

Option 2: Administrator Terminal

Right-click your terminal (Command Prompt, PowerShell, or Windows Terminal) and select "Run as Administrator":

npm start

Option 3: PM2 from Admin Shell

# Install PM2 globally
npm install -g pm2

# From an Administrator terminal:
pm2 start backend/server.js --name citadel
pm2 start discord-bot/bot.js --name citadel-bot
pm2 save
pm2 startup

Development

npm run dev

This starts both the backend API and frontend dev server concurrently with hot-reload:

• Backend API: http://localhost:3001
• Frontend Dev: http://localhost:5173

Reverse Proxy

For production, place Citadel behind a reverse proxy like Nginx:

server {
    listen 443 ssl http2;
    server_name citadel.yourdomain.com;

    ssl_certificate     /etc/ssl/certs/citadel.pem;
    ssl_certificate_key /etc/ssl/private/citadel.key;

    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

[!TIP] The Upgrade and Connection headers are required for Socket.IO real-time communication. Don't forget them!

Health Check

Verify the backend is running:

curl http://localhost:3001/api/health
# → { "status": "ok", "version": "2.0.0" }

Firewall

Citadel automatically manages Windows Firewall rules for your DayZ server ports:

• Game port (UDP) — e.g., 2302
• Query port (UDP) — e.g., 2303
• RCON port (TCP) — e.g., 2305

Rules are created with elevated PowerShell when a server starts and named:

Citadel - {ServerName} - Game ({port} UDP)
Citadel - {ServerName} - Query ({port} UDP)
Citadel - {ServerName} - RCON ({port} TCP)

If Citadel is not running as Administrator, a UAC elevation prompt will appear for firewall rule creation. Rules are removed when a server is deleted.