initial commit

Signed-off-by: ale <ale@manalejandro.com>
2025-12-27 03:39:14 +01:00
commit 74d5e0a94c
--- a/docs/DEPLOYMENT.md
+++ b/docs/DEPLOYMENT.md
@@ -0,0 +1,415 @@
+# Deployment Guide
+
+## Production Deployment
+
+### System Requirements
+
+- Node.js 18+ LTS
+- 2GB RAM minimum
+- 10GB disk space
+- Linux (Ubuntu 20.04+ recommended)
+
+### Installation
+
+#### 1. Install Node.js
+
+```bash
+curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
+sudo apt-get install -y nodejs
+```
+
+#### 2. Create User
+
+```bash
+sudo useradd -r -s /bin/false prosody-nodejs
+sudo mkdir -p /opt/prosody-nodejs
+sudo chown prosody-nodejs:prosody-nodejs /opt/prosody-nodejs
+```
+
+#### 3. Deploy Application
+
+```bash
+cd /opt/prosody-nodejs
+sudo -u prosody-nodejs git clone https://github.com/yourusername/prosody-nodejs.git .
+sudo -u prosody-nodejs npm install --production
+```
+
+#### 4. Configuration
+
+```bash
+sudo -u prosody-nodejs cp .env.example .env
+sudo -u prosody-nodejs nano .env
+```
+
+```bash
+NODE_ENV=production
+SERVER_HOST=your-domain.com
+SERVER_PORT=5222
+TLS_ENABLED=true
+TLS_CERT_PATH=/etc/letsencrypt/live/your-domain.com/fullchain.pem
+TLS_KEY_PATH=/etc/letsencrypt/live/your-domain.com/privkey.pem
+STORAGE_TYPE=database
+LOG_LEVEL=info
+```
+
+### TLS Certificates
+
+#### Using Let's Encrypt
+
+```bash
+sudo apt-get install certbot
+
+# Get certificate
+sudo certbot certonly --standalone -d your-domain.com
+
+# Auto-renewal
+sudo crontab -e
+# Add: 0 3 * * * certbot renew --quiet
+```
+
+### SystemD Service
+
+Create `/etc/systemd/system/prosody-nodejs.service`:
+
+```ini
+[Unit]
+Description=Prosody Node.js XMPP Server
+After=network.target
+
+[Service]
+Type=simple
+User=prosody-nodejs
+Group=prosody-nodejs
+WorkingDirectory=/opt/prosody-nodejs
+Environment=NODE_ENV=production
+ExecStart=/usr/bin/node src/index.js
+Restart=always
+RestartSec=10
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=prosody-nodejs
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Enable and start:
+
+```bash
+sudo systemctl daemon-reload
+sudo systemctl enable prosody-nodejs
+sudo systemctl start prosody-nodejs
+sudo systemctl status prosody-nodejs
+```
+
+### Firewall
+
+```bash
+sudo ufw allow 5222/tcp  # C2S
+sudo ufw allow 5269/tcp  # S2S
+sudo ufw allow 5280/tcp  # BOSH
+sudo ufw allow 5281/tcp  # WebSocket
+```
+
+### Reverse Proxy (Nginx)
+
+#### BOSH
+
+Create `/etc/nginx/sites-available/prosody-bosh`:
+
+```nginx
+server {
+    listen 443 ssl http2;
+    server_name xmpp.your-domain.com;
+
+    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
+
+    location /http-bind {
+        proxy_pass http://localhost:5280/http-bind;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_buffering off;
+    }
+}
+```
+
+#### WebSocket
+
+```nginx
+server {
+    listen 443 ssl http2;
+    server_name ws.your-domain.com;
+
+    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
+
+    location /xmpp-websocket {
+        proxy_pass http://localhost:5281/xmpp-websocket;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}
+```
+
+Enable:
+
+```bash
+sudo ln -s /etc/nginx/sites-available/prosody-bosh /etc/nginx/sites-enabled/
+sudo nginx -t
+sudo systemctl reload nginx
+```
+
+## Database Setup
+
+### PostgreSQL
+
+```bash
+sudo apt-get install postgresql
+
+sudo -u postgres psql
+CREATE DATABASE prosody_nodejs;
+CREATE USER prosody_nodejs WITH PASSWORD 'password';
+GRANT ALL PRIVILEGES ON DATABASE prosody_nodejs TO prosody_nodejs;
+```
+
+Update configuration:
+
+```yaml
+storage:
+  type: database
+  options:
+    dialect: postgres
+    host: localhost
+    database: prosody_nodejs
+    username: prosody_nodejs
+    password: password
+```
+
+### MongoDB
+
+```bash
+sudo apt-get install mongodb
+
+mongo
+use prosody_nodejs
+db.createUser({
+  user: "prosody_nodejs",
+  pwd: "password",
+  roles: ["readWrite"]
+})
+```
+
+## Monitoring
+
+### PM2 (Alternative to SystemD)
+
+```bash
+sudo npm install -g pm2
+
+pm2 start src/index.js --name prosody-nodejs
+pm2 save
+pm2 startup
+```
+
+### Logs
+
+```bash
+# SystemD
+sudo journalctl -u prosody-nodejs -f
+
+# PM2
+pm2 logs prosody-nodejs
+
+# Application logs
+tail -f /opt/prosody-nodejs/logs/prosody-nodejs.log
+```
+
+### Metrics
+
+Install monitoring:
+
+```bash
+npm install prometheus-client
+```
+
+Configure metrics endpoint:
+
+```javascript
+// In server setup
+const client = require('prom-client');
+const collectDefaultMetrics = client.collectDefaultMetrics;
+collectDefaultMetrics();
+```
+
+## Backup
+
+### Configuration
+
+```bash
+# Backup
+sudo tar -czf prosody-backup-$(date +%Y%m%d).tar.gz \
+  /opt/prosody-nodejs/config \
+  /opt/prosody-nodejs/.env \
+  /opt/prosody-nodejs/data
+
+# Restore
+sudo tar -xzf prosody-backup-20231215.tar.gz -C /
+```
+
+### Database
+
+```bash
+# PostgreSQL
+pg_dump prosody_nodejs > backup.sql
+psql prosody_nodejs < backup.sql
+
+# MongoDB
+mongodump --db prosody_nodejs --out backup/
+mongorestore --db prosody_nodejs backup/prosody_nodejs
+```
+
+## Scaling
+
+### Clustering
+
+Deploy multiple instances behind load balancer:
+
+```bash
+# Instance 1
+SERVER_PORT=5222 npm start
+
+# Instance 2
+SERVER_PORT=5223 npm start
+```
+
+HAProxy configuration:
+
+```
+frontend xmpp
+    bind *:5222
+    mode tcp
+    default_backend xmpp_servers
+
+backend xmpp_servers
+    mode tcp
+    balance leastconn
+    server server1 127.0.0.1:5222 check
+    server server2 127.0.0.1:5223 check
+```
+
+### Database Connection Pooling
+
+```yaml
+storage:
+  options:
+    pool:
+      min: 2
+      max: 10
+      acquireTimeout: 30000
+```
+
+## Security Hardening
+
+### Fail2Ban
+
+Create `/etc/fail2ban/filter.d/prosody-nodejs.conf`:
+
+```ini
+[Definition]
+failregex = Authentication failed for <HOST>
+ignoreregex =
+```
+
+Create `/etc/fail2ban/jail.d/prosody-nodejs.conf`:
+
+```ini
+[prosody-nodejs]
+enabled = true
+port = 5222
+filter = prosody-nodejs
+logpath = /opt/prosody-nodejs/logs/prosody-nodejs.log
+maxretry = 5
+bantime = 3600
+```
+
+Restart:
+
+```bash
+sudo systemctl restart fail2ban
+```
+
+### AppArmor
+
+Create profile for additional security.
+
+### Regular Updates
+
+```bash
+cd /opt/prosody-nodejs
+sudo -u prosody-nodejs git pull
+sudo -u prosody-nodejs npm install --production
+sudo systemctl restart prosody-nodejs
+```
+
+## Performance Tuning
+
+### Node.js
+
+```bash
+# Increase memory limit
+NODE_OPTIONS="--max-old-space-size=4096" npm start
+```
+
+### System
+
+```bash
+# Increase file descriptors
+sudo nano /etc/security/limits.conf
+
+prosody-nodejs soft nofile 65536
+prosody-nodejs hard nofile 65536
+```
+
+### Database
+
+- Enable connection pooling
+- Add indexes on frequently queried fields
+- Regular VACUUM (PostgreSQL)
+
+## Troubleshooting
+
+### Check Status
+
+```bash
+sudo systemctl status prosody-nodejs
+```
+
+### View Logs
+
+```bash
+sudo journalctl -u prosody-nodejs -n 100 --no-pager
+```
+
+### Test Connection
+
+```bash
+telnet localhost 5222
+```
+
+### Debug Mode
+
+```bash
+LOG_LEVEL=debug sudo systemctl restart prosody-nodejs
+```
+
+## Support
+
+- Documentation: [https://github.com/yourusername/prosody-nodejs/docs](docs/)
+- Issues: [https://github.com/yourusername/prosody-nodejs/issues](issues)
+- Community: XMPP chat at prosody-nodejs@conference.example.com