# Deployment Guide ## Production Deployment ### System Requirements - Node.js 18+ LTS - 2GB RAM minimum - 10GB disk space - Linux (Ubuntu 20.04+ recommended) ### Installation #### 1. Install Node.js ```bash curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - sudo apt-get install -y nodejs ``` #### 2. Create User ```bash sudo useradd -r -s /bin/false prosody-nodejs sudo mkdir -p /opt/prosody-nodejs sudo chown prosody-nodejs:prosody-nodejs /opt/prosody-nodejs ``` #### 3. Deploy Application ```bash cd /opt/prosody-nodejs sudo -u prosody-nodejs git clone https://github.com/yourusername/prosody-nodejs.git . sudo -u prosody-nodejs npm install --production ``` #### 4. Configuration ```bash sudo -u prosody-nodejs cp .env.example .env sudo -u prosody-nodejs nano .env ``` ```bash NODE_ENV=production SERVER_HOST=your-domain.com SERVER_PORT=5222 TLS_ENABLED=true TLS_CERT_PATH=/etc/letsencrypt/live/your-domain.com/fullchain.pem TLS_KEY_PATH=/etc/letsencrypt/live/your-domain.com/privkey.pem STORAGE_TYPE=database LOG_LEVEL=info ``` ### TLS Certificates #### Using Let's Encrypt ```bash sudo apt-get install certbot # Get certificate sudo certbot certonly --standalone -d your-domain.com # Auto-renewal sudo crontab -e # Add: 0 3 * * * certbot renew --quiet ``` ### SystemD Service Create `/etc/systemd/system/prosody-nodejs.service`: ```ini [Unit] Description=Prosody Node.js XMPP Server After=network.target [Service] Type=simple User=prosody-nodejs Group=prosody-nodejs WorkingDirectory=/opt/prosody-nodejs Environment=NODE_ENV=production ExecStart=/usr/bin/node src/index.js Restart=always RestartSec=10 StandardOutput=syslog StandardError=syslog SyslogIdentifier=prosody-nodejs [Install] WantedBy=multi-user.target ``` Enable and start: ```bash sudo systemctl daemon-reload sudo systemctl enable prosody-nodejs sudo systemctl start prosody-nodejs sudo systemctl status prosody-nodejs ``` ### Firewall ```bash sudo ufw allow 5222/tcp # C2S sudo ufw allow 5269/tcp # S2S sudo ufw allow 5280/tcp # BOSH sudo ufw allow 5281/tcp # WebSocket ``` ### Reverse Proxy (Nginx) #### BOSH Create `/etc/nginx/sites-available/prosody-bosh`: ```nginx server { listen 443 ssl http2; server_name xmpp.your-domain.com; ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; location /http-bind { proxy_pass http://localhost:5280/http-bind; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; } } ``` #### WebSocket ```nginx server { listen 443 ssl http2; server_name ws.your-domain.com; ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; location /xmpp-websocket { proxy_pass http://localhost:5281/xmpp-websocket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } ``` Enable: ```bash sudo ln -s /etc/nginx/sites-available/prosody-bosh /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl reload nginx ``` ## Database Setup ### PostgreSQL ```bash sudo apt-get install postgresql sudo -u postgres psql CREATE DATABASE prosody_nodejs; CREATE USER prosody_nodejs WITH PASSWORD 'password'; GRANT ALL PRIVILEGES ON DATABASE prosody_nodejs TO prosody_nodejs; ``` Update configuration: ```yaml storage: type: database options: dialect: postgres host: localhost database: prosody_nodejs username: prosody_nodejs password: password ``` ### MongoDB ```bash sudo apt-get install mongodb mongo use prosody_nodejs db.createUser({ user: "prosody_nodejs", pwd: "password", roles: ["readWrite"] }) ``` ## Monitoring ### PM2 (Alternative to SystemD) ```bash sudo npm install -g pm2 pm2 start src/index.js --name prosody-nodejs pm2 save pm2 startup ``` ### Logs ```bash # SystemD sudo journalctl -u prosody-nodejs -f # PM2 pm2 logs prosody-nodejs # Application logs tail -f /opt/prosody-nodejs/logs/prosody-nodejs.log ``` ### Metrics Install monitoring: ```bash npm install prometheus-client ``` Configure metrics endpoint: ```javascript // In server setup const client = require('prom-client'); const collectDefaultMetrics = client.collectDefaultMetrics; collectDefaultMetrics(); ``` ## Backup ### Configuration ```bash # Backup sudo tar -czf prosody-backup-$(date +%Y%m%d).tar.gz \ /opt/prosody-nodejs/config \ /opt/prosody-nodejs/.env \ /opt/prosody-nodejs/data # Restore sudo tar -xzf prosody-backup-20231215.tar.gz -C / ``` ### Database ```bash # PostgreSQL pg_dump prosody_nodejs > backup.sql psql prosody_nodejs < backup.sql # MongoDB mongodump --db prosody_nodejs --out backup/ mongorestore --db prosody_nodejs backup/prosody_nodejs ``` ## Scaling ### Clustering Deploy multiple instances behind load balancer: ```bash # Instance 1 SERVER_PORT=5222 npm start # Instance 2 SERVER_PORT=5223 npm start ``` HAProxy configuration: ``` frontend xmpp bind *:5222 mode tcp default_backend xmpp_servers backend xmpp_servers mode tcp balance leastconn server server1 127.0.0.1:5222 check server server2 127.0.0.1:5223 check ``` ### Database Connection Pooling ```yaml storage: options: pool: min: 2 max: 10 acquireTimeout: 30000 ``` ## Security Hardening ### Fail2Ban Create `/etc/fail2ban/filter.d/prosody-nodejs.conf`: ```ini [Definition] failregex = Authentication failed for ignoreregex = ``` Create `/etc/fail2ban/jail.d/prosody-nodejs.conf`: ```ini [prosody-nodejs] enabled = true port = 5222 filter = prosody-nodejs logpath = /opt/prosody-nodejs/logs/prosody-nodejs.log maxretry = 5 bantime = 3600 ``` Restart: ```bash sudo systemctl restart fail2ban ``` ### AppArmor Create profile for additional security. ### Regular Updates ```bash cd /opt/prosody-nodejs sudo -u prosody-nodejs git pull sudo -u prosody-nodejs npm install --production sudo systemctl restart prosody-nodejs ``` ## Performance Tuning ### Node.js ```bash # Increase memory limit NODE_OPTIONS="--max-old-space-size=4096" npm start ``` ### System ```bash # Increase file descriptors sudo nano /etc/security/limits.conf prosody-nodejs soft nofile 65536 prosody-nodejs hard nofile 65536 ``` ### Database - Enable connection pooling - Add indexes on frequently queried fields - Regular VACUUM (PostgreSQL) ## Troubleshooting ### Check Status ```bash sudo systemctl status prosody-nodejs ``` ### View Logs ```bash sudo journalctl -u prosody-nodejs -n 100 --no-pager ``` ### Test Connection ```bash telnet localhost 5222 ``` ### Debug Mode ```bash LOG_LEVEL=debug sudo systemctl restart prosody-nodejs ``` ## Support - Documentation: [https://github.com/yourusername/prosody-nodejs/docs](docs/) - Issues: [https://github.com/yourusername/prosody-nodejs/issues](issues) - Community: XMPP chat at prosody-nodejs@conference.example.com