# Production Deployment Guide This guide covers production deployment of the Torrent Gateway using the native installation script. ## Prerequisites - Ubuntu 20.04+ or Debian 11+ server - Root access (sudo) - 4GB+ RAM (8GB recommended for high traffic) - 50GB+ disk space - Domain name (optional, for SSL) ## Quick Deployment ### Basic Production Setup ```bash # Clone repository git clone https://git.sovbit.dev/enki/torrentGateway.git cd torrentGateway # Run production installation sudo ./scripts/install_native.sh --domain gateway.example.com --email admin@example.com --with-monitoring ``` This single command will: - Install all dependencies - Configure nginx reverse proxy - Set up SSL certificates - Install monitoring stack - Start all services ## Manual Deployment Steps ### 1. System Preparation ```bash # Update system sudo apt update && sudo apt upgrade -y # Install git if needed sudo apt install -y git # Clone repository git clone https://git.sovbit.dev/enki/torrentGateway.git cd torrentGateway ``` ### 2. Database Initialization ```bash # Start services to initialize database sudo systemctl start torrent-gateway redis-server nginx # Wait for gateway to initialize database ./scripts/health_check.sh ``` ### 3. Configuration Review Review and update configurations: - `configs/prometheus.yml` - Metrics collection - `configs/grafana/` - Dashboard settings - `configs/loki.yml` - Log aggregation - `/opt/torrent-gateway/configs/config.yaml` - Main configuration ### 4. Start Full Stack ```bash # Start all services including monitoring sudo systemctl start torrent-gateway redis-server nginx prometheus grafana-server # Wait for all services to be healthy timeout 120 bash -c 'until curl -sf http://localhost/api/health; do sleep 5; done' ``` ### 5. Verify Deployment ```bash # Run comprehensive health checks sudo /opt/torrent-gateway/scripts/health_check.sh # Check service logs sudo journalctl -u torrent-gateway -n 50 ``` ## Service URLs - **Gateway API:** https://gateway.example.com/api/ - **Admin Panel:** https://gateway.example.com/admin - **Prometheus:** http://localhost:9090 - **Grafana:** http://localhost:3000 (admin/admin) - **Web Interface:** https://gateway.example.com ## Production Checklist - [ ] SSL certificates configured - [ ] Firewall rules applied - [ ] Monitoring enabled - [ ] Backups scheduled - [ ] Log rotation configured - [ ] Security headers enabled ## Scaling ### Horizontal Scaling For high traffic, you can run multiple instances behind a load balancer: ```bash # Edit systemd service to run on different ports sudo systemctl edit torrent-gateway ``` ### Resource Limits The systemd service includes resource limits: - Memory: 2G max - File descriptors: 65536 ## Maintenance ### Daily Tasks ```bash # Health check sudo /opt/torrent-gateway/scripts/health_check.sh # Check disk usage df -h /opt/torrent-gateway/ # Review logs sudo journalctl -u torrent-gateway --since "1 day ago" ``` ### Weekly Tasks ```bash # Update system sudo apt update && sudo apt upgrade -y # Run cleanup sudo /opt/torrent-gateway/scripts/cleanup.sh # Check SSL certificate sudo certbot certificates ``` ## Security Hardening ### 1. Firewall Configuration ```bash # Enable UFW sudo ufw enable # Basic rules (already configured by installer) sudo ufw allow ssh sudo ufw allow 80/tcp sudo ufw allow 443/tcp ``` ### 2. SSL/TLS Configuration SSL is automatically configured by the installer. To manually renew: ```bash sudo certbot renew ``` ### 3. Service Security The installer configures systemd security features: - Non-root user execution - Read-only system protection - Private temporary directories - Resource limits ## Monitoring ### Prometheus Metrics - Service health status - Request rates and latencies - Storage usage - System resources ### Grafana Dashboards Pre-configured dashboards for: - Service overview - Performance metrics - Error rates - Storage statistics ### Alerting Configure alerting rules in `configs/alert_rules.yml` ## Backup & Recovery ### Automated Backups Daily backups are automatically configured: ```bash # Manual backup sudo /opt/torrent-gateway/scripts/backup.sh # List backups ls -la /opt/torrent-gateway/backups/ # Restore from backup sudo /opt/torrent-gateway/scripts/restore.sh 20240827_120000 ``` ### Database Backups ```bash # SQLite backup sqlite3 /opt/torrent-gateway/data/metadata.db ".backup /opt/torrent-gateway/backups/manual_db_backup.db" ``` ## Troubleshooting ### Service Won't Start ```bash # Check service status sudo systemctl status torrent-gateway # View detailed logs sudo journalctl -u torrent-gateway -f # Check configuration sudo /opt/torrent-gateway/bin/gateway -config /opt/torrent-gateway/configs/config.yaml -check ``` ### SSL Certificate Issues ```bash # Check certificate status sudo certbot certificates # Test renewal sudo certbot renew --dry-run # Manual certificate request sudo certbot --nginx -d gateway.example.com ``` ### Performance Issues ```bash # Check resource usage htop sudo systemctl status torrent-gateway # Review performance metrics curl http://localhost/metrics ``` ## Updates ### Application Updates ```bash cd /path/to/torrentGateway git pull sudo ./scripts/install_native.sh --skip-build=false ``` ### System Updates ```bash sudo apt update && sudo apt upgrade -y sudo systemctl restart torrent-gateway ``` ## Load Balancing For very high traffic, use nginx load balancing: ```nginx upstream torrent_gateway { server 127.0.0.1:9877; server 127.0.0.1:9878; server 127.0.0.1:9879; } server { listen 443 ssl http2; server_name gateway.example.com; location / { proxy_pass http://torrent_gateway; # ... other proxy settings } } ``` ## Migration from Development ### Export Development Data ```bash # On development machine sudo /opt/torrent-gateway/scripts/backup.sh scp /opt/torrent-gateway/backups/gateway_backup_*.tar.gz user@production-server:~/ ``` ### Import to Production ```bash # On production server sudo /opt/torrent-gateway/scripts/restore.sh ~/gateway_backup_*.tar.gz sudo systemctl restart torrent-gateway ```