# � DevOps YDeployment Guide - Yaltipia Telegram Bot

## 📋 **QUICK DEPLOYMENT CHECKLIST**

### **⚡ Pre-Deployment (5 minutes)**
- [ ] **Clone repository** (exclude .env files)
- [ ] **Install Node.js 16+** and npm
- [ ] **Create production environment file**
- [ ] **Set up process manager** (PM2 recommended)
- [ ] **Configure firewall** (ports 3000, 3001)

### **🔒 Security Requirements (Critical)**
- [ ] **Generate new bot token** in BotFather (never use development token)
- [ ] **Use HTTPS URLs only** (no HTTP in production)
- [ ] **Set strong admin chat IDs**
- [ ] **Configure monitoring alerts**

---

## �️ *e*STEP-BY-STEP DEPLOYMENT**

### **1. 📦 Server Setup**

```bash
# Install Node.js (Ubuntu/Debian)
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs

# Install PM2 globally
sudo npm install -g pm2

# Create application user
sudo useradd -m -s /bin/bash yaltipia-bot
sudo mkdir -p /opt/yaltipia-bot
sudo chown yaltipia-bot:yaltipia-bot /opt/yaltipia-bot
```

### **2. 📥 Application Deployment**

```bash
# Switch to app user
sudo su - yaltipia-bot

# Clone repository
cd /opt/yaltipia-bot
git clone <your-repository-url> .

# Install dependencies (production only)
npm ci --only=production

# Set proper permissions
chmod 755 src/
chmod 644 package*.json
```

### **3. 🔧 Environment Configuration**

```bash
# Copy production template
cp .env.production .env

# Edit with production values
nano .env
```

**Required Environment Variables:**
```env
# CRITICAL: Replace with production values
TELEGRAM_BOT_TOKEN=YOUR_PRODUCTION_BOT_TOKEN
API_BASE_URL=https://your-production-api.com/api
WEBSITE_URL=https://yaltipia.com

# Notification System
NOTIFICATION_MODE=optimized
NOTIFICATION_CHECK_INTERVAL_HOURS=6
MAX_NOTIFICATIONS_PER_USER=3
SEND_NO_MATCH_NOTIFICATIONS=false

# Monitoring (Replace with your admin chat)
ADMIN_CHAT_IDS=YOUR_ADMIN_CHAT_ID
MONITORING_TOPIC_ID=YOUR_TOPIC_ID
HEALTH_CHECK_INTERVAL_MINUTES=30
DAILY_REPORT_HOUR=9
ERROR_CLEANUP_INTERVAL_HOURS=1

# Security
NODE_ENV=production
WEBHOOK_PORT=3001
```

### **4. 🔒 Security Hardening**

```bash
# Set secure file permissions
chmod 600 .env
chmod 700 /opt/yaltipia-bot

# Create systemd service (optional)
sudo tee /etc/systemd/system/yaltipia-bot.service > /dev/null <<EOF
[Unit]
Description=Yaltipia Telegram Bot
After=network.target

[Service]
Type=simple
User=yaltipia-bot
WorkingDirectory=/opt/yaltipia-bot
ExecStart=/usr/bin/node src/bot.js
Restart=always
RestartSec=10
Environment=NODE_ENV=production

[Install]
WantedBy=multi-user.target
EOF
```

### **5. 🚀 Start Application**

```bash
# Using PM2 (Recommended)
pm2 start src/bot.js --name "yaltipia-bot" --env production
pm2 save
pm2 startup

# OR using systemd
sudo systemctl enable yaltipia-bot
sudo systemctl start yaltipia-bot
```

### **6. 🔥 Firewall Configuration**

```bash
# Ubuntu/Debian with UFW
sudo ufw allow 22/tcp    # SSH
sudo ufw allow 80/tcp    # HTTP (if needed)
sudo ufw allow 443/tcp   # HTTPS
sudo ufw allow 3001/tcp  # Webhook port (if using webhooks)
sudo ufw enable

# CentOS/RHEL with firewalld
sudo firewall-cmd --permanent --add-port=3001/tcp
sudo firewall-cmd --reload
```

---

## 📊 **MONITORING & HEALTH CHECKS**

### **🔍 Verify Deployment**

```bash
# Check application status
pm2 status
pm2 logs yaltipia-bot --lines 50

# Test bot responsiveness
curl -s "https://api.telegram.org/bot${BOT_TOKEN}/getMe"

# Check webhook endpoint (if enabled)
curl -s http://localhost:3001/status
```

### **📈 Monitoring Setup**

```bash
# Install monitoring tools
sudo npm install -g pm2-logrotate
pm2 install pm2-logrotate

# Configure log rotation
pm2 set pm2-logrotate:max_size 10M
pm2 set pm2-logrotate:retain 7
pm2 set pm2-logrotate:compress true
```

### **🚨 Health Check Endpoints**

| Endpoint | Purpose | Expected Response |
|----------|---------|-------------------|
| `GET /status` | Application health | `{"success": true, "webhook": {...}}` |
| `GET /webhook/health` | Webhook health | `{"success": true, "message": "..."}` |

---

## 🔒 **SECURITY CONFIGURATION**

### **🛡️ Essential Security Measures**

```bash
# 1. Secure SSH (if not already done)
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd

# 2. Install fail2ban
sudo apt-get install fail2ban
sudo systemctl enable fail2ban

# 3. Set up automatic security updates
sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
```

### **🔐 Bot Security Checklist**

- [ ] **New bot token generated** (not development token)
- [ ] **Bot privacy mode enabled** in BotFather
- [ ] **Admin chat IDs verified** and secured
- [ ] **API endpoints use HTTPS** only
- [ ] **Environment variables secured** (600 permissions)

---

## 🚨 **TROUBLESHOOTING**

### **Common Issues & Solutions**

| Issue | Symptom | Solution |
|-------|---------|----------|
| **Bot not responding** | No response to /start | Check bot token, verify network |
| **API connection failed** | 401/403 errors | Verify API_BASE_URL and credentials |
| **Notifications not working** | No automatic notifications | Check user sessions and API connectivity |
| **High memory usage** | Memory alerts | Restart bot, check for memory leaks |

### **🔧 Debug Commands**

```bash
# Check application logs
pm2 logs yaltipia-bot --lines 100

# Monitor real-time logs
pm2 logs yaltipia-bot --follow

# Check system resources
pm2 monit

# Restart application
pm2 restart yaltipia-bot

# Check environment variables
pm2 env 0
```

---

## 📋 **MAINTENANCE PROCEDURES**

### **🔄 Regular Maintenance**

```bash
# Weekly maintenance script
#!/bin/bash
# /opt/yaltipia-bot/maintenance.sh

echo "Starting weekly maintenance..."

# Update application (if needed)
git pull origin main
npm ci --only=production

# Restart application
pm2 restart yaltipia-bot

# Clean old logs
pm2 flush yaltipia-bot

# Check health
sleep 10
pm2 status

echo "Maintenance completed"
```

### **📊 Monitoring Alerts**

The bot sends automatic alerts to admin chat for:
- ✅ **System health issues** (high memory, error rates)
- ✅ **Failed login attempts** (security alerts)
- ✅ **Application errors** (with stack traces)
- ✅ **Daily reports** (system statistics)

---

## 🚀 **SCALING & PERFORMANCE**

### **📈 Performance Optimization**

```bash
# For high-traffic deployments
# 1. Increase Node.js memory limit
pm2 start src/bot.js --name "yaltipia-bot" --node-args="--max-old-space-size=2048"

# 2. Enable cluster mode (if stateless)
pm2 start src/bot.js --name "yaltipia-bot" -i max

# 3. Configure nginx reverse proxy (if using webhooks)
sudo apt-get install nginx
```

### **🔧 Load Balancing (Advanced)**

```nginx
# /etc/nginx/sites-available/yaltipia-bot
upstream yaltipia_bot {
    server 127.0.0.1:3001;
    # Add more instances if needed
}

server {
    listen 80;
    server_name your-bot-domain.com;
    
    location /webhook {
        proxy_pass http://yaltipia_bot;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}
```

---

## 📞 **SUPPORT & CONTACTS**

### **🆘 Emergency Procedures**

**If bot stops working:**
1. Check PM2 status: `pm2 status`
2. Check logs: `pm2 logs yaltipia-bot --lines 50`
3. Restart: `pm2 restart yaltipia-bot`
4. If persistent: Check API connectivity and bot token

**If security breach suspected:**
1. Stop bot: `pm2 stop yaltipia-bot`
2. Regenerate bot token in BotFather
3. Update .env file
4. Restart: `pm2 start yaltipia-bot`

### **📋 Deployment Verification**

After deployment, verify these functions work:
- [ ] Bot responds to `/start`
- [ ] User registration works
- [ ] Notification creation works
- [ ] Admin monitoring works
- [ ] Health checks respond
- [ ] Logs are being written

---

## ✅ **DEPLOYMENT COMPLETE**

Your Yaltipia Telegram Bot is now deployed and ready for production use!

**Key Features Active:**
- ✅ Automatic property notifications (6-hour intervals)
- ✅ User authentication and management
- ✅ Admin monitoring and alerts
- ✅ Security hardening and rate limiting
- ✅ Error handling and logging
- ✅ Health monitoring and reporting

**Next Steps:**
1. Monitor logs for first 24 hours
2. Test with real users
3. Set up backup procedures
4. Plan for webhook integration (future)

**🎉 Congratulations! Your bot is live and serving users!** 🚀