# 🚀 Production Deployment Guide - Call Analytics Dashboard ## Table of Contents 1. [System Requirements](#system-requirements) 2. [Installation Steps](#installation-steps) 3. [Configuration](#configuration) 4. [Running in Production](#running-in-production) 5. [Nginx Configuration](#nginx-configuration) 6. [Systemd Service](#systemd-service) 7. [Monitoring & Maintenance](#monitoring--maintenance) 8. [Troubleshooting](#troubleshooting) --- ## System Requirements ### Hardware (Recommended) - **CPU**: 4+ cores - **RAM**: 8GB+ (16GB recommended for AI analysis) - **Storage**: 100GB+ SSD - **Network**: Stable internet for AWS Bedrock API calls ### Software - **OS**: Ubuntu 20.04/22.04 LTS or CentOS 8+ - **Python**: 3.10 or higher - **MySQL**: 5.7+ or MariaDB 10.3+ - **Redis**: 6.0+ (optional but recommended) - **RabbitMQ**: 3.8+ (for async processing) - **Nginx**: 1.18+ (reverse proxy) --- ## Installation Steps ### 1. System Dependencies #### Ubuntu/Debian ```bash sudo apt-get update sudo apt-get install -y \ python3.10 \ python3.10-venv \ python3-dev \ build-essential \ libmysqlclient-dev \ libssl-dev \ libffi-dev \ portaudio19-dev \ ffmpeg \ libsndfile1 \ nginx \ redis-server \ git ``` #### CentOS/RHEL ```bash sudo yum install -y \ python310 \ python3-devel \ gcc \ gcc-c++ \ make \ mysql-devel \ openssl-devel \ libffi-devel \ portaudio-devel \ ffmpeg \ libsndfile \ nginx \ redis \ git ``` ### 2. Clone Repository ```bash cd /var/www/html sudo mkdir -p tatsat2 sudo chown $USER:$USER tatsat2 cd tatsat2 # Clone or copy your application files here ``` ### 3. Create Virtual Environment ```bash cd /var/www/html/tatsat2/dashboard-backend python3 -m venv venv source venv/bin/activate ``` ### 4. Install Python Dependencies ```bash # Upgrade pip pip install --upgrade pip setuptools wheel # Install production requirements pip install -r requirements.txt # Verify installation pip list ``` ### 5. Set Up Environment Variables ```bash # Copy example and edit cp .env.example .env nano .env # Set proper permissions chmod 600 .env ``` **Critical Environment Variables:** ```bash # Database DB_HOST=10.0.0.109 DB_PASSWORD= # AWS (for Bedrock AI) AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= # Security SECRET_KEY= DEBUG=False FLASK_ENV=production ``` Generate secure secret key: ```bash python3 -c "import secrets; print(secrets.token_hex(32))" ``` --- ## Configuration ### 1. Database Setup ```sql -- Already exists, verify connection: mysql -h 10.0.0.109 -u admin -p voicebot_cluster ``` ### 2. Redis Setup ```bash # Start Redis sudo systemctl start redis sudo systemctl enable redis # Test connection redis-cli ping # Should return: PONG ``` ### 3. RabbitMQ Setup (Optional - for async processing) ```bash # Install RabbitMQ sudo apt-get install rabbitmq-server # Start service sudo systemctl start rabbitmq-server sudo systemctl enable rabbitmq-server # Create user sudo rabbitmqctl add_user callanalytics sudo rabbitmqctl set_permissions -p / callanalytics ".*" ".*" ".*" ``` ### 4. Log Directory ```bash mkdir -p /var/www/html/tatsat2/dashboard-backend/logs chmod 755 /var/www/html/tatsat2/dashboard-backend/logs ``` --- ## Running in Production ### Option 1: Gunicorn (Recommended) **Start with Gunicorn:** ```bash cd /var/www/html/tatsat2/dashboard-backend source venv/bin/activate gunicorn \ --bind 0.0.0.0:8001 \ --workers 4 \ --worker-class gevent \ --worker-connections 1000 \ --timeout 120 \ --max-requests 1000 \ --max-requests-jitter 50 \ --access-logfile logs/access.log \ --error-logfile logs/error.log \ --log-level info \ app:app ``` **Save as start script (`start.sh`):** ```bash #!/bin/bash cd /var/www/html/tatsat2/dashboard-backend source venv/bin/activate exec gunicorn \ --bind 0.0.0.0:8001 \ --workers 4 \ --worker-class gevent \ --timeout 120 \ --access-logfile logs/access.log \ --error-logfile logs/error.log \ app:app ``` Make executable: ```bash chmod +x start.sh ``` ### Option 2: Systemd Service (Best for Production) Create service file: ```bash sudo nano /etc/systemd/system/call-analytics.service ``` **Service configuration:** ```ini [Unit] Description=Call Analytics Dashboard API After=network.target mysql.service redis.service [Service] Type=notify User=www-data Group=www-data WorkingDirectory=/var/www/html/tatsat2/dashboard-backend Environment="PATH=/var/www/html/tatsat2/dashboard-backend/venv/bin" ExecStart=/var/www/html/tatsat2/dashboard-backend/venv/bin/gunicorn \ --bind 0.0.0.0:8001 \ --workers 4 \ --worker-class gevent \ --timeout 120 \ --access-logfile /var/www/html/tatsat2/dashboard-backend/logs/access.log \ --error-logfile /var/www/html/tatsat2/dashboard-backend/logs/error.log \ app:app Restart=always RestartSec=10 [Install] WantedBy=multi-user.target ``` **Enable and start service:** ```bash sudo systemctl daemon-reload sudo systemctl enable call-analytics sudo systemctl start call-analytics sudo systemctl status call-analytics ``` **Service management commands:** ```bash sudo systemctl start call-analytics # Start sudo systemctl stop call-analytics # Stop sudo systemctl restart call-analytics # Restart sudo systemctl status call-analytics # Check status sudo journalctl -u call-analytics -f # View logs ``` --- ## Nginx Configuration ### 1. Create Nginx Config ```bash sudo nano /etc/nginx/sites-available/call-analytics ``` **Configuration:** ```nginx upstream call_analytics_backend { server 127.0.0.1:8001 fail_timeout=0; } server { listen 80; server_name your-domain.com; # Change this # Redirect HTTP to HTTPS (uncomment after SSL setup) # return 301 https://$server_name$request_uri; # Or serve directly without SSL for now: client_max_body_size 100M; # Backend API location /api/ { proxy_pass http://call_analytics_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 120s; proxy_read_timeout 120s; proxy_send_timeout 120s; } # Frontend (if serving from same server) location / { root /var/www/html/tatsat2/dashboard-frontend/dist; try_files $uri $uri/ /index.html; } # Health check location /health { proxy_pass http://call_analytics_backend/health; access_log off; } } # HTTPS Configuration (after SSL setup) # server { # listen 443 ssl http2; # server_name your-domain.com; # # ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # # # Same location blocks as above # } ``` ### 2. Enable Site ```bash sudo ln -s /etc/nginx/sites-available/call-analytics /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl restart nginx ``` ### 3. SSL Certificate (Let's Encrypt) ```bash # Install Certbot sudo apt-get install certbot python3-certbot-nginx # Get certificate sudo certbot --nginx -d your-domain.com # Auto-renewal sudo systemctl enable certbot.timer ``` --- ## Monitoring & Maintenance ### 1. Application Logs ```bash # Backend logs tail -f /var/www/html/tatsat2/dashboard-backend/logs/app.log tail -f /var/www/html/tatsat2/dashboard-backend/logs/access.log tail -f /var/www/html/tatsat2/dashboard-backend/logs/error.log # Systemd logs sudo journalctl -u call-analytics -f ``` ### 2. Database Monitoring ```sql -- Check active connections SHOW PROCESSLIST; -- Check table sizes SELECT table_name, ROUND(((data_length + index_length) / 1024 / 1024), 2) AS "Size (MB)" FROM information_schema.TABLES WHERE table_schema = 'voicebot_cluster' ORDER BY (data_length + index_length) DESC; ``` ### 3. Performance Monitoring ```bash # CPU & Memory htop # Disk usage df -h # Network connections netstat -tulpn | grep :8001 # Application metrics (if using Sentry) # Check Sentry dashboard ``` ### 4. Health Checks ```bash # API health curl http://localhost:8001/health # Database connection mysql -h 10.0.0.109 -u admin -p -e "SELECT 1" # Redis redis-cli ping ``` ### 5. Backup Strategy ```bash # Database backup mysqldump -h 10.0.0.109 -u admin -p voicebot_cluster > backup_$(date +%Y%m%d).sql # Automated daily backup (crontab) 0 2 * * * /path/to/backup_script.sh ``` ### 6. Log Rotation ```bash # Create logrotate config sudo nano /etc/logrotate.d/call-analytics ``` ``` /var/www/html/tatsat2/dashboard-backend/logs/*.log { daily rotate 14 compress delaycompress notifempty create 644 www-data www-data sharedscripts postrotate systemctl reload call-analytics > /dev/null 2>&1 || true endscript } ``` --- ## Troubleshooting ### Issue: Service won't start ```bash # Check logs sudo journalctl -u call-analytics -n 50 tail -f /var/www/html/tatsat2/dashboard-backend/logs/error.log # Check permissions ls -la /var/www/html/tatsat2/dashboard-backend/ sudo chown -R www-data:www-data /var/www/html/tatsat2/dashboard-backend/ # Test directly cd /var/www/html/tatsat2/dashboard-backend source venv/bin/activate python3 app.py ``` ### Issue: Database connection fails ```bash # Test connection mysql -h 10.0.0.109 -u admin -p voicebot_cluster # Check .env file cat .env | grep DB_ # Check MySQL service sudo systemctl status mysql ``` ### Issue: High memory usage ```bash # Check worker count (reduce if needed) # Edit /etc/systemd/system/call-analytics.service --workers 2 # Reduce from 4 # Restart service sudo systemctl restart call-analytics ``` ### Issue: Slow API responses ```bash # Check database queries # Enable slow query log in MySQL # Check Redis redis-cli --stat # Monitor workers ps aux | grep gunicorn ``` ### Issue: 502 Bad Gateway ```bash # Check backend is running curl http://localhost:8001/health # Check Nginx config sudo nginx -t # Check Nginx error log sudo tail -f /var/log/nginx/error.log ``` --- ## Performance Tuning ### 1. Database Optimization ```sql -- Add indexes on frequently queried columns CREATE INDEX idx_callid ON 7987_callanalytics(callid); CREATE INDEX idx_created_at ON 7987_callanalytics(created_at); ``` ### 2. Redis Caching Enable Redis caching in config.py for frequently accessed data. ### 3. Gunicorn Workers Rule of thumb: `workers = (2 × CPU_cores) + 1` ### 4. Connection Pooling Configure in config.py: ```python DB_POOL_SIZE = 10 DB_MAX_OVERFLOW = 20 ``` --- ## Security Checklist - [ ] Change all default passwords - [ ] Set `DEBUG=False` in production - [ ] Configure firewall (UFW/iptables) - [ ] Enable HTTPS/SSL - [ ] Restrict database access (IP whitelist) - [ ] Set proper file permissions (600 for .env) - [ ] Enable rate limiting - [ ] Regular security updates - [ ] Monitor logs for suspicious activity - [ ] Set up automated backups - [ ] Configure CORS properly - [ ] Use strong API keys - [ ] Enable Sentry or error tracking --- ## Support & Maintenance **Regular Tasks:** - Weekly: Review error logs - Monthly: Update dependencies - Quarterly: Security audit - Annually: Major version upgrades **Contact:** admin@yourdomain.com --- **Last Updated:** 2025-12-23