# Guía de Despliegue ## Requisitos del Servidor ### Hardware Mínimo - **CPU:** 2 cores - **RAM:** 4 GB - **Disco:** 50 GB SSD ### Hardware Recomendado - **CPU:** 4 cores - **RAM:** 8 GB - **Disco:** 100 GB SSD ### Software - Ubuntu 22.04 LTS (recomendado) o Debian 12 - Docker 24.0+ - Docker Compose 2.20+ - Git --- ## Instalación ### 1. Preparar Servidor ```bash # Actualizar sistema sudo apt update && sudo apt upgrade -y # Instalar Docker curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh # Agregar usuario al grupo docker sudo usermod -aG docker $USER # Instalar Docker Compose sudo apt install docker-compose-plugin -y # Verificar instalación docker --version docker compose version ``` ### 2. Clonar Repositorio ```bash cd /opt sudo git clone https://git.consultoria-as.com/tu-usuario/WhatsAppCentralizado.git sudo chown -R $USER:$USER WhatsAppCentralizado cd WhatsAppCentralizado ``` ### 3. Configurar Variables de Entorno ```bash cp .env.example .env nano .env ``` **Variables requeridas:** ```bash # Base de datos DB_USER=whatsapp_admin DB_PASSWORD= # JWT Secret (generar aleatorio) JWT_SECRET= # Dominio DOMAIN=chat.tuempresa.com # Odoo (opcional, configurar después) ODOO_URL=https://odoo.tuempresa.com ODOO_DB=production ODOO_USER=api-whatsapp@tuempresa.com ODOO_API_KEY= # OpenAI (opcional, para AI Response) OPENAI_API_KEY=sk-... ``` **Generar secrets:** ```bash # Generar password DB openssl rand -base64 32 # Generar JWT secret openssl rand -base64 64 ``` ### 4. Construir e Iniciar ```bash # Construir imágenes docker compose build # Iniciar servicios docker compose up -d # Ver logs docker compose logs -f ``` ### 5. Inicializar Base de Datos ```bash # Aplicar migraciones docker compose exec api-gateway alembic upgrade head # Crear usuario admin docker compose exec api-gateway python scripts/create_admin.py ``` ### 6. Configurar SSL con Let's Encrypt ```bash # Instalar certbot sudo apt install certbot -y # Obtener certificado sudo certbot certonly --standalone -d chat.tuempresa.com # Los certificados quedan en: # /etc/letsencrypt/live/chat.tuempresa.com/fullchain.pem # /etc/letsencrypt/live/chat.tuempresa.com/privkey.pem # Copiar a directorio del proyecto sudo cp /etc/letsencrypt/live/chat.tuempresa.com/fullchain.pem nginx/ssl/cert.pem sudo cp /etc/letsencrypt/live/chat.tuempresa.com/privkey.pem nginx/ssl/key.pem # Reiniciar nginx docker compose restart nginx ``` ### 7. Configurar Renovación Automática ```bash # Crear script de renovación sudo nano /etc/cron.d/certbot-renew ``` ``` 0 3 * * * root certbot renew --quiet --post-hook "cp /etc/letsencrypt/live/chat.tuempresa.com/*.pem /opt/WhatsAppCentralizado/nginx/ssl/ && docker compose -f /opt/WhatsAppCentralizado/docker-compose.yml restart nginx" ``` --- ## Configuración de Nginx ### nginx/nginx.conf ```nginx events { worker_connections 1024; } http { upstream frontend { server frontend:80; } upstream api { server api-gateway:8000; } upstream websocket { server whatsapp-core:3001; } # Redirect HTTP to HTTPS server { listen 80; server_name chat.tuempresa.com; return 301 https://$server_name$request_uri; } # HTTPS Server server { listen 443 ssl http2; server_name chat.tuempresa.com; ssl_certificate /etc/nginx/ssl/cert.pem; ssl_certificate_key /etc/nginx/ssl/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers off; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; # Frontend location / { proxy_pass http://frontend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # API location /api { proxy_pass http://api; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Timeouts para operaciones largas proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; } # Auth endpoints location /auth { proxy_pass http://api; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } # WebSocket location /ws { proxy_pass http://websocket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_read_timeout 86400; } # Webhook de Odoo location /api/odoo/webhook { proxy_pass http://api; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } # Media files location /media { alias /var/www/media; expires 30d; add_header Cache-Control "public, immutable"; } } } ``` --- ## Backups ### Script de Backup ```bash #!/bin/bash # /opt/WhatsAppCentralizado/scripts/backup.sh BACKUP_DIR="/opt/backups/whatsapp" DATE=$(date +%Y%m%d_%H%M%S) RETENTION_DAYS=30 mkdir -p $BACKUP_DIR # Backup PostgreSQL docker compose exec -T postgres pg_dump -U $DB_USER whatsapp_central | gzip > $BACKUP_DIR/db_$DATE.sql.gz # Backup sesiones WhatsApp tar -czf $BACKUP_DIR/sessions_$DATE.tar.gz -C /var/lib/docker/volumes whatsapp_sessions # Backup configuración tar -czf $BACKUP_DIR/config_$DATE.tar.gz .env docker-compose.yml nginx/ # Eliminar backups antiguos find $BACKUP_DIR -type f -mtime +$RETENTION_DAYS -delete echo "Backup completado: $DATE" ``` ### Programar Backup ```bash # Editar crontab crontab -e ``` ``` # Backup diario a las 3 AM 0 3 * * * /opt/WhatsAppCentralizado/scripts/backup.sh >> /var/log/whatsapp-backup.log 2>&1 ``` ### Restaurar Backup ```bash # Restaurar base de datos gunzip -c backup/db_20240115.sql.gz | docker compose exec -T postgres psql -U $DB_USER whatsapp_central # Restaurar sesiones docker compose down tar -xzf backup/sessions_20240115.tar.gz -C /var/lib/docker/volumes docker compose up -d ``` --- ## Monitoreo ### Logs ```bash # Ver todos los logs docker compose logs -f # Ver logs de servicio específico docker compose logs -f api-gateway docker compose logs -f whatsapp-core # Ver últimas 100 líneas docker compose logs --tail=100 api-gateway ``` ### Healthchecks ```bash # Estado de contenedores docker compose ps # Uso de recursos docker stats ``` ### Verificar Servicios ```bash # API curl -s https://chat.tuempresa.com/api/health | jq # Frontend curl -I https://chat.tuempresa.com # WebSocket wscat -c wss://chat.tuempresa.com/ws ``` --- ## Actualización ### Proceso de Actualización ```bash cd /opt/WhatsAppCentralizado # Hacer backup primero ./scripts/backup.sh # Obtener cambios git pull origin main # Reconstruir imágenes docker compose build # Aplicar migraciones docker compose exec api-gateway alembic upgrade head # Reiniciar servicios docker compose up -d # Verificar logs docker compose logs -f ``` ### Rollback ```bash # Volver a versión anterior git checkout # Reconstruir docker compose build docker compose up -d # Restaurar base de datos si es necesario gunzip -c backup/db_.sql.gz | docker compose exec -T postgres psql -U $DB_USER whatsapp_central ``` --- ## Troubleshooting ### Problemas Comunes #### Contenedor no inicia ```bash # Ver logs detallados docker compose logs # Verificar configuración docker compose config ``` #### Error de conexión a PostgreSQL ```bash # Verificar que postgres está corriendo docker compose ps postgres # Verificar credenciales docker compose exec postgres psql -U $DB_USER -d whatsapp_central ``` #### WhatsApp no conecta ```bash # Verificar logs de whatsapp-core docker compose logs whatsapp-core # Verificar sesiones ls -la volumes/whatsapp_sessions/ # Reiniciar servicio docker compose restart whatsapp-core ``` #### Frontend no carga ```bash # Verificar build docker compose logs frontend # Reconstruir frontend docker compose build frontend docker compose up -d frontend ``` ### Comandos Útiles ```bash # Reiniciar todo docker compose restart # Reiniciar servicio específico docker compose restart api-gateway # Reconstruir sin cache docker compose build --no-cache # Limpiar volúmenes (¡CUIDADO!) docker compose down -v # Ver uso de disco docker system df # Limpiar imágenes no usadas docker image prune -a ``` --- ## Seguridad ### Firewall ```bash # Instalar ufw sudo apt install ufw # Configurar reglas sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh sudo ufw allow 80/tcp sudo ufw allow 443/tcp # Activar sudo ufw enable ``` ### Fail2ban ```bash # Instalar sudo apt install fail2ban # Configurar para nginx sudo nano /etc/fail2ban/jail.local ``` ```ini [nginx-http-auth] enabled = true port = http,https logpath = /var/log/nginx/error.log maxretry = 3 bantime = 3600 ``` ### Actualizaciones de Seguridad ```bash # Habilitar actualizaciones automáticas sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades ``` --- ## Escalamiento ### Múltiples Números WhatsApp Para manejar muchos números, escalar whatsapp-core: ```yaml # docker-compose.override.yml services: whatsapp-core: deploy: replicas: 3 volumes: - whatsapp_sessions:/app/sessions ``` ### Alta Disponibilidad Para producción de alta disponibilidad: 1. **Load Balancer** externo (HAProxy, AWS ALB) 2. **PostgreSQL** en cluster (Patroni) o managed (RDS) 3. **Redis** en cluster o managed (ElastiCache) 4. **Storage** compartido para sesiones (NFS, EFS) --- ## Contacto Para soporte técnico, contactar al equipo de desarrollo.