Version: 1.0.0
Updated: 2024-01-20
Target Audience: System Administrators, DevOps Engineers
graph TB
A[Load Balancer] --> B[Web Interface]
A --> C[API Gateway]
B --> D[Download Service 1]
B --> E[Download Service 2]
B --> F[Download Service N]
D --> G[Storage Volume 1]
E --> H[Storage Volume 2]
F --> I[Storage Volume N]
D --> J[Shared Database]
E --> J
F --> J
K[Monitoring] --> D
K --> E
K --> F
L[Backup Service] --> G
L --> H
L --> I
L --> J
Production Environment:
CPU: 8+ cores (Intel Xeon/AMD EPYC)
RAM: 32+ GB DDR4
Storage:
- OS: 100GB SSD
- Downloads: 2TB+ NVMe SSD RAID
- Database: 50GB SSD
Network: 1Gbps+ dedicated connection
OS: Ubuntu 22.04 LTS or CentOS Stream 9
#!/bin/bash
# production_install.sh
set -e
# Update system
apt update && apt upgrade -y
# Install dependencies
apt install -y python3.11 python3.11-venv nginx postgresql redis-server \
supervisor htop iotop nethogs fail2ban ufw
# Create application user
useradd -m -s /bin/bash telegram-downloader
usermod -aG sudo telegram-downloader
# Setup application directory
mkdir -p /opt/telegram-audio-downloader
chown telegram-downloader:telegram-downloader /opt/telegram-audio-downloader
# Setup storage directories
mkdir -p /data/downloads /data/database /data/logs /data/cache
chown -R telegram-downloader:telegram-downloader /data/
# Install application
sudo -u telegram-downloader bash << 'EOF'
cd /opt/telegram-audio-downloader
python3.11 -m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install telegram-audio-downloader[production]
# Create configuration
mkdir -p config
cat > config/production.ini << 'INIEOF'
[database]
url = postgresql://telegram:password@localhost/telegram_downloader
[storage]
download_dir = /data/downloads
cache_dir = /data/cache
log_dir = /data/logs
[performance]
max_concurrent_downloads = 16
rate_limit_delay = 0.3
worker_processes = 4
[monitoring]
enable_metrics = true
metrics_port = 9090
health_check_port = 8080
INIEOF
EOF
echo "β
Production installation completed"
# /etc/systemd/system/telegram-downloader.service
[Unit]
Description=Telegram Audio Downloader Service
After=network.target postgresql.service redis.service
Wants=postgresql.service redis.service
[Service]
Type=forking
User=telegram-downloader
Group=telegram-downloader
WorkingDirectory=/opt/telegram-audio-downloader
Environment=PATH=/opt/telegram-audio-downloader/venv/bin
Environment=CONFIG_FILE=/opt/telegram-audio-downloader/config/production.ini
ExecStart=/opt/telegram-audio-downloader/venv/bin/telegram-audio-downloader serve --daemon
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
# Dockerfile.production
FROM python:3.11-slim
# Install system dependencies
RUN apt-get update && apt-get install -y \
gcc \
libc6-dev \
libffi-dev \
&& rm -rf /var/lib/apt/lists/*
# Create application user
RUN groupadd -r telegram && useradd -r -g telegram telegram
# Set up application directory
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Copy application code
COPY --chown=telegram:telegram . .
# Create necessary directories
RUN mkdir -p /data/downloads /data/cache /data/logs && \
chown -R telegram:telegram /data/
# Switch to non-root user
USER telegram
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8080/health || exit 1
# Expose ports
EXPOSE 8080 9090
# Start application
CMD ["telegram-audio-downloader", "serve", "--config", "/app/config/docker.ini"]
# docker-compose.production.yml
version: '3.8'
services:
telegram-downloader:
build:
context: .
dockerfile: Dockerfile.production
container_name: telegram-downloader
restart: unless-stopped
ports:
- "8080:8080"
- "9090:9090"
volumes:
- downloads_data:/data/downloads
- cache_data:/data/cache
- logs_data:/data/logs
- ./config:/app/config:ro
environment:
- DATABASE_URL=postgresql://postgres:password@postgres:5432/telegram_downloader
- REDIS_URL=redis://redis:6379/0
depends_on:
- postgres
- redis
networks:
- telegram_network
deploy:
resources:
limits:
memory: 2G
cpus: '2'
reservations:
memory: 1G
cpus: '1'
postgres:
image: postgres:15
container_name: telegram-postgres
restart: unless-stopped
environment:
- POSTGRES_DB=telegram_downloader
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=password
volumes:
- postgres_data:/var/lib/postgresql/data
- ./scripts/init.sql:/docker-entrypoint-initdb.d/init.sql:ro
networks:
- telegram_network
redis:
image: redis:7-alpine
container_name: telegram-redis
restart: unless-stopped
command: redis-server --appendonly yes
volumes:
- redis_data:/data
networks:
- telegram_network
nginx:
image: nginx:alpine
container_name: telegram-nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/ssl:/etc/nginx/ssl:ro
depends_on:
- telegram-downloader
networks:
- telegram_network
volumes:
downloads_data:
driver: local
driver_opts:
type: none
o: bind
device: /data/downloads
cache_data:
logs_data:
postgres_data:
redis_data:
networks:
telegram_network:
driver: bridge
# k8s/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: telegram-downloader
labels:
app: telegram-downloader
---
# k8s/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: telegram-downloader-config
namespace: telegram-downloader
data:
production.ini: |
[database]
url = postgresql://postgres:password@postgres-service:5432/telegram_downloader
[storage]
download_dir = /data/downloads
cache_dir = /data/cache
[performance]
max_concurrent_downloads = 8
rate_limit_delay = 0.5
worker_processes = 2
---
# k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: telegram-downloader
namespace: telegram-downloader
labels:
app: telegram-downloader
spec:
replicas: 3
selector:
matchLabels:
app: telegram-downloader
template:
metadata:
labels:
app: telegram-downloader
spec:
containers:
- name: telegram-downloader
image: telegram-audio-downloader:1.0.0
ports:
- containerPort: 8080
name: http
- containerPort: 9090
name: metrics
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1"
volumeMounts:
- name: config
mountPath: /app/config
readOnly: true
- name: downloads
mountPath: /data/downloads
- name: cache
mountPath: /data/cache
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: telegram-secrets
key: database-url
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: config
configMap:
name: telegram-downloader-config
- name: downloads
persistentVolumeClaim:
claimName: downloads-pvc
- name: cache
emptyDir: {}
---
# k8s/service.yaml
apiVersion: v1
kind: Service
metadata:
name: telegram-downloader-service
namespace: telegram-downloader
labels:
app: telegram-downloader
spec:
selector:
app: telegram-downloader
ports:
- name: http
port: 80
targetPort: 8080
- name: metrics
port: 9090
targetPort: 9090
type: ClusterIP
---
# k8s/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: telegram-downloader-ingress
namespace: telegram-downloader
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/rate-limit: "100"
spec:
tls:
- hosts:
- downloader.yourdomain.com
secretName: telegram-downloader-tls
rules:
- host: downloader.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: telegram-downloader-service
port:
number: 80
---
# k8s/pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: downloads-pvc
namespace: telegram-downloader
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Ti
storageClassName: fast-ssd
# monitoring/prometheus.yml
global:
scrape_interval: 15s
evaluation_interval: 15s
rule_files:
- "alert_rules.yml"
scrape_configs:
- job_name: 'telegram-downloader'
static_configs:
- targets: ['telegram-downloader:9090']
scrape_interval: 5s
metrics_path: /metrics
- job_name: 'node-exporter'
static_configs:
- targets: ['node-exporter:9100']
alerting:
alertmanagers:
- static_configs:
- targets:
- alertmanager:9093
{
"dashboard": {
"title": "Telegram Audio Downloader",
"panels": [
{
"title": "Download Rate",
"type": "graph",
"targets": [
{
"expr": "rate(downloads_completed_total[5m])",
"legendFormat": "Downloads/sec"
}
]
},
{
"title": "Success Rate",
"type": "singlestat",
"targets": [
{
"expr": "downloads_completed_total / (downloads_completed_total + downloads_failed_total) * 100",
"legendFormat": "Success %"
}
]
},
{
"title": "Memory Usage",
"type": "graph",
"targets": [
{
"expr": "process_resident_memory_bytes",
"legendFormat": "Memory"
}
]
}
]
}
}
# logging/fluentd.conf
<source>
@type tail
path /data/logs/*.log
pos_file /tmp/telegram-downloader.log.pos
tag telegram.downloader
format json
time_key timestamp
time_format %Y-%m-%dT%H:%M:%S.%L%z
</source>
<match telegram.**>
@type elasticsearch
host elasticsearch
port 9200
index_name telegram-downloader
type_name logs
time_key @timestamp
flush_interval 10s
</match>
# Generate SSL certificates
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/telegram-downloader.key \
-out /etc/ssl/certs/telegram-downloader.crt \
-subj "/C=US/ST=State/L=City/O=Org/CN=downloader.yourdomain.com"
# UFW firewall setup
ufw --force reset
ufw default deny incoming
ufw default allow outgoing
# Allow SSH
ufw allow ssh
# Allow HTTP/HTTPS
ufw allow 80
ufw allow 443
# Allow application ports
ufw allow 8080
ufw allow 9090
# Enable firewall
ufw --force enable
#!/bin/bash
# security_hardening.sh
# Disable root login
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
# Configure fail2ban
cat > /etc/fail2ban/jail.local << 'EOF'
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
[telegram-downloader]
enabled = true
port = 8080
filter = telegram-downloader
logpath = /data/logs/access.log
maxretry = 10
EOF
# Restart services
systemctl restart ssh
systemctl restart fail2ban
#!/bin/bash
# backup.sh
BACKUP_DIR="/backup/telegram-downloader"
DATE=$(date +%Y%m%d_%H%M%S)
RETENTION_DAYS=30
# Create backup directory
mkdir -p "$BACKUP_DIR"
# Database backup
pg_dump telegram_downloader | gzip > "$BACKUP_DIR/database_$DATE.sql.gz"
# Configuration backup
tar -czf "$BACKUP_DIR/config_$DATE.tar.gz" /opt/telegram-audio-downloader/config/
# Application backup
tar -czf "$BACKUP_DIR/app_$DATE.tar.gz" /opt/telegram-audio-downloader/ \
--exclude='venv' --exclude='*.pyc' --exclude='__pycache__'
# Clean old backups
find "$BACKUP_DIR" -name "*.gz" -mtime +$RETENTION_DAYS -delete
echo "Backup completed: $DATE"
#!/bin/bash
# restore.sh
BACKUP_DIR="/backup/telegram-downloader"
RESTORE_DATE="$1"
if [ -z "$RESTORE_DATE" ]; then
echo "Usage: $0 <backup_date>"
exit 1
fi
# Stop services
systemctl stop telegram-downloader
# Restore database
gunzip -c "$BACKUP_DIR/database_$RESTORE_DATE.sql.gz" | psql telegram_downloader
# Restore configuration
tar -xzf "$BACKUP_DIR/config_$RESTORE_DATE.tar.gz" -C /
# Restore application
tar -xzf "$BACKUP_DIR/app_$RESTORE_DATE.tar.gz" -C /
# Start services
systemctl start telegram-downloader
echo "Restore completed from: $RESTORE_DATE"
# k8s/hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: telegram-downloader-hpa
namespace: telegram-downloader
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: telegram-downloader
minReplicas: 3
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
- type: Pods
pods:
metric:
name: downloads_per_second
target:
type: AverageValue
averageValue: "10"
# nginx/load_balancer.conf
upstream telegram_downloader {
least_conn;
server 10.0.1.10:8080 max_fails=3 fail_timeout=30s;
server 10.0.1.11:8080 max_fails=3 fail_timeout=30s;
server 10.0.1.12:8080 max_fails=3 fail_timeout=30s;
}
server {
listen 80;
server_name downloader.yourdomain.com;
location / {
proxy_pass http://telegram_downloader;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Load balancing method
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_connect_timeout 5s;
proxy_send_timeout 10s;
proxy_read_timeout 30s;
}
location /health {
access_log off;
proxy_pass http://telegram_downloader/health;
}
}
For additional deployment support, visit our GitHub repository or contact our enterprise support team.
Last updated: 2024-01-20
Version: 1.0.0