AI-agentni VPS-ga deploy qilish

Lokal mashina'da Claude Code ishlatish — yaxshi boshlanish. Lekin agent 24/7 ishlashi kerak bo'lsa — laptop yopilganda ham — sizga VPS kerak. Kron-jadval bo'yicha vazifalar, web-hook qabul qilish, doimiy monitoring — bularning hammasi server'da yashaydi.

Ushbu qo'llanmada o'zingizning Linux-server'ingizda agent qurish — boshlash, sozlash, xavfsizlik, monitoring.

Arxitektura

Tipik komponentlar:

• Gateway — kirish so'rovlarini qabul qiladi (HTTP, webhook, Telegram)
• Agent jarayoni — claude CLI yoki SDK
• MCP serverlar — tashqi tizimlar bilan ishlash
• Holat saqlash — DB yoki fayl tizimi
• Cron — rejalashtirilgan vazifalar

VPS tanlash

Boshlash uchun yetarli:

• 2 CPU, 4 GB RAM, 40 GB SSD
• Ubuntu 24.04 LTS yoki Debian 12
• Stable kanal (eksperimental emas)

Provayderlar (boshlovchi narxlar oyiga):

• Hetzner Cloud — CX22 (4 EUR)
• DigitalOcean — Basic 4 USD
• Vultr — Cloud Compute 5 USD
• Linode — Shared 5 USD
• YandexCloud — Compute Cloud (Rossiya / MDH foydalanuvchilari uchun)

Joylashuv: foydalanuvchilaringizga yaqin (Toshkent uchun — Frankfurt yoki Helsinki yaxshi).

1. Server tayyorlash

SSH bilan ulanish:

ssh root@65.21.146.10

Yangi user (root emas, xavfsizlik uchun):

adduser deploy
usermod -aG sudo deploy
mkdir -p /home/deploy/.ssh
cp ~/.ssh/authorized_keys /home/deploy/.ssh/
chown -R deploy:deploy /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
chmod 600 /home/deploy/.ssh/authorized_keys

Endi:

ssh deploy@65.21.146.10

Asosiy paketlar:

sudo apt update && sudo apt upgrade -y
sudo apt install -y git curl ufw fail2ban

Firewall:

sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

2. Node.js va Claude Code

Node 22 (eng so'nggi LTS):

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt install -y nodejs
node --version  # v22.x.x

Claude Code:

sudo npm install -g @anthropic-ai/claude-code
claude --version

API kalitini muhit o'zgaruvchisi sifatida:

echo 'export ANTHROPIC_API_KEY="sk-ant-..."' >> ~/.bashrc
source ~/.bashrc

Xavfsizlik: .env fayllarda — chmod 600. Hech qachon git'ga commit qilmang.

3. Agent gateway (Telegram misol)

~/agent-gateway/server.py (Python misoli):

import os
from fastapi import FastAPI, Request
from aiogram import Bot, Dispatcher, types
import subprocess

bot = Bot(token=os.getenv("TELEGRAM_TOKEN"))
dp = Dispatcher()
app = FastAPI()

@dp.message()
async def handle_message(msg: types.Message):
    user_id = msg.from_user.id
    if user_id != int(os.getenv("ALLOWED_USER_ID")):
        return  # Faqat sizga javob beradi

    # Agent CLI ni chaqirish
    result = subprocess.run(
        ["claude", "--non-interactive", msg.text],
        capture_output=True, text=True, timeout=300
    )
    await msg.answer(result.stdout[:4096])

@app.post("/webhook")
async def telegram_webhook(request: Request):
    update = await request.json()
    await dp.feed_webhook_update(bot, update)
    return {"ok": True}

4. systemd unit — 24/7 ishlash

/etc/systemd/system/agent-gateway.service:

[Unit]
Description=AI Agent Gateway
After=network.target

[Service]
Type=simple
User=deploy
WorkingDirectory=/home/deploy/agent-gateway
EnvironmentFile=/home/deploy/agent-gateway/.env
ExecStart=/usr/bin/uvicorn server:app --host 127.0.0.1 --port 9090
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target

Ishga tushirish:

sudo systemctl daemon-reload
sudo systemctl enable agent-gateway
sudo systemctl start agent-gateway
sudo systemctl status agent-gateway

Loglar:

sudo journalctl -u agent-gateway -f

5. Caddy — HTTPS va reverse proxy

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update && sudo apt install caddy

/etc/caddy/Caddyfile:

agent.sizning-domen.uz {
    encode gzip
    log {
        output file /var/log/caddy/agent.log
    }
    reverse_proxy 127.0.0.1:9090
}

sudo systemctl reload caddy

Caddy avtomatik Let's Encrypt sertifikatini oladi. HTTPS — ishlaydi.

Telegram webhook ni ulashing:

curl -X POST "https://api.telegram.org/bot${TOKEN}/setWebhook?url=https://agent.sizning-domen.uz/webhook"

6. Cron — rejalashtirilgan vazifalar

~/agent-tasks.sh:

#!/bin/bash
cd /home/deploy/loyiha
claude --non-interactive "Bugungi yangiliklarini ko'rib chiq va Telegram ga jo'nat"

Crontab:

crontab -e
# Har kuni 09:00 da
0 9 * * * /home/deploy/agent-tasks.sh >> /var/log/agent-cron.log 2>&1

7. Xavfsizlik

Asosiy qoidalar:

• SSH faqat kalit bilan: /etc/ssh/sshd_config da PasswordAuthentication no
• fail2ban: brute-force urinishlarni avtomatik blok qiladi
• .env fayllar — chmod 600, faqat owner o'qiy oladi
• API kalitlar — env vars'da, hech qachon kodda
• Agent — root'siz: deploy user ostida
• Allowed list: Telegram bot faqat sizning ID'ingizga javob bersin
• Rate limiting Caddy darajasida yoki gateway ichida

8. Backup va monitoring

Backup

Kunlik:

# /etc/cron.daily/agent-backup
#!/bin/bash
DEST="/home/deploy/backups/$(date +%Y-%m-%d)"
mkdir -p "$DEST"
tar -czf "$DEST/agent-state.tar.gz" /home/deploy/agent-gateway/data /home/deploy/.claude
# 14 kundan eski backuplarni o'chirish
find /home/deploy/backups -mindepth 1 -mtime +14 -delete

Tashqi joyga (S3, Backblaze):

rclone copy /home/deploy/backups remote:agent-backups

Monitoring

• UptimeRobot — agent webhook'ini 5 daqiqada bir tekshiradi
• Healthcheck endpoint: gateway'da /health qaytar, Caddy'da log
• Sentry — xato qabul qilish va xabar berish
• Disk va RAM: htop, df -h — vaqti-vaqti bilan tekshirish, yoki Netdata o'rnatish

9. Cost optimization

VPS narxidan tashqari, asosiy xarajat — Anthropic API. Kuzatish kerak:

• Anthropic Console — kunlik harajatlar
• Token budget — kuniga 5 USD limit qo'ying (alert bilan)
• Prompt caching — har joyda. Batafsil: Token tejash

Anti-paternlar

• Root user bilan agentni ishlatish: kompromat bo'lsa — to'liq tizim ostida.
• Public endpoint, auth yo'q: har kim Telegram boti orqali sizning Claude API'ngizdan foydalanadi
• Backup yo'q: bir kun DB buziladi — boshqacha boshlash kerak
• Logging yo'q: nima ketgani sezilmaydi, debug imkoniyati yo'q
• API token git'ga commit: GitHub bot bir necha daqiqada topadi va sizning hisobingizdan abuse boshlanadi

Boshlovchi to'plami

Eng kichik kombinatsiya, 24/7 ishlatish uchun:

Komponent	Narx oyiga
VPS (2 CPU, 4 GB)	~5 USD
Domen	~12 USD/yil
Anthropic API	foydalanuvchidan
Caddy, systemd, fail2ban	bepul
UptimeRobot (free)	bepul

10 USD/oy va birinchi to'liq mahsuldor agent.

Keyingi qadamlar

• Claude Code — boshlovchi qo'llanma
• CLAUDE.md fayli
• Token tejash