streamflow/DEPLOYMENT.md

# StreamFlow IPTV - Deployment Guide

## Quick Deployment

StreamFlow IPTV is available as a pre-built Docker image on Docker Hub, making deployment quick and easy.

### Prerequisites

- Docker and Docker Compose installed on your system
- Docker Hub account (for accessing the private image)

### Step 1: Login to GitHub Container Registry

Before pulling the private image, you need to authenticate with GitHub Container Registry:

```bash
echo YOUR_GITHUB_TOKEN | docker login ghcr.io -u YOUR_GITHUB_USERNAME --password-stdin
```

Replace `YOUR_GITHUB_TOKEN` with a Personal Access Token from GitHub (Settings → Developer settings → Personal access tokens) with `read:packages` scope.

### Step 2: Download the docker-compose.yml

Download the `docker-compose.yml` file from the repository:

```bash
curl -O https://raw.githubusercontent.com/yourusername/streamflow-iptv/main/docker-compose.yml
```

Or manually create a `docker-compose.yml` file with the following content:

```yaml
#version: '3.8'

services:
  streamflow:
    image: ghcr.io/aiulian25/streamflow-iptv:latest
    container_name: streamflow
    restart: unless-stopped
    ports:
      - "0.0.0.0:12345:12345"
      - "0.0.0.0:9000:9000"
    environment:
      - NODE_ENV=production
      - PORT=12345
      - DB_PATH=/app/data/streamflow.db
      - JWT_SECRET=${JWT_SECRET:-change_this_in_production}
      - SESSION_SECRET=${SESSION_SECRET:-change_this_in_production}
      - DISABLE_SIGNUPS=true
      - MAX_RECORDING_SIZE=100GB
      - ENABLE_GPU=${ENABLE_GPU:-false}
    volumes:
      - streamflow-data:/app/data
      - streamflow-logs:/app/logs
      - streamflow-uploads:/app/uploads
    devices:
      - /dev/dri:/dev/dri  # Intel Quick Sync / VAAPI
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    privileged: true  # Required for VPN operations
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
    read_only: false
    tmpfs:
      - /tmp:size=1G,mode=1777
    networks:
      - streamflow-network
    healthcheck:
      test: ["CMD", "node", "backend/healthcheck.js"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

volumes:
  streamflow-data:
    driver: local
  streamflow-logs:
    driver: local
  streamflow-uploads:
    driver: local

networks:
  streamflow-network:
    driver: bridge
```

### Step 3: Configure Environment Variables (Recommended)

Create a `.env` file in the same directory as `docker-compose.yml`:

```bash
JWT_SECRET=your_secure_random_string_here
SESSION_SECRET=your_secure_random_string_here
ENABLE_GPU=false
```

**Important Security Note:** Change the JWT_SECRET and SESSION_SECRET to secure random strings in production!

Generate secure secrets:
```bash
# Generate JWT_SECRET
echo "JWT_SECRET=$(openssl rand -base64 32)" >> .env

# Generate SESSION_SECRET
echo "SESSION_SECRET=$(openssl rand -base64 32)" >> .env
```

### Step 4: Deploy

Start the application:

```bash
docker-compose up -d
```

This will:
1. Pull the latest StreamFlow IPTV image from Docker Hub
2. Create the necessary volumes for data persistence
3. Start the application

### Step 5: Access the Application

- Web Interface: http://localhost:12345
- Update Server: http://localhost:9000

### Step 6: Initial Setup

1. Navigate to http://localhost:12345
2. Create your admin account (first user)
3. Upload your M3U playlist files
4. Start streaming!

## Available Image Tags

- `ghcr.io/aiulian25/streamflow-iptv:latest` - Latest stable release
- `ghcr.io/aiulian25/streamflow-iptv:1.0.0` - Specific version

To use a specific version, update the docker-compose.yml:
```yaml
image: ghcr.io/aiulian25/streamflow-iptv:1.0.0
```

## Updating the Application

To update to the latest version:

```bash
docker-compose pull
docker-compose up -d
```

This will pull the latest image and restart the container with the new version.

## GPU Acceleration

### Intel Quick Sync (Default)

The default configuration includes Intel Quick Sync support. Make sure your system has `/dev/dri` devices available.

### NVIDIA GPU

To enable NVIDIA GPU acceleration, uncomment the following section in docker-compose.yml:

```yaml
deploy:
  resources:
    reservations:
      devices:
        - driver: nvidia
          count: 1
          capabilities: [gpu, video]
```

## Data Persistence

All data is stored in Docker volumes:
- `streamflow-data` - Database, playlists, recordings
- `streamflow-logs` - Application logs
- `streamflow-uploads` - User uploads

To backup your data:
```bash
docker run --rm -v streamflow-data:/data -v $(pwd):/backup alpine tar czf /backup/streamflow-backup.tar.gz /data
```

To restore from backup:
```bash
docker run --rm -v streamflow-data:/data -v $(pwd):/backup alpine tar xzf /backup/streamflow-backup.tar.gz -C /
```

## Troubleshooting

### Check Container Logs
```bash
docker-compose logs -f streamflow
```

### Check Container Status
```bash
docker-compose ps
```

### Restart Container
```bash
docker-compose restart
```

### Remove and Recreate
```bash
docker-compose down
docker-compose up -d
```

## Security Considerations

1. **Change Default Secrets**: Always change JWT_SECRET and SESSION_SECRET in production
2. **Firewall Configuration**: Consider restricting port access to specific IP ranges
3. **HTTPS**: Use a reverse proxy (nginx, Traefik) with SSL certificates for production
4. **Regular Updates**: Keep the Docker image updated with `docker-compose pull`

## Support

For issues or questions, please:
- Check the logs: `docker-compose logs -f`
- Review the documentation in the `docs/` directory
- Open an issue on GitHub

## License

Proprietary - See LICENSE file for details