# 🚀 Dodgers IPTV - Deployment Guide

## Overview

The Dodgers IPTV Stream Theater has been completely rebuilt with enterprise-grade security, performance, and reliability. This deployment guide covers setup, configuration, and maintenance of the production-ready application.

---

## 📋 Prerequisites

### System Requirements
- **PHP**: 8.1 or higher
- **Database**: SQLite 3 (included with PHP)
- **Web Server**: Apache/Nginx with PHP-FPM recommended
- **Extensions**: pdo, pdo_sqlite, mbstring, json
- **Memory**: 128MB minimum, 256MB recommended
- **Storage**: 50MB for application, expandable for logs/database

### Development Tools
```bash
# Install Composer (PHP dependency manager)
curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer

# Verify installations
php --version        # Should be 8.1+
composer --version   # Should work
php -m | grep -E "(pdo|sqlite|mbstring|json)"  # Extensions present
```

---

## 🛠️ Step-by-Step Setup

### 1. Code Deployment
```bash
# Clone or download the application
cd /var/www/html/
git clone https://your-repo-url/dodgers-iptv.git
cd dodgers-iptv

# Or extract from ZIP file
unzip dodgers-iptv-v1.0.0.zip
cd dodgers-iptv/
```

### 2. Dependency Installation
```bash
# Install PHP dependencies
composer install --no-dev --optimize-autoloader

# Verify autoloader
php -r "require 'vendor/autoload.php'; echo '✓ Composer setup complete\n';"
```

### 3. Environment Configuration
```bash
# Copy environment template
cp .env.example .env

# Edit configuration
nano .env
```

**Essential .env Configuration:**
```bash
# Environment
APP_ENV=production

# Admin Credentials (generate with included script)
ADMIN_USERNAME=your_admin_username
ADMIN_PASSWORD_HASH=run_php_generate_hash.php

# Database (SQLite - no configuration needed)
DB_DATABASE=data/app.db

# Security
SECRET_KEY=generate_random_64_char_key_here

# Stream Settings
STREAM_BASE_URL=http://your-stream-server:port
STREAM_ALLOWED_IPS=127.0.0.1,your.stream.ip

# Logging
LOG_LEVEL=WARNING
LOG_FILE=logs/app.log
```

### 4. Generate Admin Password
```bash
# Use included script to generate secure password hash
php generate_hash.php

# Enter your desired admin password
# Copy the generated hash to .env ADM_PASSWORD_HASH
```

### 5. Database Setup
```bash
# Run database migrations
make db

# Or manually:
php -r "
require_once 'bootstrap.php';
\$db = Database::getInstance()->getConnection();
\$sql = file_get_contents('migrations/001_create_tables.sql');
\$db->exec(\$sql);
echo 'Database initialized!\n';
"
```

### 6. File Permissions
```bash
# Set correct ownership (replace www-data with your web user)
sudo chown -R www-data:www-data /var/www/html/dodgers-iptv/

# Set permissions
find . -type f -name "*.php" -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

# Database and logs need write access
chmod 664 data/app.db
chmod 775 logs/
chmod 664 logs/app.log
```

### 7. Web Server Configuration

#### Apache (recommended)
```apache
<VirtualHost *:80>
    ServerName your-domain.com
    DocumentRoot /var/www/html/dodgers-iptv

    <Directory /var/www/html/dodgers-iptv>
        AllowOverride All
        Require all granted

        # Security headers
        Header always set X-Frame-Options DENY
        Header always set X-Content-Type-Options nosniff
        Header always set Referrer-Policy strict-origin-when-cross-origin
    </Directory>

    # Logs
    ErrorLog /var/log/apache2/dodgers-error.log
    CustomLog /var/log/apache2/dodgers-access.log combined
</VirtualHost>
```

#### Nginx
```nginx
server {
    listen 80;
    server_name your-domain.com;
    root /var/www/html/dodgers-iptv;
    index index.php;

    # Security headers
    add_header X-Frame-Options "DENY" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    # Deny access to sensitive files
    location ~ /(config|\.env|logs)/ {
        deny all;
    }
}
```

---

## 🔧 Post-Installation Tasks

### Run Tests (Recommended)
```bash
# Install development dependencies
composer install

# Run test suite
make test

# Check code coverage
make test-coverage
```

### Health Check
```bash
# Basic functionality test
curl -I http://your-domain.com/

# Database connection test
php -r "
require_once 'bootstrap.php';
\$db = Database::getInstance();
echo 'Database connection: ✓\n';
"

# Chat system test
php -r "
require_once 'bootstrap.php';
\$chat = new ChatServer();
echo 'Chat system: ✓\n';
"
```

### SSL Certificate (Production Recommended)
```bash
# Using Let's Encrypt (certbot)
sudo certbot --apache -d your-domain.com

# Or manual certificates
# Place fullchain.pem and privkey.pem in /etc/ssl/certs/
# Update Apache/Nginx config with SSL settings
```

---

## 🔍 Monitoring & Maintenance

### Log Monitoring
```bash
# View recent logs
tail -f logs/app.log

# Search for errors
grep "ERROR\|CRITICAL" logs/app.log

# Log rotation (add to cron)
0 0 * * * /usr/sbin/logrotate /etc/logrotate.d/dodgers

# Logrotate configuration (/etc/logrotate.d/dodgers)
/var/www/html/dodgers-iptv/logs/*.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    notifempty
    create 644 www-data www-data
    postrotate
        systemctl reload apache2 2>/dev/null || true
    endscript
}
```

### Performance Monitoring
```bash
# Check PHP-FPM status
systemctl status php8.1-fpm

# Monitor resource usage
htop

# PHP performance metrics
php -r "
echo 'Memory limit: ' . ini_get('memory_limit') . PHP_EOL;
echo 'Max execution time: ' . ini_get('max_execution_time') . PHP_EOL;
echo 'Upload max size: ' . ini_get('upload_max_filesize') . PHP_EOL;
"
```

### Database Maintenance
```bash
# Database size check
ls -lh data/app.db

# Optimization (run weekly)
php -r "
require_once 'bootstrap.php';
\$db = Database::getInstance()->getConnection();
\$db->exec('VACUUM');
\$db->exec('REINDEX');
echo 'Database optimized!\n';
"
```

### Backup Strategy
```bash
#!/bin/bash
# Weekly backup script (/etc/cron.weekly/dodgers-backup)

BACKUP_DIR="/var/backups/dodgers"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)

# Create backup directory
mkdir -p $BACKUP_DIR

# Database backup
sqlite3 data/app.db ".backup '$BACKUP_DIR/app_$TIMESTAMP.db'"

# Log archive
tar -czf $BACKUP_DIR/logs_$TIMESTAMP.tar.gz logs/

# Configuration backup
cp .env $BACKUP_DIR/env_$TIMESTAMP.bak

# Cleanup old backups (keep 30 days)
find $BACKUP_DIR -name "*.db" -mtime +30 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete
find $BACKUP_DIR -name "*.bak" -mtime +30 -delete
```

---

## 🚨 Troubleshooting

### Common Issues

#### 1. White Screen / 500 Error
```bash
# Check PHP error logs
tail -f /var/log/apache2/error.log
tail -f /var/log/php8.1-fpm.log

# Enable debug mode temporarily
# Set APP_ENV=development in .env
# Reload web server
systemctl reload apache2
```

#### 2. Database Connection Failed
```bash
# Check file permissions
ls -la data/app.db

# Test connection manually
php -r "
try {
    \$pdo = new PDO('sqlite:data/app.db');
    echo '✓ Database connection successful\n';
} catch(Exception \$e) {
    echo '✗ Database error: ' . \$e->getMessage() . '\n';
}
"
```

#### 3. Chat Not Working
```bash
# Check SSE endpoint
curl -H "Accept: text/event-stream" "http://your-domain.com/?sse=1&user_id=test&csrf=test"

# Review chat logs
grep "chat\|ChatServer" logs/app.log
```

#### 4. High Memory Usage
```bash
# Monitor processes
ps aux | grep php

# Check PHP memory settings
php -r "echo 'Current memory_limit: ' . ini_get('memory_limit') . '\n';"

# Increase if needed (php.ini or .user.ini)
memory_limit = 256M
```

---

## 🔐 Security Hardening

### Additional Security Measures
```bash
# Install fail2ban for IP banning
sudo apt-get install fail2ban

# Configure fail2ban for application logs
# /etc/fail2ban/jail.local
[dodgers]
enabled = true
port = http,https
filter = dodgers
logpath = /var/www/html/dodgers-iptv/logs/app.log
maxretry = 3
bantime = 86400

# Create filter
# /etc/fail2ban/filter.d/dodgers.conf
[Definition]
failregex = ^.*SECURITY.*ip.*<HOST>.*$
ignoreregex =
```

### Firewall Configuration
```bash
# Allow only necessary ports
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 'Apache Full'

# Enable firewall
sudo ufw enable
```

---

## 🚀 Performance Optimization

### PHP-FPM Tuning
```ini
# /etc/php/8.1/fpm/pool.d/www.conf
[www]

user = www-data
group = www-data

listen = /run/php/php8.1-fpm.sock
listen.owner = www-data
listen.group = www-data

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s

# Memory and timeouts
php_admin_value[memory_limit] = 128M
request_terminate_timeout = 300
```

### OPCache Configuration
```ini
# /etc/php/8.1/fpm/conf.d/opcache.ini
zend_extension=opcache.so
opcache.enable=1
opcache.memory_consumption=128
opcache.max_accelerated_files=7963
opcache.revalidate_freq=0
opcache.fast_shutdown=1
opcache.enable_cli=1
```

---

## 📊 Monitoring

### Health Check Endpoint
Add to monitoring system:
```
Health Check: http://your-domain.com/?api=health
Response: {"status":"ok","timestamp":"2025-01-01T12:00:00Z"}
```

### Metrics Collection
```bash
# Log analysis
#!/bin/bash
LOG_FILE="logs/app.log"
echo "=== Dodgers IPTV Daily Report ==="
echo "Requests today: $(grep "$(date +%Y-%m-%d)" "$LOG_FILE" | wc -l)"
echo "Errors today: $(grep "$(date +%Y-%m-%d)" "$LOG_FILE" | grep -i error | wc -l)"
echo "Chat messages today: $(grep "$(date +%Y-%m-%d)" "$LOG_FILE" | grep "message_sent" | wc -l)"
echo "Database size: $(ls -lh data/app.db | awk '{print $5}')"
echo "Log size: $(ls -lh logs/app.log | awk '{print $5}')"
```

---

## 🎯 Success Checklist

- [ ] PHP dependencies installed
- [ ] Environment variables configured
- [ ] Admin password hash generated
- [ ] Database tables created
- [ ] File permissions set correctly
- [ ] Web server configured and restarted
- [ ] SSL certificate installed (production)
- [ ] Basic functionality tested
- [ ] Application accessible at domain
- [ ] Chat system working
- [ ] Admin login functional
- [ ] Security headers verified
- [ ] Monitoring tools set up
- [ ] Backup strategy implemented

---

## 🎉 Deployment Complete!

Your Dodgers IPTV Stream Theater is now running with:
- ✅ Enterprise-grade security
- ✅ Real-time chat system
- ✅ Database-driven architecture
- ✅ Comprehensive monitoring
- ✅ Production-ready performance

**Access your application at: https://your-domain.com**

For support or questions, check the logs and test outputs for detailed error information.