o11v4-podman/PODMAN-SETUP.md

# o11v4 — Podman Setup

Two containers in one pod. Podman handles everything.

---

## 1. Install Podman

### Windows

Download and install from https://podman.io/

Close and reopen your terminal, then verify:

```powershell
podman --version
```

Initialize the machine (once):

```powershell
podman machine init
podman machine start
```

If PowerShell blocks scripts, run this first:

```powershell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
```

### macOS

Install via Homebrew:

```bash
brew install podman
```

Initialize the machine (once):

```bash
podman machine init
podman machine start
```

### Linux

Install from your package manager:

```bash
# Debian / Ubuntu
sudo apt install -y podman

# Fedora
sudo dnf install -y podman

# Arch
sudo pacman -S podman
```

No machine init needed — Podman runs natively on Linux.

---

## 2. Build & Run

### Windows

```powershell
.\pod-start.ps1
```

### macOS / Linux

```bash
chmod +x pod-start.sh pod-stop.sh
./pod-start.sh
```

Open `http://localhost:8484` — login: `admin` / `admin`

---

## 3. What the Script Does

The start script performs these steps:

1. Builds the container image from the Containerfile
2. Creates a pod with shared networking and `/etc/hosts` entries
3. Starts the license server container
4. Starts the o11v4 app container

You can run the commands manually if you prefer:

```bash
# 1. Build the image
podman build -t o11v4 .

# 2. Create the pod
podman pod create --name o11v4-pod \
    --add-host "lic.cryptolive.one:127.0.0.1" \
    --add-host "lic.bitmaster.cc:127.0.0.1" \
    -p 8484:8484 -p 8080:80 -p 8443:443 -p 5454:5454

# 3. Run the license server container
podman run -d --pod o11v4-pod --name licserver \
    -e SERVER_IP=127.0.0.1 o11v4 /entrypoint-licserver.sh

# 4. Run the app container
podman run -d --pod o11v4-pod --name o11v4-app \
    -e SERVER_IP=127.0.0.1 \
    --tmpfs /home/o11/hls:size=2g,mode=1777 \
    --tmpfs /home/o11/dl:size=2g,mode=1777 \
    o11v4 /entrypoint-app.sh
```

---

## 4. Managing the Pod

### Windows

| Action | Command |
|--------|---------|
| Start | `.\pod-start.ps1` |
| Stop | `.\pod-stop.ps1` |
| Full rebuild | `.\pod-stop.ps1 -RemoveImage` then `.\pod-start.ps1` |

### macOS / Linux

| Action | Command |
|--------|---------|
| Start | `./pod-start.sh` |
| Stop | `./pod-stop.sh` |
| Full rebuild | `./pod-stop.sh --remove-image` then `./pod-start.sh` |

### Common Commands (all platforms)

| Action | Command |
|--------|---------|
| Pod status | `podman pod ps` |
| All containers | `podman ps --pod` |
| Restart pod | `podman pod restart o11v4-pod` |
| App logs | `podman logs -f o11v4-app` |
| Licserver logs | `podman logs -f licserver` |
| Shell into app | `podman exec -it o11v4-app bash` |
| Shell into licserver | `podman exec -it licserver bash` |

---

## 5. Configuration

### o11.cfg (optional, edit before building)

You can change the admin password by generating a SHA-256 hash and putting it in the `Password` field in `o11.cfg`.

**Windows (PowerShell):**

```powershell
$p = "yourpassword"
[BitConverter]::ToString(
    [Security.Cryptography.SHA256]::Create().ComputeHash(
        [Text.Encoding]::UTF8.GetBytes($p)
    )
).Replace("-","").ToLower()
```

**macOS / Linux:**

```bash
echo -n "yourpassword" | sha256sum | awk '{print $1}'
```

### tmpfs sizes

**Windows:**

```powershell
.\pod-start.ps1 -HlsSize 4g -DlSize 4g
```

**macOS / Linux:**

```bash
./pod-start.sh --hls-size 4g --dl-size 4g
```

---

## 6. Troubleshooting

**"Cannot connect to Podman" (Windows / macOS):**
```bash
podman machine start
```

**o11v4 crashes:**
```bash
podman logs -f o11v4-app
```

**Can't reach localhost:8484:**
```bash
podman pod ps              # pod running?
podman port o11v4-pod      # ports mapped?
```

**License server issues:**
```bash
podman exec licserver pm2 logs licserver --lines 50
podman exec o11v4-app cat /etc/hosts
```

**Full reset (Windows):**
```powershell
.\pod-stop.ps1 -RemoveImage
.\pod-start.ps1
```

**Full reset (macOS / Linux):**
```bash
./pod-stop.sh --remove-image
./pod-start.sh
```

---

## 7. How It Works

```
  o11v4-pod (shared network namespace)
  ┌──────────────────────────────────────────────────┐
  │                                                  │
  │  licserver container       o11v4-app container   │
  │  ┌──────────────┐         ┌──────────────────┐  │
  │  │ server.js    │         │ o11v4 binary      │  │
  │  │ PM2          │◄────────│ watchdog loop     │  │
  │  │ :80 :443     │ license │ :8484 main app    │  │
  │  │ :5454        │ check   │ FFmpeg            │  │
  │  │ lic.cr       │ via     │ tmpfs: hls/, dl/  │  │
  │  └──────────────┘ localhost└──────────────────┘  │
  │                                                  │
  │  /etc/hosts:                                     │
  │    127.0.0.1 lic.cryptolive.one                  │
  │    127.0.0.1 lic.bitmaster.cc                    │
  └──────────────────────────────────────────────────┘
         │
         └── localhost:8484 → your browser
```

Both containers share `localhost`. The pod's `--add-host` entries
redirect licensing domains to `127.0.0.1`, so o11v4's license check
hits the licserver container. The licserver serves `lic.cr` and the
check passes.