Qlockify/qlockify-core-deployment
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(deploy): add qlockify.ir domain and ssl config

Browse Source
This commit is contained in:
Amirhossein Khalili
2026-04-29 17:27:49 +03:30
parent 596e2716ab
commit 34af725f41
7 changed files with 144 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -3,4 +3,6 @@ backend/logs/
backend/.pytest_cache/
backend/qlockify-backend-deployment
frontend/qlockify-frontend-deployment
frontend/qlockify-frontend-deployment
nginx/certs/*
!nginx/certs/.gitkeep

51
README.md
View File

@@ -2,7 +2,10 @@
This repository is the deployment layer only.
Docker builds read from the local `./backend` and `./frontend` directories inside this repository.
Docker builds now read from nested application source directories inside this repository:
- `./backend/qlockify-backend-deployment`
- `./frontend/qlockify-frontend-deployment`
Those directories are expected to contain the backend and frontend application source before you build for deployment.
## Local structure
@@ -12,7 +15,9 @@ The expected deployment layout is:
```text
qlockify-deployment/
backend/
qlockify-backend-deployment/
frontend/
qlockify-frontend-deployment/
nginx/
postgres/
docker-compose.yml
@@ -21,12 +26,12 @@ qlockify-deployment/
## Deployment flow
1. Put your application source into:
- `./backend`
- `./frontend`
- `./backend/qlockify-backend-deployment`
- `./frontend/qlockify-frontend-deployment`
2. Configure deployment env files:
- `./.env`
- `./backend/.env`
- `./frontend/.env`
- `./backend/qlockify-backend-deployment/.env`
- `./frontend/qlockify-frontend-deployment/.env`
3. From `qlockify-deployment`, build and start the stack:
```powershell
@@ -35,6 +40,42 @@ docker compose up --build
The backend container runs database migrations and `collectstatic` on startup, then serves Django with Gunicorn using `config.wsgi:application`.
## Domain setup
The Nginx config is prepared for:
- `qlockify.ir`
- `www.qlockify.ir`
Requests to `www.qlockify.ir` are redirected to `qlockify.ir`.
Before bringing the stack up in production:
1. Point the DNS `A` or `AAAA` records for `qlockify.ir` and `www.qlockify.ir` to your server.
2. Set the backend env values in `./backend/qlockify-backend-deployment/.env`:
- `DJANGO_ALLOWED_HOSTS=qlockify.ir,www.qlockify.ir`
- `CORS_ALLOWED_ORIGINS=https://qlockify.ir,https://www.qlockify.ir`
- `CSRF_TRUSTED_ORIGINS=https://qlockify.ir,https://www.qlockify.ir`
- `BASE_URL=https://qlockify.ir`
3. Set the frontend env value in `./frontend/qlockify-frontend-deployment/.env`:
- `VITE_API_BASE_URL=https://qlockify.ir/api`
## SSL certificates
HTTPS is configured through Nginx if you place these files in:
```text
./nginx/certs/fullchain.pem
./nginx/certs/privkey.pem
```
The repo keeps `./nginx/certs/.gitkeep` only. Actual certificate files are ignored by git.
With the current Nginx config:
- `http://qlockify.ir` redirects to `https://qlockify.ir`
- `http://www.qlockify.ir` redirects to `https://qlockify.ir`
- `https://www.qlockify.ir` redirects to `https://qlockify.ir`
Make sure port `443` is open on the server firewall before starting the stack.
## SSE Notifications
Notifications now use Server-Sent Events at `/api/notifications/stream/`.

18
backend/.env.sample
View File

@@ -2,10 +2,10 @@
ENVIRONMENT=development
DEBUG=True
# Django Core
DJANGO_SETTINGS_MODULE=config.settings
DJANGO_SECRET_KEY=
DJANGO_ALLOWED_HOSTS=
# Django Core
DJANGO_SETTINGS_MODULE=config.settings
DJANGO_SECRET_KEY=
DJANGO_ALLOWED_HOSTS=qlockify.ir,www.qlockify.ir
# Database
POSTGRES_DB=app_db
@@ -14,9 +14,9 @@ POSTGRES_PASSWORD=app_password
POSTGRES_HOST=db
POSTGRES_PORT=5432
# CORS / CSRF
CORS_ALLOWED_ORIGINS=https://app.example.com
CSRF_TRUSTED_ORIGINS=https://app.example.com
# CORS / CSRF
CORS_ALLOWED_ORIGINS=https://qlockify.ir,https://www.qlockify.ir
CSRF_TRUSTED_ORIGINS=https://qlockify.ir,https://www.qlockify.ir
# JWT
ACCESS_TOKEN_LIFETIME=5
@@ -40,5 +40,5 @@ CELERY_RESULT_BACKEND=redis://redis:6379/0
LANGUAGE_CODE=en-us
TIME_ZONE=Asia/Tehran
SMS_APIKEY=
BASE_URL=
SMS_APIKEY=
BASE_URL=https://qlockify.ir

23
docker-compose.yml
View File

@@ -72,17 +72,18 @@ services:
expose:
- "80"
nginx:
image: nginx:alpine
restart: always
ports:
- "80:80"
# - "443:443" # Uncomment when adding SSL
volumes:
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
- ./nginx/.htpasswd:/etc/nginx/.htpasswd:ro
- static_data:/usr/share/nginx/html/staticfiles:ro
- media_data:/usr/share/nginx/html/mediafiles:ro
nginx:
image: nginx:alpine
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
- ./nginx/certs:/etc/nginx/certs:ro
- ./nginx/.htpasswd:/etc/nginx/.htpasswd:ro
- static_data:/usr/share/nginx/html/staticfiles:ro
- media_data:/usr/share/nginx/html/mediafiles:ro
depends_on:
- backend
- frontend

2
frontend/.env.sample
View File

@@ -1 +1 @@
VITE_API_BASE_URL=http://localhost/api
VITE_API_BASE_URL=https://qlockify.ir/api

1
nginx/certs/.gitkeep Normal file
View File

@@ -0,0 +1 @@

115
nginx/nginx.conf
View File

@@ -1,36 +1,65 @@
server {
listen 80;
server_name localhost;
client_max_body_size 100M;
sendfile on;
# Static and Media files
location /static/ {
alias /usr/share/nginx/html/staticfiles/;
expires 30d;
access_log off;
}
location /media/ {
alias /usr/share/nginx/html/mediafiles/;
expires 30d;
access_log off;
}
# Protect API Documentation with Basic Auth (from your old project)
location ~ ^/(docs|redoc|openapi.json|api/docs|api/redoc|api/openapi.json|api/v1/docs) {
auth_basic "Restricted API Documentation";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://backend:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Standard API Proxy
server {
listen 80;
server_name qlockify.ir www.qlockify.ir;
return 301 https://qlockify.ir$request_uri;
}
server {
listen 443 ssl;
http2 on;
server_name www.qlockify.ir;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
return 301 https://qlockify.ir$request_uri;
}
server {
listen 443 ssl;
http2 on;
server_name qlockify.ir;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
client_max_body_size 100M;
sendfile on;
# Static and Media files
location /static/ {
alias /usr/share/nginx/html/staticfiles/;
expires 30d;
access_log off;
}
location /media/ {
alias /usr/share/nginx/html/mediafiles/;
expires 30d;
access_log off;
}
# Protect API Documentation with Basic Auth
location ~ ^/(docs|redoc|openapi.json|api/docs|api/redoc|api/openapi.json|api/v1/docs) {
auth_basic "Restricted API Documentation";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://backend:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/notifications/stream/ {
proxy_pass http://backend:8000;
proxy_http_version 1.1;
@@ -53,8 +82,7 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Admin Panel Proxy
location /admin/ {
proxy_pass http://backend:8000;
proxy_set_header Host $host;
@@ -62,11 +90,12 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Frontend Proxy
location / {
proxy_pass http://frontend:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
location / {
proxy_pass http://frontend:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}