feat(deploy): add qlockify.ir domain and ssl config

nginx/certs/.gitkeep

@@ -0,0 +1 @@
+

nginx/nginx.conf

@@ -1,36 +1,65 @@
-server {
-    listen 80;
-    server_name localhost;
-
-    client_max_body_size 100M;
-    sendfile on;
-
-    # Static and Media files
-    location /static/ {
-        alias /usr/share/nginx/html/staticfiles/;
-        expires 30d;
-        access_log off;
-    }
-
-    location /media/ {
-        alias /usr/share/nginx/html/mediafiles/;
-        expires 30d;
-        access_log off;
-    }
-
-    # Protect API Documentation with Basic Auth (from your old project)
-    location ~ ^/(docs|redoc|openapi.json|api/docs|api/redoc|api/openapi.json|api/v1/docs) {
-        auth_basic "Restricted API Documentation";
-        auth_basic_user_file /etc/nginx/.htpasswd;
-        
-        proxy_pass http://backend:8000;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-
-    # Standard API Proxy
+server {
+    listen 80;
+    server_name qlockify.ir www.qlockify.ir;
+
+    return 301 https://qlockify.ir$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    http2 on;
+    server_name www.qlockify.ir;
+
+    ssl_certificate /etc/nginx/certs/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:10m;
+
+    return 301 https://qlockify.ir$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    http2 on;
+    server_name qlockify.ir;
+
+    ssl_certificate /etc/nginx/certs/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:10m;
+
+    client_max_body_size 100M;
+    sendfile on;
+
+    # Static and Media files
+    location /static/ {
+        alias /usr/share/nginx/html/staticfiles/;
+        expires 30d;
+        access_log off;
+    }
+
+    location /media/ {
+        alias /usr/share/nginx/html/mediafiles/;
+        expires 30d;
+        access_log off;
+    }
+
+    # Protect API Documentation with Basic Auth
+    location ~ ^/(docs|redoc|openapi.json|api/docs|api/redoc|api/openapi.json|api/v1/docs) {
+        auth_basic "Restricted API Documentation";
+        auth_basic_user_file /etc/nginx/.htpasswd;
+
+        proxy_pass http://backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
     location /api/notifications/stream/ {
         proxy_pass http://backend:8000;
         proxy_http_version 1.1;
@@ -53,8 +82,7 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
-
-    # Admin Panel Proxy
+
     location /admin/ {
         proxy_pass http://backend:8000;
         proxy_set_header Host $host;
@@ -62,11 +90,12 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
-
-    # Frontend Proxy
-    location / {
-        proxy_pass http://frontend:80;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-    }
-}
+
+    location / {
+        proxy_pass http://frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}