feat(deploy): add qlockify.ir domain and ssl config

2026-04-29 17:27:49 +03:30
parent 596e2716ab
commit 34af725f41
7 changed files with 144 additions and 70 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ backend/.pytest_cache/
 backend/qlockify-backend-deployment
 frontend/qlockify-frontend-deployment
 nginx/certs/*
 !nginx/certs/.gitkeep
--- a/README.md
+++ b/README.md
@@ -2,7 +2,10 @@
 This repository is the deployment layer only.
-Docker builds read from the local `./backend` and `./frontend` directories inside this repository.
+Docker builds now read from nested application source directories inside this repository:
 - `./backend/qlockify-backend-deployment`
 - `./frontend/qlockify-frontend-deployment`
 Those directories are expected to contain the backend and frontend application source before you build for deployment.
 ## Local structure
@@ -12,7 +15,9 @@ The expected deployment layout is:
 ```text
 qlockify-deployment/
  backend/
    qlockify-backend-deployment/
  frontend/
    qlockify-frontend-deployment/
  nginx/
  postgres/
  docker-compose.yml
@@ -21,12 +26,12 @@ qlockify-deployment/
 ## Deployment flow
 1. Put your application source into:
-   - `./backend`
+   - `./backend/qlockify-backend-deployment`
-   - `./frontend`
+   - `./frontend/qlockify-frontend-deployment`
 2. Configure deployment env files:
   - `./.env`
-   - `./backend/.env`
+   - `./backend/qlockify-backend-deployment/.env`
-   - `./frontend/.env`
+   - `./frontend/qlockify-frontend-deployment/.env`
 3. From `qlockify-deployment`, build and start the stack:
 ```powershell
@@ -35,6 +40,42 @@ docker compose up --build
 The backend container runs database migrations and `collectstatic` on startup, then serves Django with Gunicorn using `config.wsgi:application`.
 ## Domain setup
 The Nginx config is prepared for:
 - `qlockify.ir`
 - `www.qlockify.ir`
 Requests to `www.qlockify.ir` are redirected to `qlockify.ir`.
 Before bringing the stack up in production:
 1. Point the DNS `A` or `AAAA` records for `qlockify.ir` and `www.qlockify.ir` to your server.
 2. Set the backend env values in `./backend/qlockify-backend-deployment/.env`:
   - `DJANGO_ALLOWED_HOSTS=qlockify.ir,www.qlockify.ir`
   - `CORS_ALLOWED_ORIGINS=https://qlockify.ir,https://www.qlockify.ir`
   - `CSRF_TRUSTED_ORIGINS=https://qlockify.ir,https://www.qlockify.ir`
   - `BASE_URL=https://qlockify.ir`
 3. Set the frontend env value in `./frontend/qlockify-frontend-deployment/.env`:
   - `VITE_API_BASE_URL=https://qlockify.ir/api`
 ## SSL certificates
 HTTPS is configured through Nginx if you place these files in:
 ```text
 ./nginx/certs/fullchain.pem
 ./nginx/certs/privkey.pem
 ```
 The repo keeps `./nginx/certs/.gitkeep` only. Actual certificate files are ignored by git.
 With the current Nginx config:
 - `http://qlockify.ir` redirects to `https://qlockify.ir`
 - `http://www.qlockify.ir` redirects to `https://qlockify.ir`
 - `https://www.qlockify.ir` redirects to `https://qlockify.ir`
 Make sure port `443` is open on the server firewall before starting the stack.
 ## SSE Notifications
 Notifications now use Server-Sent Events at `/api/notifications/stream/`.
--- a/backend/.env.sample
+++ b/backend/.env.sample
@@ -5,7 +5,7 @@ DEBUG=True
 # Django Core
 DJANGO_SETTINGS_MODULE=config.settings
 DJANGO_SECRET_KEY=
-DJANGO_ALLOWED_HOSTS=
+DJANGO_ALLOWED_HOSTS=qlockify.ir,www.qlockify.ir
 # Database
 POSTGRES_DB=app_db
@@ -15,8 +15,8 @@ POSTGRES_HOST=db
 POSTGRES_PORT=5432
 # CORS / CSRF
-CORS_ALLOWED_ORIGINS=https://app.example.com
+CORS_ALLOWED_ORIGINS=https://qlockify.ir,https://www.qlockify.ir
-CSRF_TRUSTED_ORIGINS=https://app.example.com
+CSRF_TRUSTED_ORIGINS=https://qlockify.ir,https://www.qlockify.ir
 # JWT
 ACCESS_TOKEN_LIFETIME=5
@@ -41,4 +41,4 @@ LANGUAGE_CODE=en-us
 TIME_ZONE=Asia/Tehran
 SMS_APIKEY=
-BASE_URL=
+BASE_URL=https://qlockify.ir
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -77,9 +77,10 @@ services:
    restart: always
    ports:
      - "80:80"
-      # - "443:443" # Uncomment when adding SSL
+      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
      - ./nginx/certs:/etc/nginx/certs:ro
      - ./nginx/.htpasswd:/etc/nginx/.htpasswd:ro
      - static_data:/usr/share/nginx/html/staticfiles:ro
      - media_data:/usr/share/nginx/html/mediafiles:ro
--- a/frontend/.env.sample
+++ b/frontend/.env.sample
@@ -1 +1 @@
-VITE_API_BASE_URL=http://localhost/api
+VITE_API_BASE_URL=https://qlockify.ir/api
--- a/nginx/certs/.gitkeep
+++ b/nginx/certs/.gitkeep
@@ -0,0 +1 @@
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,6 +1,36 @@
 server {
    listen 80;
-    server_name localhost;
+    server_name qlockify.ir www.qlockify.ir;
    return 301 https://qlockify.ir$request_uri;
 }
 server {
    listen 443 ssl;
    http2 on;
    server_name www.qlockify.ir;
    ssl_certificate /etc/nginx/certs/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    return 301 https://qlockify.ir$request_uri;
 }
 server {
    listen 443 ssl;
    http2 on;
    server_name qlockify.ir;
    ssl_certificate /etc/nginx/certs/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    client_max_body_size 100M;
    sendfile on;
@@ -18,7 +48,7 @@ server {
        access_log off;
    }
-    # Protect API Documentation with Basic Auth (from your old project)
+    # Protect API Documentation with Basic Auth
    location ~ ^/(docs|redoc|openapi.json|api/docs|api/redoc|api/openapi.json|api/v1/docs) {
        auth_basic "Restricted API Documentation";
        auth_basic_user_file /etc/nginx/.htpasswd;
@@ -30,7 +60,6 @@ server {
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    # Standard API Proxy
    location /api/notifications/stream/ {
        proxy_pass http://backend:8000;
        proxy_http_version 1.1;
@@ -54,7 +83,6 @@ server {
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    # Admin Panel Proxy
    location /admin/ {
        proxy_pass http://backend:8000;
        proxy_set_header Host $host;
@@ -63,10 +91,11 @@ server {
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    # Frontend Proxy
    location / {
        proxy_pass http://frontend:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 }
`@@ -1 +1 @@`
	`VITE_API_BASE_URL=http://localhost/api`	`VITE_API_BASE_URL=https://qlockify.ir/api`