# Qlockify Deployment

This repository is the deployment layer only.

Docker builds now read from nested application source directories inside this repository:
- `./backend/qlockify-backend-deployment`
- `./frontend/qlockify-frontend-deployment`

Those directories are expected to contain the backend and frontend application source before you build for deployment.

## Local structure

The expected deployment layout is:

```text
qlockify-deployment/
  backend/
    qlockify-backend-deployment/
  frontend/
    qlockify-frontend-deployment/
  nginx/
  postgres/
  docker-compose.yml
```

## Deployment flow

1. Put your application source into:
   - `./backend/qlockify-backend-deployment`
   - `./frontend/qlockify-frontend-deployment`
2. Configure deployment env files:
   - `./.env`
   - `./backend/qlockify-backend-deployment/.env`
   - `./frontend/qlockify-frontend-deployment/.env`
3. From `qlockify-deployment`, build and start the stack:

```powershell
docker compose up --build
```

The backend container runs database migrations and `collectstatic` on startup, then serves Django with Gunicorn using `config.wsgi:application`.

## Domain setup

The Nginx config is prepared for:
- `qlockify.ir`
- `www.qlockify.ir`
- `api.qlockify.ir`

Requests to `www.qlockify.ir` are redirected to `qlockify.ir`.
Backend traffic is served from `api.qlockify.ir`.

Before bringing the stack up in production:
1. Point the DNS `A` or `AAAA` records for `qlockify.ir`, `www.qlockify.ir`, and `api.qlockify.ir` to your server.
2. Set the backend env values in `./backend/qlockify-backend-deployment/.env`:
   - `DJANGO_ALLOWED_HOSTS=api.qlockify.ir,qlockify.ir,www.qlockify.ir`
   - `CORS_ALLOWED_ORIGINS=https://qlockify.ir,https://www.qlockify.ir`
   - `CSRF_TRUSTED_ORIGINS=https://api.qlockify.ir,https://qlockify.ir,https://www.qlockify.ir`
   - `BASE_URL=https://api.qlockify.ir`
3. Set the frontend env value in `./frontend/qlockify-frontend-deployment/.env`:
   - `VITE_API_BASE_URL=https://api.qlockify.ir/api`

## SSL certificates

HTTPS is configured through Nginx if you place these files in:

```text
./nginx/certs/fullchain.pem
./nginx/certs/privkey.pem
```

The repo keeps `./nginx/certs/.gitkeep` only. Actual certificate files are ignored by git.

With the current Nginx config:
- `http://qlockify.ir` redirects to `https://qlockify.ir`
- `http://www.qlockify.ir` redirects to `https://qlockify.ir`
- `https://www.qlockify.ir` redirects to `https://qlockify.ir`
- `http://api.qlockify.ir` redirects to `https://api.qlockify.ir`
- the main site is served from `https://qlockify.ir`
- the backend API, admin, docs, media, and static files are served from `https://api.qlockify.ir`

Make sure port `443` is open on the server firewall before starting the stack.

## SSE Notifications

Notifications now use Server-Sent Events at `/api/notifications/stream/`.

- Nginx disables buffering and cacheing for the SSE endpoint.
- The current Gunicorn setup can serve SSE for MVP traffic, but each live stream consumes a worker while connected.
- If notification concurrency grows, move the SSE endpoint to an async worker class or a dedicated ASGI process.