chore: complete update

ansible/netcup-simple-deploy/roles/webapp/templates/app.env.j2

@@ -0,0 +1,12 @@
+# Environment variables for {{ app_name }}
+
+{% for key, value in app_env.items() %}
+{{ key }}={{ value }}
+{% endfor %}
+
+# Deployment info
+DEPLOYED_AT={{ ansible_date_time.iso8601 }}
+DEPLOYED_BY=ansible
+SERVER_NAME={{ inventory_hostname }}
+
+APP_PORT=8000

ansible/netcup-simple-deploy/roles/webapp/templates/nginx-site.conf.j2

@@ -0,0 +1,53 @@
+server {
+    listen 80;
+    server_name {{ domain }};
+    
+    # HTTP to HTTPS redirect (wird von Certbot hinzugefügt)
+    
+    location / {
+        proxy_pass http://127.0.0.1:{{ app_port }};  # Weiterleitung zu PHP-Container
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+        
+        # PHP-spezifische Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+        
+        # File upload für PHP
+        client_max_body_size {{ nginx_client_max_body_size }};
+    }
+    
+    # Assets (CSS, JS, Bilder) direkt servieren falls gewünscht
+    location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        proxy_pass http://127.0.0.1:{{ app_port }};
+        proxy_cache_valid 200 1d;
+        expires 1d;
+        add_header Cache-Control "public, immutable";
+    }
+    
+    # PHP-Admin Tools (falls vorhanden) schützen
+    location ~ /(admin|phpmyadmin|adminer) {
+        proxy_pass http://127.0.0.1:{{ app_port }};
+        
+        # Basis Auth hier hinzufügen falls gewünscht
+        # auth_basic "Admin Area";
+        # auth_basic_user_file /etc/nginx/.htpasswd;
+    }
+    
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # Gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+}