security: clean repository without media files and sensitive data

- Removed area/ directory with 816MB of media files
- Removed sensitive FTP credentials from Git history
- Implemented .env.upload system for secure deployments
- Added comprehensive .gitignore for future protection

This commit represents a clean slate with all sensitive data removed.

backend/public/.nginx

@@ -0,0 +1,46 @@
+# nginx Konfiguration für React + PHP Backend
+# Diese Datei sollte als .nginx im public/ Verzeichnis liegen
+
+# API-Routen an PHP weiterleiten
+location /api/ {
+    try_files $uri /index.php?$args;
+}
+
+# Area-Dateien an PHP weiterleiten (für statische Asset-Auslieferung)
+location /area/ {
+    try_files $uri /index.php?$args;
+}
+
+# Statische React Assets direkt ausliefern
+location /static/ {
+    expires 1y;
+    add_header Cache-Control "public, immutable";
+    add_header Access-Control-Allow-Origin "*";
+    try_files $uri =404;
+}
+
+# React Assets (JSON, ICO, etc.)
+location ~* \.(json|ico|txt)$ {
+    expires 1d;
+    add_header Access-Control-Allow-Origin "*";
+    try_files $uri =404;
+}
+
+# PHP-Dateien verarbeiten
+location ~ \.php$ {
+    include fastcgi_params;
+    fastcgi_intercept_errors on;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    try_files $uri =404;
+    fastcgi_read_timeout 3600;
+    fastcgi_send_timeout 3600;
+    fastcgi_param HTTPS "on";
+    fastcgi_param SERVER_PORT 443;
+    fastcgi_pass 127.0.0.1:9000;
+}
+
+# React SPA Fallback - alle anderen Routen auf index.html weiterleiten
+location / {
+    try_files $uri $uri/ /index.html;
+}