security: clean repository without media files and sensitive data

- Removed area/ directory with 816MB of media files
- Removed sensitive FTP credentials from Git history
- Implemented .env.upload system for secure deployments
- Added comprehensive .gitignore for future protection

This commit represents a clean slate with all sensitive data removed.

deployment/nginx/README.md

@@ -0,0 +1,45 @@
+# nginx Configuration for AdsPreview React
+
+Diese Datei enthält eine Beispiel-nginx-Konfiguration für die AdsPreview React Anwendung.
+
+## Installation
+
+1. **Konfiguration kopieren:**
+   ```bash
+   sudo cp adspreview-react.example.conf /etc/nginx/sites-available/adspreview-react
+   ```
+
+2. **Konfiguration anpassen:**
+   - `server_name` auf Ihre Domain ändern
+   - Pfade entsprechend Ihrer Installation anpassen
+   - SSL-Zertifikate konfigurieren (falls HTTPS)
+
+3. **Site aktivieren:**
+   ```bash
+   sudo ln -s /etc/nginx/sites-available/adspreview-react /etc/nginx/sites-enabled/
+   ```
+
+4. **nginx testen und neustarten:**
+   ```bash
+   sudo nginx -t
+   sudo systemctl restart nginx
+   ```
+
+## Features
+
+- **SPA Routing:** React Router wird korrekt unterstützt
+- **API Proxy:** `/api/` Requests werden an PHP Backend weitergeleitet
+
+## Pfad-Anpassungen
+
+Stellen Sie sicher, dass folgende Pfade korrekt sind:
+
+- `root /var/www/adspreview-react/build;` - Pfad zum Built React App
+- `proxy_pass http://example.com;` - PHP Backend URL
+- SSL Zertifikat-Pfade (falls HTTPS verwendet wird)
+
+## Troubleshooting
+
+- **404 bei React Routes:** Überprüfen Sie `try_files $uri $uri/ /index.html;`
+- **API Calls funktionieren nicht:** Prüfen Sie Backend-URL und -Port
+- **Static Assets laden nicht:** Überprüfen Sie `root` Pfad

deployment/nginx/adspreview-react.example.conf

@@ -0,0 +1,121 @@
+# nginx configuration for AdsPreview React Application
+# Copy this file to your nginx sites-available directory and adjust paths as needed
+# Example: sudo cp adspreview-react.example.conf /etc/nginx/sites-available/adspreview-react
+# Then: sudo ln -s /etc/nginx/sites-available/adspreview-react /etc/nginx/sites-enabled/
+
+server {
+  listen 80;
+  listen [::]:80;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  {{ssl_certificate_key}}
+  {{ssl_certificate}}
+  server_name adspreview.example.com;
+  root /home/adspreview/htdocs/adspreview.example.com/public;
+
+  {{nginx_access_log}}
+  {{nginx_error_log}}
+
+  if ($scheme != "https") {
+    rewrite ^ https://$host$uri permanent;
+  }
+
+  location ~ /.well-known {
+    auth_basic off;
+    allow all;
+  }
+
+  {{settings}}
+
+  location / {
+    {{varnish_proxy_pass}}
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_hide_header X-Varnish;
+    proxy_redirect off;
+    proxy_max_temp_file_size 0;
+    proxy_connect_timeout      720;
+    proxy_send_timeout         720;
+    proxy_read_timeout         720;
+    proxy_buffer_size          128k;
+    proxy_buffers              4 256k;
+    proxy_busy_buffers_size    256k;
+    proxy_temp_file_write_size 256k;
+  }
+
+  # Statische Assets über Proxy weiterleiten
+  location /static/ {
+    {{varnish_proxy_pass}}
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_hide_header X-Varnish;
+    expires 1y;
+    add_header Cache-Control "public, immutable";
+    add_header Access-Control-Allow-Origin "*";
+  }
+
+  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map|mjs)$ {
+    add_header Access-Control-Allow-Origin "*";
+    expires max;
+    access_log off;
+  }
+
+  location ~ /\.(ht|svn|git) {
+    deny all;
+  }
+
+  if (-f $request_filename) {
+    break;
+  }
+}
+
+server {
+  listen 8080;
+  listen [::]:8080;
+  server_name adspreview.example.com;
+  root /home/adspreview/htdocs/adspreview.example.com/public;
+
+  index index.html index.php;
+
+  # Area-Ordner direkt ausliefern (Alias!)
+  location /area/ {
+    alias /home/adspreview/htdocs/adspreview.example.com/area/;
+    autoindex off;
+  }
+
+  # API-Requests immer an index.php
+  location ~ ^/api/ {
+    try_files $uri $uri/ /index.php?$args;
+  }
+
+  # Statische Assets (CSS, JS, Bilder, etc.)
+  location /static/ {
+    expires 1y;
+    add_header Cache-Control "public, immutable";
+    try_files $uri =404;
+  }
+
+  # PHP-Dateien verarbeiten
+  location ~ \.php$ {
+    include fastcgi_params;
+    fastcgi_intercept_errors on;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    try_files $uri =404;
+    fastcgi_read_timeout 3600;
+    fastcgi_send_timeout 3600;
+    fastcgi_param HTTPS "on";
+    fastcgi_param SERVER_PORT 443;
+    fastcgi_pass 127.0.0.1:{{php_fpm_port}};
+    fastcgi_param PHP_VALUE "{{php_settings}}";
+  }
+
+  # React SPA Fallback - alle anderen Routen auf index.html weiterleiten
+  location / {
+    try_files $uri $uri/ /index.html;
+  }
+}