feat: add production deployment configs

- PM2 cluster mode (2 API workers + 1 Next.js)
- Nginx reverse proxy with SSL, rate limiting, security headers
- Automated backup script with daily/weekly rotation
- PostgreSQL production tuning script (300 connections, 4GB shared_buffers)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

scripts/backup.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+# Horux360 Database Backup Script
+# Backs up all databases (central + tenant) with daily/weekly rotation
+# Requires: .pgpass file at /root/.pgpass with format: localhost:5432:*:postgres:<password>
+#
+# Usage: Add to crontab:
+#   0 1 * * * /root/Horux/scripts/backup.sh >> /var/log/horux-backup.log 2>&1
+
+set -euo pipefail
+
+BACKUP_DIR="/var/horux/backups"
+DAILY_DIR="$BACKUP_DIR/daily"
+WEEKLY_DIR="$BACKUP_DIR/weekly"
+PG_USER="postgres"
+PG_HOST="localhost"
+DATE=$(date +%Y-%m-%d)
+DAY_OF_WEEK=$(date +%u)
+
+# Retention
+DAILY_KEEP=7
+WEEKLY_KEEP=4
+
+echo "=== Horux360 Backup Started: $(date) ==="
+
+# Create directories
+mkdir -p "$DAILY_DIR" "$WEEKLY_DIR"
+
+# Get list of all horux databases (central + tenant)
+DATABASES=$(psql -h "$PG_HOST" -U "$PG_USER" -t -c \
+  "SELECT datname FROM pg_database WHERE datname = 'horux360' OR datname LIKE 'horux_%' AND datname NOT LIKE '%_deleted_%'" \
+  | tr -d ' ')
+
+TOTAL=0
+ERRORS=0
+
+for DB in $DATABASES; do
+  echo "Backing up: $DB"
+  DUMP_FILE="$DAILY_DIR/${DB}_${DATE}.sql.gz"
+
+  if pg_dump -h "$PG_HOST" -U "$PG_USER" "$DB" | gzip > "$DUMP_FILE"; then
+    # Verify file is not empty
+    if [ -s "$DUMP_FILE" ]; then
+      TOTAL=$((TOTAL + 1))
+      echo "  OK: $(du -h "$DUMP_FILE" | cut -f1)"
+    else
+      echo "  WARNING: Empty backup file for $DB"
+      rm -f "$DUMP_FILE"
+      ERRORS=$((ERRORS + 1))
+    fi
+  else
+    echo "  ERROR: Failed to backup $DB"
+    ERRORS=$((ERRORS + 1))
+  fi
+done
+
+# Weekly backup on Sundays (day 7)
+if [ "$DAY_OF_WEEK" -eq 7 ]; then
+  echo "Creating weekly backup..."
+  cp "$DAILY_DIR"/*_"${DATE}".sql.gz "$WEEKLY_DIR/" 2>/dev/null || true
+fi
+
+# Clean old daily backups
+echo "Cleaning daily backups older than $DAILY_KEEP days..."
+find "$DAILY_DIR" -name "*.sql.gz" -mtime "+$DAILY_KEEP" -delete
+
+# Clean old weekly backups
+echo "Cleaning weekly backups older than $WEEKLY_KEEP weeks..."
+find "$WEEKLY_DIR" -name "*.sql.gz" -mtime "+$((WEEKLY_KEEP * 7))" -delete
+
+echo "=== Backup Complete: $TOTAL databases backed up, $ERRORS errors ==="
+echo "=== Finished: $(date) ==="

scripts/tune-postgres.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+# PostgreSQL Production Tuning for Horux360
+# Server: 32GB RAM, 8 cores
+# Target: 50 tenants, PM2 cluster ×2
+#
+# Run once: sudo bash scripts/tune-postgres.sh
+
+set -euo pipefail
+
+echo "=== PostgreSQL Production Tuning ==="
+
+sudo -u postgres psql -c "ALTER SYSTEM SET max_connections = 300;"
+sudo -u postgres psql -c "ALTER SYSTEM SET shared_buffers = '4GB';"
+sudo -u postgres psql -c "ALTER SYSTEM SET work_mem = '16MB';"
+sudo -u postgres psql -c "ALTER SYSTEM SET effective_cache_size = '16GB';"
+sudo -u postgres psql -c "ALTER SYSTEM SET maintenance_work_mem = '512MB';"
+sudo -u postgres psql -c "ALTER SYSTEM SET checkpoint_completion_target = 0.9;"
+sudo -u postgres psql -c "ALTER SYSTEM SET wal_buffers = '64MB';"
+sudo -u postgres psql -c "ALTER SYSTEM SET random_page_cost = 1.1;"
+
+echo "Settings applied. Restarting PostgreSQL..."
+sudo systemctl restart postgresql
+
+echo "Verifying settings..."
+sudo -u postgres psql -c "SHOW max_connections; SHOW shared_buffers; SHOW work_mem;"
+
+echo "=== Done ==="