feat: add Docker deployment configuration

- Add server Dockerfile with multi-stage build
- Add frontend Dockerfile with Nginx
- Add docker-compose.yml for orchestration
- Add Nginx config with SSL support
- Add deployment documentation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

deploy/Dockerfile.frontend

@@ -0,0 +1,41 @@
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+# Install pnpm
+RUN npm install -g pnpm
+
+# Copy workspace files
+COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
+COPY packages/shared ./packages/shared
+COPY packages/client-screen ./packages/client-screen
+COPY packages/client-mobile ./packages/client-mobile
+
+# Install dependencies
+RUN pnpm install --frozen-lockfile
+
+# Build shared package
+WORKDIR /app/packages/shared
+RUN pnpm build
+
+# Build client-screen
+WORKDIR /app/packages/client-screen
+RUN pnpm build
+
+# Build client-mobile
+WORKDIR /app/packages/client-mobile
+RUN pnpm build
+
+# Production stage - Nginx
+FROM nginx:alpine
+
+# Copy built files
+COPY --from=builder /app/packages/client-screen/dist /usr/share/nginx/html/screen
+COPY --from=builder /app/packages/client-mobile/dist /usr/share/nginx/html/mobile
+
+# Copy nginx config
+COPY deploy/nginx.conf /etc/nginx/nginx.conf
+
+EXPOSE 80 443
+
+CMD ["nginx", "-g", "daemon off;"]

deploy/nginx.conf

@@ -0,0 +1,73 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    sendfile on;
+    keepalive_timeout 65;
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml;
+
+    # Upstream for API server
+    upstream api_server {
+        server server:3000;
+    }
+
+    server {
+        listen 80;
+        server_name _;
+
+        # Redirect HTTP to HTTPS (uncomment when SSL is configured)
+        # return 301 https://$host$request_uri;
+
+        # Mobile client (default)
+        location / {
+            root /usr/share/nginx/html/mobile;
+            index index.html;
+            try_files $uri $uri/ /index.html;
+        }
+
+        # Screen client
+        location /screen {
+            alias /usr/share/nginx/html/screen;
+            index index.html;
+            try_files $uri $uri/ /screen/index.html;
+        }
+
+        # API proxy
+        location /api {
+            proxy_pass http://api_server;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # WebSocket proxy
+        location /socket.io {
+            proxy_pass http://api_server;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_read_timeout 86400;
+        }
+    }
+}

deploy/nginx.ssl.conf

@@ -0,0 +1,80 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent"';
+
+    access_log /var/log/nginx/access.log main;
+    sendfile on;
+    keepalive_timeout 65;
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml;
+
+    upstream api_server {
+        server server:3000;
+    }
+
+    # HTTP -> HTTPS redirect
+    server {
+        listen 80;
+        server_name _;
+        return 301 https://$host$request_uri;
+    }
+
+    # HTTPS server
+    server {
+        listen 443 ssl http2;
+        server_name _;
+
+        ssl_certificate /etc/nginx/ssl/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers HIGH:!aNULL:!MD5;
+
+        # Mobile client (default)
+        location / {
+            root /usr/share/nginx/html/mobile;
+            index index.html;
+            try_files $uri $uri/ /index.html;
+        }
+
+        # Screen client
+        location /screen {
+            alias /usr/share/nginx/html/screen;
+            index index.html;
+            try_files $uri $uri/ /screen/index.html;
+        }
+
+        # API proxy
+        location /api {
+            proxy_pass http://api_server;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # WebSocket proxy
+        location /socket.io {
+            proxy_pass http://api_server;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_read_timeout 86400;
+        }
+    }
+}