🎉 Added production setup documentation and scripts, improved firewall configuration, and updated systemd services for production environment. 🖥️🔒📡

backend/systemd/myp-production.service

@@ -0,0 +1,69 @@
+[Unit]
+Description=MYP Druckerverwaltung HTTPS Production Server (Port 443 Only)
+Documentation=https://github.com/MYP-Druckerverwaltung
+After=network.target network-online.target
+Wants=network-online.target
+Requires=network.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+WorkingDirectory=/opt/myp
+
+# Produktions-App mit HTTPS-Only auf Port 443
+ExecStart=/usr/bin/python3 /opt/myp/app_production.py
+Restart=always
+RestartSec=10
+StartLimitBurst=5
+StartLimitInterval=300
+
+# Umgebungsvariablen für Produktionsbetrieb
+Environment=PYTHONUNBUFFERED=1
+Environment=FLASK_ENV=production
+Environment=FLASK_HOST=0.0.0.0
+Environment=FLASK_PORT=443
+Environment=PYTHONPATH=/opt/myp
+Environment=LC_ALL=C.UTF-8
+Environment=LANG=C.UTF-8
+Environment=KIOSK_MODE=true
+Environment=USE_OPTIMIZED_CONFIG=true
+Environment=HTTPS_ONLY=true
+Environment=SSL_REQUIRED=true
+
+# Logging-Konfiguration
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=myp-production
+
+# Sicherheitseinstellungen für Produktionsbetrieb
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/myp
+ReadWritePaths=/var/log
+
+# Netzwerk-Sicherheit
+PrivateNetwork=false
+RestrictAddressFamilies=AF_INET AF_INET6
+IPAddressDeny=any
+IPAddressAllow=localhost
+IPAddressAllow=127.0.0.0/8
+IPAddressAllow=10.0.0.0/8
+IPAddressAllow=192.168.0.0/16
+IPAddressAllow=172.16.0.0/12
+
+# Ressourcen-Limits
+LimitNOFILE=65536
+LimitNPROC=4096
+MemoryHigh=512M
+MemoryMax=1G
+CPUQuota=80%
+
+# Capabilities für Port 443 (privilegierter Port)
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target