[FEAT] Add separate frontend/backend Ingress and runtime API_URL configuration

- Add two Ingress: peikarband.ir (frontend) and api.peikarband.ir (backend)
- Add runtime script to update .web/env.json from API_URL env var
- Remove --backend-only flag to enable both frontend and backend
- Configure API_URL from Helm values instead of build-time args
- Update .dockerignore to include update-env-json.sh script

helm/peikarband/templates/ingress.yaml

@@ -1,8 +1,9 @@
 {{- if .Values.ingress.enabled -}}
+# Frontend Ingress (peikarband.ir -> port 3000)
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ include "peikarband.fullname" . }}
+  name: {{ include "peikarband.fullname" . }}-frontend
   labels:
     {{- include "peikarband.labels" . | nindent 4 }}
   {{- with .Values.ingress.annotations }}
@@ -35,8 +36,50 @@ spec:
               service:
                 name: {{ include "peikarband.fullname" $ }}
                 port:
-                  number: {{ $.Values.service.backend.port }}
+                  number: {{ $.Values.service.frontend.port }}
           {{- end }}
     {{- end }}
 {{- end }}
 
+{{- if .Values.ingress.apiEnabled -}}
+# Backend API Ingress (api.peikarband.ir -> port 8000)
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "peikarband.fullname" . }}-api
+  labels:
+    {{- include "peikarband.labels" . | nindent 4 }}
+  {{- with .Values.ingress.apiAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.apiTls }}
+  tls:
+    {{- range .Values.ingress.apiTls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.apiHosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "peikarband.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.backend.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}

helm/peikarband/values-production.yaml

@@ -27,7 +27,7 @@ appSecrets:
 
 # Reflex configuration for production
 reflex:
-  apiUrl: "https://peikarband.ir"  # Production API URL
+  apiUrl: "https://api.peikarband.ir"  # Production API URL (backend)
 
 podAnnotations:
   prometheus.io/scrape: "true"
@@ -72,6 +72,22 @@ ingress:
       hosts:
         - peikarband.ir
         - www.peikarband.ir
+  
+  # Backend API Ingress (api.peikarband.ir -> port 8000)
+  apiEnabled: true
+  apiAnnotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+    traefik.ingress.kubernetes.io/router.tls: "true"
+  apiHosts:
+    - host: api.peikarband.ir
+      paths:
+        - path: /
+          pathType: Prefix
+  apiTls:
+    - secretName: peikarband-api-tls
+      hosts:
+        - api.peikarband.ir
 
 postgresql:
   enabled: false  # Using SQLite for now

helm/peikarband/values.yaml

@@ -81,6 +81,15 @@ ingress:
       hosts:
         - peikarband.ir
         - www.peikarband.ir
+  
+  # Backend API Ingress (api.peikarband.ir -> port 8000)
+  apiEnabled: false  # Enable in production values
+  apiAnnotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+    traefik.ingress.kubernetes.io/router.tls: "true"
+  apiHosts: []
+  apiTls: []
 
 resources:
   limits: