docs: update README — remove chmod, add two-var env model, full NPM nginx config

README.md

@@ -28,10 +28,12 @@ Self-hosted Supabase stack + bilingual (DE/EN) public website + lead-management
 ### Via Portainer (recommended)
 
 1. Clone the repo onto the host: `git clone <repo> /mnt/user/appdata/mc-cars`
-2. `chmod +x /mnt/user/appdata/mc-cars/frontend/99-config.sh /mnt/user/appdata/mc-cars/supabase/migrations/00-run-init.sh`
+2. `mkdir -p /mnt/user/appdata/mc-cars/data/{db,storage}`
-3. `mkdir -p /mnt/user/appdata/mc-cars/data/{db,storage}`
+3. Edit `.env`: set `SITE_URL` and `SUPABASE_PUBLIC_URL` to your domain (see below)
 4. Portainer → Stacks → Add stack → paste `docker-compose.yml` → paste `.env` into Environment variables → Deploy.
 
+> No `chmod` needed. `config.js` is generated by an inline shell command in `docker-compose.yml`, not a bind-mounted script file.
+
 ### Via CLI
 
 ```bash
@@ -77,6 +79,24 @@ The admin is seeded with `must_change_password = true` in `raw_user_meta_data`.
 - RPCs: `qualify_lead(uuid, text)`, `disqualify_lead(uuid, text)`, `reopen_lead(uuid)` — transactional, `SECURITY INVOKER`, `authenticated` only.
 - Realtime: `supabase_realtime` publication broadcasts inserts/updates on leads, customers, vehicles.
 
+## Environment: two variables per deployment
+
+Only two lines in `.env` need changing between environments:
+
+| Variable | Local dev | Production |
+|---|---|---|
+| `SITE_URL` | `http://localhost:55580` | `https://your.domain.com` |
+| `SUPABASE_PUBLIC_URL` | `http://localhost:55521` | `https://your.domain.com` |
+
+All other GoTrue URLs (`API_EXTERNAL_URL`, `GOTRUE_SITE_URL`, `GOTRUE_URI_ALLOW_LIST`) are derived automatically in `docker-compose.yml`.
+
+On the NAS:
+```bash
+sed -i 's|SITE_URL=.*|SITE_URL=https://your.domain.com|' .env
+sed -i 's|SUPABASE_PUBLIC_URL=.*|SUPABASE_PUBLIC_URL=https://your.domain.com|' .env
+docker compose up -d --force-recreate web
+```
+
 ## Deployment & portability
 
 Runtime state under `/mnt/user/appdata/mc-cars/data/`:
@@ -89,11 +109,49 @@ data/
 
 All bind mounts in `docker-compose.yml` use absolute paths under `/mnt/user/appdata/mc-cars`. Clone the repo there, deploy as a Portainer stack, done. No `build:` steps — every service pulls a pre-built image.
 
-To put behind **Nginx Proxy Manager** with a single public domain (`cars.yourdomain.com`):
+To put behind **Nginx Proxy Manager** with a single public domain:
-- Proxy `/` → `mccars-web:80` (or `<host>:55580`)
+
-- Custom locations `/auth/v1/`, `/rest/v1/`, `/realtime/v1/`, `/storage/v1/` → `mccars-kong:8000` (or `<host>:55521`)
+*Details tab:* Scheme `http`, Forward to `<NAS IP>:55580`, **Cache Assets OFF**, **Websockets Support ON**.
-- Do **not** expose `/pg/` or Studio publicly.
+
-- Update `.env` URLs to `https://cars.yourdomain.com`.
+*SSL tab:* your cert, **Force SSL ON**, **HTTP/2 Support ON**.
+
+*Advanced tab (⚙️):* paste these location blocks:
+
+```nginx
+location /auth/v1/ {
+    proxy_pass http://<NAS IP>:55521;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+location /rest/v1/ {
+    proxy_pass http://<NAS IP>:55521;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+location /realtime/v1/ {
+    proxy_pass http://<NAS IP>:55521;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+}
+location /storage/v1/ {
+    proxy_pass http://<NAS IP>:55521;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+```
+
+Do **not** expose `/pg/` or Studio publicly.
 
 ## Project layout
 
@@ -110,14 +168,12 @@ MC Cars/
 │       ├── post-boot.sql      # admin user (must_change_password) + bucket row
 │       └── 02-leads.sql       # leads, customers, RPCs, realtime publication
 ├── frontend/
-│   ├── Dockerfile             # (legacy, not used in Portainer deploy)
-│   ├── 99-config.sh           # entrypoint: injects config.js with anon key
 │   ├── nginx.conf
 │   ├── index.html             # public DE/EN site, booking form -> leads
 │   ├── admin.html             # auth-gated CRM
 │   ├── app.js
 │   ├── admin.js               # realtime + qualify/disqualify + password change
-│   ├── config.js              # anon-only runtime config (generated at boot)
+│   ├── config.js              # generated at container start (git-ignored)
 │   ├── i18n.js
 │   ├── styles.css
 │   ├── impressum.html