Add HTTPS/SSL security configuration

- Update nginx config for HTTPS with Let's Encrypt certificates
- Add HTTP to HTTPS redirect
- Configure SSL security headers and HSTS
- Add Django HTTPS security settings for production
- Fix proxy_pass to use correct port 8081
- Enhance Content Security Policy for HTTPS

app/core/settings.py

@@ -119,3 +119,15 @@ GRAMPS_API_TOKEN = os.environ.get("GRAMPS_API_TOKEN", "")
 GRAMPS_STIFTER_IDS = os.environ.get("GRAMPS_STIFTER_IDS", "")  # comma-separated
 GRAMPS_USERNAME = os.environ.get("GRAMPS_USERNAME", "")
 GRAMPS_PASSWORD = os.environ.get("GRAMPS_PASSWORD", "")
+
+# HTTPS Security Settings (production)
+if not DEBUG:
+    SECURE_SSL_REDIRECT = True
+    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+    SECURE_BROWSER_XSS_FILTER = True
+    SECURE_CONTENT_TYPE_NOSNIFF = True
+    SECURE_HSTS_SECONDS = 31536000  # 1 year
+    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+    SECURE_HSTS_PRELOAD = True