Use dedicated host port 2569 for hamkadr (avoids the 8090 conflict)

docker-compose.yml HOST_PORT default → 2569; nginx vhost proxy_pass → 127.0.0.1:2569; DEPLOY.md updated. Set HOST_PORT=2569 in the ENV_FILE secret.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

DEPLOY.md

@@ -7,7 +7,7 @@ TLS for `hamkadr.ir` and reverse-proxies to the app.
 ## Architecture & open ports
 
 ```
-Internet ──443/80──► nginx (host, existing)  ──► 127.0.0.1:8090 ──► hamkadr_api (container :8080)
+Internet ──443/80──► nginx (host, existing)  ──► 127.0.0.1:2569 ──► hamkadr_api (container :8080)
                                                                          │ internal docker net
                                                                          ▼
                                                                    hamkadr_db (postgres, no host port)
@@ -18,7 +18,7 @@ Internet ──443/80──► nginx (host, existing)  ──► 127.0.0.1:8090
 | 22   | ✅ (ideally IP-restricted) | SSH |
 | 80   | ✅ | HTTP → 443 redirect + Let's Encrypt ACME |
 | 443  | ✅ | HTTPS `hamkadr.ir` |
-| 8090 | ❌ host-localhost only | app, reached only by nginx |
+| 2569 | ❌ host-localhost only | app, reached only by nginx |
 | 5432 | ❌ internal docker net only | Postgres — never published |
 
 `ufw` should be exactly: `allow 22, 80, 443`. Nothing else. (80/443 are already open since nginx
@@ -56,7 +56,7 @@ Set at `https://git.soroushasadi.com/soroushdes/hamkadr/settings/secrets` → ke
 
 ```dotenv
 # host port nginx proxies to (must match deploy/nginx-hamkadr.ir.conf)
-HOST_PORT=8090
+HOST_PORT=2569
 
 # Postgres — generate a strong password: openssl rand -hex 24
 POSTGRES_DB=hamkadr