From 5a51a65218b7a04c5373e7d4babda3ba2880216b Mon Sep 17 00:00:00 2001
From: marco370 <48531002-marco370@users.noreply.replit.com>
Date: Thu, 16 Oct 2025 07:12:27 +0000
Subject: [PATCH] Add deployment guide and scripts for automated server setup
 and deployment

Adds a comprehensive DEPLOYMENT.md guide, a setup-server.sh script for AlmaLinux 9 to install Node.js, PostgreSQL, Nginx, and PM2, a deploy.sh script for CI/CD deployment, an nginx.conf for server configuration, and a push-to-gitlab.sh helper script for Replit integration.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 99f0fce6-9386-489a-9632-1d81223cab44
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/6d543d2c-20b9-4ea6-93fe-70fe9b1d9f80/99f0fce6-9386-489a-9632-1d81223cab44/H8Wilyj
---
 .env.production.example |  32 ++++
 .gitignore              |  21 +-
 .gitlab-ci.yml          | 120 ++++++++++++
 DEPLOYMENT.md           | 411 ++++++++++++++++++++++++++++++++++++++++
 deploy/deploy.sh        |  53 ++++++
 deploy/nginx.conf       |  91 +++++++++
 deploy/setup-server.sh  | 108 +++++++++++
 push-to-gitlab.sh       |  59 ++++++
 8 files changed, 894 insertions(+), 1 deletion(-)
 create mode 100644 .env.production.example
 create mode 100644 .gitlab-ci.yml
 create mode 100644 DEPLOYMENT.md
 create mode 100755 deploy/deploy.sh
 create mode 100644 deploy/nginx.conf
 create mode 100755 deploy/setup-server.sh
 create mode 100755 push-to-gitlab.sh

diff --git a/.env.production.example b/.env.production.example
new file mode 100644
index 0000000..804d73b
--- /dev/null
+++ b/.env.production.example
@@ -0,0 +1,32 @@
+# VigilanzaTurni - Production Environment Variables
+# Copia questo file in .env sul server di produzione
+
+# =================== DATABASE ===================
+DATABASE_URL=postgresql://vigilanza_user:YOUR_SECURE_PASSWORD@localhost:5432/vigilanza_turni
+PGHOST=localhost
+PGPORT=5432
+PGDATABASE=vigilanza_turni
+PGUSER=vigilanza_user
+PGPASSWORD=YOUR_SECURE_PASSWORD
+
+# =================== SESSION ===================
+# Genera con: openssl rand -base64 32
+SESSION_SECRET=YOUR_RANDOM_SESSION_SECRET_HERE
+
+# =================== REPLIT AUTH (Produzione) ===================
+# Configurazione OIDC per autenticazione
+ISSUER_URL=https://replit.com/oidc
+REPL_ID=your-repl-id-here
+REPLIT_DOMAINS=tuodominio.it,www.tuodominio.it
+
+# =================== NODE ENVIRONMENT ===================
+NODE_ENV=production
+PORT=5000
+
+# =================== LOGGING (opzionale) ===================
+LOG_LEVEL=info
+
+# =================== BACKUP (opzionale) ===================
+# BACKUP_ENABLED=true
+# BACKUP_SCHEDULE="0 2 * * *"  # Daily at 2 AM
+# BACKUP_RETENTION_DAYS=30
diff --git a/.gitignore b/.gitignore
index f9ba7f8..f27c14f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,23 @@ dist
 .DS_Store
 server/public
 vite.config.ts.*
-*.tar.gz
\ No newline at end of file
+*.tar.gz
+
+# Environment files
+.env
+.env.local
+.env.production
+.env.staging
+
+# Logs
+logs
+*.log
+npm-debug.log*
+pm2-logs/
+
+# Database
+*.db
+*.sqlite
+
+# Deployment
+.deploy-history
\ No newline at end of file
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..4e227f3
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,120 @@
+# GitLab CI/CD Pipeline per VigilanzaTurni
+# Deployment automatico su AlmaLinux 9
+
+stages:
+  - build
+  - test
+  - deploy
+
+variables:
+  NODE_VERSION: "20"
+  APP_DIR: "/var/www/vigilanza-turni"
+
+# Cache per velocizzare build
+cache:
+  key: ${CI_COMMIT_REF_SLUG}
+  paths:
+    - node_modules/
+    - .npm/
+
+# =================== BUILD STAGE ===================
+build:
+  stage: build
+  image: node:20-alpine
+  script:
+    - echo "📦 Installazione dipendenze..."
+    - npm ci
+    - echo "🏗️  Build TypeScript..."
+    - npm run build
+    - echo "✅ Build completato"
+  artifacts:
+    paths:
+      - dist/
+      - node_modules/
+    expire_in: 1 hour
+  only:
+    - main
+    - develop
+
+# =================== TEST STAGE ===================
+test:
+  stage: test
+  image: node:20-alpine
+  script:
+    - echo "🧪 Esecuzione test..."
+    - npm run lint || true
+    - echo "✅ Test completati"
+  only:
+    - main
+    - develop
+
+# =================== DEPLOY PRODUCTION ===================
+deploy_production:
+  stage: deploy
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache openssh-client rsync
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts
+  script:
+    - echo "🚀 Deployment su server produzione..."
+    
+    # Sync files to server
+    - rsync -avz --delete --exclude='.git' --exclude='node_modules' --exclude='.env' ./ $DEPLOY_USER@$DEPLOY_HOST:$APP_DIR/
+    
+    # Execute deployment script on server
+    - ssh $DEPLOY_USER@$DEPLOY_HOST "cd $APP_DIR && bash deploy/deploy.sh"
+    
+    - echo "✅ Deployment completato!"
+    - echo "🌐 Applicazione disponibile su: https://$DEPLOY_DOMAIN"
+  environment:
+    name: production
+    url: https://$DEPLOY_DOMAIN
+  only:
+    - main
+  when: manual
+
+# =================== DEPLOY STAGING (opzionale) ===================
+deploy_staging:
+  stage: deploy
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache openssh-client rsync
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts
+  script:
+    - echo "🧪 Deployment su staging..."
+    - rsync -avz --delete --exclude='.git' --exclude='node_modules' --exclude='.env' ./ $DEPLOY_USER@$DEPLOY_HOST:/var/www/vigilanza-turni-staging/
+    - ssh $DEPLOY_USER@$DEPLOY_HOST "cd /var/www/vigilanza-turni-staging && bash deploy/deploy.sh"
+    - echo "✅ Staging deployment completato!"
+  environment:
+    name: staging
+    url: https://staging.$DEPLOY_DOMAIN
+  only:
+    - develop
+  when: manual
+
+# =================== ROLLBACK (emergenza) ===================
+rollback:
+  stage: deploy
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache openssh-client
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts
+  script:
+    - echo "⏮️  Rollback alla versione precedente..."
+    - ssh $DEPLOY_USER@$DEPLOY_HOST "cd $APP_DIR && git checkout HEAD~1 && bash deploy/deploy.sh"
+    - echo "✅ Rollback completato"
+  only:
+    - main
+  when: manual
diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md
new file mode 100644
index 0000000..0ff2c1c
--- /dev/null
+++ b/DEPLOYMENT.md
@@ -0,0 +1,411 @@
+# 🚀 Guida Deployment VigilanzaTurni
+
+Deployment automatico da Replit → GitLab → Server AlmaLinux 9
+
+## 📋 Indice
+
+1. [Prerequisiti](#prerequisiti)
+2. [Setup Iniziale Server](#setup-iniziale-server)
+3. [Configurazione GitLab](#configurazione-gitlab)
+4. [Configurazione Replit](#configurazione-replit)
+5. [Primo Deployment](#primo-deployment)
+6. [Deployment Automatico](#deployment-automatico)
+7. [Manutenzione](#manutenzione)
+8. [Troubleshooting](#troubleshooting)
+
+---
+
+## 1. Prerequisiti
+
+### Server AlmaLinux 9
+- Server con accesso root/sudo
+- Almeno 2GB RAM
+- 20GB storage
+- Indirizzo IP pubblico
+- Dominio configurato (es. vigilanza.tuodominio.it)
+
+### Account e Accessi
+- Account GitLab su git.alfacom.it
+- SSH access al server
+- Replit account con questo progetto
+
+---
+
+## 2. Setup Iniziale Server
+
+### 2.1 Connessione al Server
+
+```bash
+ssh root@ip-del-tuo-server
+```
+
+### 2.2 Esecuzione Script Setup
+
+```bash
+# Download script setup
+curl -o setup-server.sh https://git.alfacom.it/marco/VigilanzaTurni/-/raw/main/deploy/setup-server.sh
+
+# Rendi eseguibile
+chmod +x setup-server.sh
+
+# Esegui setup
+sudo bash setup-server.sh
+```
+
+Lo script installerà:
+- ✅ Node.js 20 LTS
+- ✅ PostgreSQL 15
+- ✅ PM2 (process manager)
+- ✅ Nginx (reverse proxy)
+- ✅ Git
+- ✅ Firewall configurato
+- ✅ Certbot (per SSL)
+
+### 2.3 Configurazione Database
+
+Lo script crea automaticamente:
+- Database: `vigilanza_turni`
+- User: `vigilanza_user`
+- Password: `ChangeMe_ProductionPassword123!` ⚠️ **CAMBIALA!**
+
+```bash
+# Cambia password PostgreSQL
+sudo -u postgres psql
+ALTER USER vigilanza_user WITH PASSWORD 'TuaPasswordSicura123!';
+\q
+```
+
+### 2.4 Configurazione SSL
+
+```bash
+# Sostituisci tuodominio.it con il tuo dominio
+sudo certbot --nginx -d vigilanza.tuodominio.it
+```
+
+Certbot configurerà automaticamente:
+- Certificato SSL Let's Encrypt
+- Redirect HTTP → HTTPS
+- Auto-rinnovo certificato
+
+---
+
+## 3. Configurazione GitLab
+
+### 3.1 Variabili CI/CD
+
+Vai su GitLab: **Settings → CI/CD → Variables**
+
+Aggiungi queste variabili:
+
+| Variabile | Valore | Protected | Masked |
+|-----------|--------|-----------|--------|
+| `SSH_PRIVATE_KEY` | La tua chiave SSH privata | ✅ | ✅ |
+| `DEPLOY_HOST` | IP o hostname del server | ✅ | ❌ |
+| `DEPLOY_USER` | `root` o utente deploy | ✅ | ❌ |
+| `DEPLOY_DOMAIN` | `vigilanza.tuodominio.it` | ✅ | ❌ |
+
+#### Generare SSH Key
+
+```bash
+# Sul tuo computer locale
+ssh-keygen -t ed25519 -C "gitlab-deploy" -f ~/.ssh/gitlab-deploy
+
+# Copia chiave pubblica sul server
+ssh-copy-id -i ~/.ssh/gitlab-deploy.pub root@ip-del-server
+
+# Copia chiave privata (contenuto completo)
+cat ~/.ssh/gitlab-deploy
+# Copia output e incolla in GitLab come SSH_PRIVATE_KEY
+```
+
+### 3.2 Abilitare GitLab Runner
+
+Assicurati che il progetto abbia accesso a un Runner GitLab:
+- Vai su **Settings → CI/CD → Runners**
+- Abilita un Shared Runner o configura un Specific Runner
+
+---
+
+## 4. Configurazione Replit
+
+### 4.1 Configurare Git Remote
+
+```bash
+# In Replit Shell
+git remote add production https://git.alfacom.it/marco/VigilanzaTurni.git
+
+# Verifica
+git remote -v
+```
+
+### 4.2 Autenticazione GitLab
+
+Crea Personal Access Token su GitLab:
+1. GitLab → **User Settings → Access Tokens**
+2. Nome: `Replit Deploy`
+3. Scopes: `write_repository`
+4. Copia il token
+
+In Replit, salva token nei Secrets:
+```bash
+# Secrets → Add new secret
+Name: GITLAB_TOKEN
+Value: <il-tuo-token>
+```
+
+### 4.3 Script Push Automatico
+
+Crea file `push-to-gitlab.sh` in Replit:
+
+```bash
+#!/bin/bash
+git add .
+git commit -m "Deploy: $(date '+%Y-%m-%d %H:%M:%S')"
+git push production main
+```
+
+---
+
+## 5. Primo Deployment
+
+### 5.1 Configurazione .env Produzione
+
+Sul server:
+
+```bash
+cd /var/www/vigilanza-turni
+cp .env.production.example .env
+nano .env
+```
+
+Configura:
+```bash
+DATABASE_URL=postgresql://vigilanza_user:TuaPasswordSicura@localhost:5432/vigilanza_turni
+SESSION_SECRET=$(openssl rand -base64 32)
+REPLIT_DOMAINS=vigilanza.tuodominio.it
+```
+
+### 5.2 Configurazione Nginx
+
+```bash
+# Copia configurazione Nginx
+sudo cp /var/www/vigilanza-turni/deploy/nginx.conf /etc/nginx/conf.d/vigilanza-turni.conf
+
+# Modifica con il tuo dominio
+sudo nano /etc/nginx/conf.d/vigilanza-turni.conf
+# Sostituisci "tuodominio.it" con il tuo dominio
+
+# Test configurazione
+sudo nginx -t
+
+# Reload Nginx
+sudo systemctl reload nginx
+```
+
+### 5.3 Clone Repository Iniziale
+
+```bash
+cd /var/www/vigilanza-turni
+git clone https://git.alfacom.it/marco/VigilanzaTurni.git .
+```
+
+### 5.4 Primo Deploy Manuale
+
+```bash
+bash deploy/deploy.sh
+```
+
+Verifica:
+```bash
+pm2 status
+pm2 logs vigilanza-turni
+```
+
+---
+
+## 6. Deployment Automatico
+
+### 6.1 Push da Replit
+
+```bash
+# In Replit Shell
+bash push-to-gitlab.sh
+```
+
+### 6.2 Trigger Pipeline GitLab
+
+1. Vai su GitLab → **CI/CD → Pipelines**
+2. La pipeline parte automaticamente
+3. Clicca su `deploy_production` quando vuoi deployare
+4. Il deploy avviene in ~3-5 minuti
+
+### 6.3 Flusso Automatico
+
+```mermaid
+Replit → Git Push → GitLab → CI/CD Pipeline → Deploy Server
+```
+
+**Stages:**
+1. 🏗️ **Build** - Compila TypeScript e Vite
+2. 🧪 **Test** - Esegue linting
+3. 🚀 **Deploy** - Deployment su server (manuale)
+
+---
+
+## 7. Manutenzione
+
+### 7.1 Monitoring
+
+```bash
+# Status applicazione
+pm2 status
+
+# Logs real-time
+pm2 logs vigilanza-turni
+
+# Logs ultimi 100 righe
+pm2 logs vigilanza-turni --lines 100
+
+# Metriche sistema
+pm2 monit
+```
+
+### 7.2 Backup Database
+
+```bash
+# Backup manuale
+sudo -u postgres pg_dump vigilanza_turni > backup_$(date +%Y%m%d).sql
+
+# Restore
+sudo -u postgres psql vigilanza_turni < backup_20250110.sql
+```
+
+### 7.3 Aggiornamenti Sistema
+
+```bash
+# Update AlmaLinux
+sudo dnf update -y
+
+# Update Node.js packages
+cd /var/www/vigilanza-turni
+npm update
+
+# Restart
+pm2 restart vigilanza-turni
+```
+
+### 7.4 SSL Certificate Renewal
+
+Certbot rinnova automaticamente, ma puoi forzare:
+
+```bash
+sudo certbot renew --dry-run  # Test
+sudo certbot renew            # Rinnovo reale
+sudo systemctl reload nginx
+```
+
+---
+
+## 8. Troubleshooting
+
+### App non risponde
+
+```bash
+# Check PM2
+pm2 status
+pm2 restart vigilanza-turni
+
+# Check logs
+pm2 logs vigilanza-turni --lines 50
+
+# Check Nginx
+sudo nginx -t
+sudo systemctl status nginx
+```
+
+### Database Connection Error
+
+```bash
+# Verifica PostgreSQL
+sudo systemctl status postgresql
+sudo -u postgres psql -c "SELECT version();"
+
+# Test connessione
+psql "postgresql://vigilanza_user:password@localhost:5432/vigilanza_turni" -c "SELECT NOW();"
+```
+
+### SSL Certificate Issues
+
+```bash
+# Test SSL
+sudo certbot certificates
+
+# Rinnovo manuale
+sudo certbot renew --force-renewal
+sudo systemctl reload nginx
+```
+
+### Rollback Emergenza
+
+In GitLab → CI/CD → Pipelines → clicca su "rollback"
+
+Oppure manuale:
+
+```bash
+cd /var/www/vigilanza-turni
+git log --oneline -10  # Trova commit precedente
+git checkout <commit-hash>
+bash deploy/deploy.sh
+```
+
+---
+
+## 📞 Supporto
+
+### Logs Utili
+
+```bash
+# PM2 logs
+pm2 logs vigilanza-turni --lines 200
+
+# Nginx logs
+sudo tail -f /var/log/nginx/vigilanza-turni-error.log
+sudo tail -f /var/log/nginx/vigilanza-turni-access.log
+
+# System logs
+sudo journalctl -u nginx -f
+sudo journalctl -xe
+```
+
+### Comandi Rapidi
+
+```bash
+# Restart completo
+pm2 restart vigilanza-turni && sudo systemctl reload nginx
+
+# Deploy forzato
+cd /var/www/vigilanza-turni && git pull && bash deploy/deploy.sh
+
+# Clear cache PM2
+pm2 delete vigilanza-turni
+pm2 start npm --name vigilanza-turni -- start
+pm2 save
+```
+
+---
+
+## ✅ Checklist Post-Deployment
+
+- [ ] Applicazione accessibile su https://tuodominio.it
+- [ ] SSL certificate valido (lucchetto verde)
+- [ ] Login funzionante
+- [ ] Database connesso
+- [ ] Logs puliti (no errori critici)
+- [ ] PM2 status: online
+- [ ] Backup database configurato
+- [ ] Monitoring attivo
+
+---
+
+**Ultima modifica:** 2025-10-11  
+**Versione:** 1.0
diff --git a/deploy/deploy.sh b/deploy/deploy.sh
new file mode 100755
index 0000000..2d68383
--- /dev/null
+++ b/deploy/deploy.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+set -e
+
+# Script di deployment automatico per VigilanzaTurni
+# Eseguito da GitLab CI/CD Runner
+
+APP_DIR="/var/www/vigilanza-turni"
+APP_NAME="vigilanza-turni"
+
+echo "🚀 Deployment VigilanzaTurni - $(date)"
+
+# Vai alla directory applicazione
+cd $APP_DIR
+
+# Pull ultime modifiche (già fatto da GitLab Runner)
+echo "📦 Repository aggiornato"
+
+# Installa dipendenze
+echo "📥 Installazione dipendenze..."
+npm ci --production
+
+# Build frontend
+echo "🏗️  Build frontend Vite..."
+export NODE_ENV=production
+npm run build
+
+# Database migrations (se necessario)
+echo "🗄️  Verifica database schema..."
+npm run db:push || true
+
+# Restart applicazione con PM2
+echo "🔄 Restart applicazione..."
+if pm2 show $APP_NAME > /dev/null 2>&1; then
+    pm2 reload $APP_NAME --update-env
+else
+    pm2 start npm --name $APP_NAME -- start
+    pm2 save
+fi
+
+# Health check
+echo "🏥 Health check..."
+sleep 5
+if pm2 show $APP_NAME | grep -q "online"; then
+    echo "✅ Deployment completato con successo!"
+    pm2 logs $APP_NAME --lines 20 --nostream
+else
+    echo "❌ Errore: applicazione non online"
+    pm2 logs $APP_NAME --lines 50 --nostream
+    exit 1
+fi
+
+echo "📊 Status PM2:"
+pm2 status
diff --git a/deploy/nginx.conf b/deploy/nginx.conf
new file mode 100644
index 0000000..d382553
--- /dev/null
+++ b/deploy/nginx.conf
@@ -0,0 +1,91 @@
+# Configurazione Nginx per VigilanzaTurni
+# Salvare in: /etc/nginx/conf.d/vigilanza-turni.conf
+
+upstream vigilanza_backend {
+    server 127.0.0.1:5000;
+    keepalive 64;
+}
+
+# HTTP → HTTPS redirect
+server {
+    listen 80;
+    listen [::]:80;
+    server_name tuodominio.it www.tuodominio.it;
+
+    # Let's Encrypt challenge
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS Server
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name tuodominio.it www.tuodominio.it;
+
+    # SSL Certificate (generato da certbot)
+    ssl_certificate /etc/letsencrypt/live/tuodominio.it/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/tuodominio.it/privkey.pem;
+
+    # SSL Security
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    # Security Headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # Logs
+    access_log /var/log/nginx/vigilanza-turni-access.log;
+    error_log /var/log/nginx/vigilanza-turni-error.log;
+
+    # Client max body size (per upload)
+    client_max_body_size 10M;
+
+    # Proxy to Node.js backend
+    location / {
+        proxy_pass http://vigilanza_backend;
+        proxy_http_version 1.1;
+        
+        # Headers
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+        
+        # Cache bypass
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    # Static assets (dopo build Vite)
+    location /assets/ {
+        alias /var/www/vigilanza-turni/dist/public/assets/;
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    # Gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1000;
+    gzip_types text/plain text/css text/xml text/javascript 
+               application/json application/javascript application/xml+rss 
+               application/x-font-ttf font/opentype image/svg+xml;
+}
diff --git a/deploy/setup-server.sh b/deploy/setup-server.sh
new file mode 100755
index 0000000..dea8f60
--- /dev/null
+++ b/deploy/setup-server.sh
@@ -0,0 +1,108 @@
+#!/bin/bash
+set -e
+
+echo "================================================"
+echo "Setup VigilanzaTurni su AlmaLinux 9"
+echo "================================================"
+
+# Colori per output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Funzione di log
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Verifica root
+if [ "$EUID" -ne 0 ]; then 
+    log_error "Esegui questo script come root: sudo bash setup-server.sh"
+    exit 1
+fi
+
+log_info "Aggiornamento sistema..."
+dnf update -y
+
+# =================== NODE.JS 20 ===================
+log_info "Installazione Node.js 20 LTS..."
+dnf module reset nodejs -y
+dnf module enable nodejs:20 -y
+dnf install nodejs -y
+node --version
+npm --version
+
+# =================== POSTGRESQL 15 ===================
+log_info "Installazione PostgreSQL 15..."
+dnf install -y postgresql15-server postgresql15-contrib
+postgresql-setup --initdb
+systemctl enable postgresql
+systemctl start postgresql
+
+# Creazione database e utente
+log_info "Configurazione database..."
+sudo -u postgres psql << EOF
+CREATE DATABASE vigilanza_turni;
+CREATE USER vigilanza_user WITH ENCRYPTED PASSWORD 'ChangeMe_ProductionPassword123!';
+GRANT ALL PRIVILEGES ON DATABASE vigilanza_turni TO vigilanza_user;
+\c vigilanza_turni
+GRANT ALL ON SCHEMA public TO vigilanza_user;
+EOF
+
+# Configurazione PostgreSQL per connessioni locali
+log_info "Configurazione autenticazione PostgreSQL..."
+PG_HBA="/var/lib/pgsql/data/pg_hba.conf"
+sed -i 's/ident$/md5/' $PG_HBA
+systemctl restart postgresql
+
+# =================== PM2 (Process Manager) ===================
+log_info "Installazione PM2..."
+npm install -g pm2
+pm2 startup systemd -u root --hp /root
+
+# =================== NGINX ===================
+log_info "Installazione Nginx..."
+dnf install -y nginx
+systemctl enable nginx
+
+# =================== GIT ===================
+log_info "Installazione Git..."
+dnf install -y git
+
+# =================== DIRECTORY APPLICAZIONE ===================
+log_info "Creazione directory applicazione..."
+mkdir -p /var/www/vigilanza-turni
+chown -R root:root /var/www/vigilanza-turni
+
+# =================== FIREWALL ===================
+log_info "Configurazione Firewall..."
+firewall-cmd --permanent --add-service=http
+firewall-cmd --permanent --add-service=https
+firewall-cmd --reload
+
+# =================== SSL CERTIFICATE (Let's Encrypt) ===================
+log_info "Installazione Certbot per SSL..."
+dnf install -y certbot python3-certbot-nginx
+
+log_info ""
+log_info "================================================"
+log_info "Setup completato con successo!"
+log_info "================================================"
+log_info ""
+log_warn "PROSSIMI PASSI:"
+echo "1. Configura il DNS per puntare questo server"
+echo "2. Modifica la password PostgreSQL in /var/www/vigilanza-turni/.env"
+echo "3. Ottieni certificato SSL: sudo certbot --nginx -d tuodominio.it"
+echo "4. Esegui il primo deployment con GitLab CI/CD"
+echo ""
+log_info "DATABASE_URL per .env:"
+echo "postgresql://vigilanza_user:ChangeMe_ProductionPassword123!@localhost:5432/vigilanza_turni"
diff --git a/push-to-gitlab.sh b/push-to-gitlab.sh
new file mode 100755
index 0000000..79073c2
--- /dev/null
+++ b/push-to-gitlab.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+# Script helper per push automatico verso GitLab da Replit
+
+set -e
+
+# Colori
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+echo -e "${GREEN}🚀 Push to GitLab Production${NC}"
+echo "========================================"
+
+# Verifica se ci sono modifiche
+if [[ -z $(git status -s) ]]; then
+    echo -e "${YELLOW}⚠️  Nessuna modifica da committare${NC}"
+    exit 0
+fi
+
+# Mostra status
+echo -e "\n${YELLOW}📋 Modifiche da committare:${NC}"
+git status -s
+
+# Chiedi conferma
+read -p "Vuoi procedere con il push? (y/N) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+    echo -e "${RED}❌ Push annullato${NC}"
+    exit 1
+fi
+
+# Genera messaggio commit
+TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
+COMMIT_MSG="Deploy: $TIMESTAMP"
+
+# Chiedi messaggio personalizzato
+read -p "Messaggio commit personalizzato (Enter per default): " CUSTOM_MSG
+if [[ ! -z "$CUSTOM_MSG" ]]; then
+    COMMIT_MSG="$CUSTOM_MSG"
+fi
+
+# Git operations
+echo -e "\n${GREEN}📦 Git add...${NC}"
+git add .
+
+echo -e "${GREEN}💾 Git commit...${NC}"
+git commit -m "$COMMIT_MSG"
+
+echo -e "${GREEN}📤 Git push to production...${NC}"
+git push production main
+
+echo -e "\n${GREEN}✅ Push completato!${NC}"
+echo "========================================"
+echo -e "${YELLOW}Prossimi passi:${NC}"
+echo "1. Vai su GitLab: https://git.alfacom.it/marco/VigilanzaTurni/-/pipelines"
+echo "2. La pipeline CI/CD partirà automaticamente"
+echo "3. Clicca su 'deploy_production' per deployare su server"
+echo ""