Update deployment scripts and server setup for automatic deployment and database backup

Update deploy scripts to include database backup and restore functionality, configure Nginx for vt.alfacom.it, and modify server setup to use the provided database password.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 42d8028a-fa71-4ec2-938c-e43eedf7df01
Replit-Commit-Checkpoint-Type: intermediate_checkpoint

.env.production.example

@@ -13,20 +13,21 @@ PGPASSWORD=YOUR_SECURE_PASSWORD
 # Genera con: openssl rand -base64 32
 SESSION_SECRET=YOUR_RANDOM_SESSION_SECRET_HERE
 
-# =================== REPLIT AUTH (Produzione) ===================
+# =================== AUTHENTICATION ===================
-# Configurazione OIDC per autenticazione
+# Configurazione OIDC (senza Replit)
-ISSUER_URL=https://replit.com/oidc
+ISSUER_URL=https://auth.vt.alfacom.it/oidc
-REPL_ID=your-repl-id-here
+CLIENT_ID=vigilanza-turni
-REPLIT_DOMAINS=tuodominio.it,www.tuodominio.it
+CLIENT_SECRET=YOUR_OIDC_CLIENT_SECRET
 
-# =================== NODE ENVIRONMENT ===================
+# =================== APPLICATION ===================
 NODE_ENV=production
 PORT=5000
+APP_URL=https://vt.alfacom.it
 
-# =================== LOGGING (opzionale) ===================
+# =================== BACKUP ===================
+BACKUP_ENABLED=true
+BACKUP_DIR=/var/backups/vigilanza-turni
+BACKUP_RETENTION_DAYS=30
+
+# =================== LOGGING ===================
 LOG_LEVEL=info
-
-# =================== BACKUP (opzionale) ===================
-# BACKUP_ENABLED=true
-# BACKUP_SCHEDULE="0 2 * * *"  # Daily at 2 AM
-# BACKUP_RETENTION_DAYS=30

.replit

@@ -4,7 +4,7 @@ hidden = [".config", ".git", "generated-icon.png", "node_modules", "dist"]
 
 [nix]
 channel = "stable-24_05"
-packages = ["nano"]
+packages = ["nano", "zip", "openssh"]
 
 [deployment]
 deploymentTarget = "autoscale"

deploy/deploy.sh

@@ -2,19 +2,50 @@
 set -e
 
 # Script di deployment automatico per VigilanzaTurni
-# Eseguito da GitLab CI/CD Runner
+# Uso: bash deploy/deploy.sh
 
 APP_DIR="/var/www/vigilanza-turni"
 APP_NAME="vigilanza-turni"
+BACKUP_DIR="/var/backups/vigilanza-turni"
 
 echo "🚀 Deployment VigilanzaTurni - $(date)"
 
 # Vai alla directory applicazione
 cd $APP_DIR
 
-# Pull ultime modifiche (già fatto da GitLab Runner)
+# Pull ultime modifiche (se eseguito manualmente)
-echo "📦 Repository aggiornato"
+if [ -d .git ]; then
+    echo "📥 Pull ultime modifiche da GitLab..."
+    git pull origin main || true
+fi
 
+# =================== BACKUP DATABASE ===================
+echo "💾 Backup database pre-deployment..."
+mkdir -p $BACKUP_DIR
+BACKUP_FILE="$BACKUP_DIR/backup_$(date +%Y%m%d_%H%M%S).sql"
+
+# Load env vars
+if [ -f .env ]; then
+    export $(cat .env | grep -v '^#' | xargs)
+fi
+
+# Esegui backup PostgreSQL
+if command -v pg_dump &> /dev/null; then
+    PGPASSWORD=$PGPASSWORD pg_dump -h $PGHOST -U $PGUSER -d $PGDATABASE > $BACKUP_FILE
+    echo "✅ Backup salvato: $BACKUP_FILE"
+    
+    # Comprimi backup
+    gzip $BACKUP_FILE
+    echo "✅ Backup compresso: ${BACKUP_FILE}.gz"
+    
+    # Pulisci backup vecchi (> 30 giorni)
+    find $BACKUP_DIR -name "backup_*.sql.gz" -mtime +30 -delete
+    echo "🧹 Backup vecchi eliminati (retention: 30 giorni)"
+else
+    echo "⚠️  pg_dump non trovato, skip backup"
+fi
+
+# =================== BUILD & DEPLOY ===================
 # Installa TUTTE le dipendenze (serve per build e migrations)
 echo "📥 Installazione dipendenze (include devDependencies)..."
 npm ci
@@ -32,6 +63,7 @@ npm run db:push || true
 echo "🧹 Pulizia devDependencies (mantiene solo production)..."
 npm prune --production
 
+# =================== RESTART APPLICATION ===================
 # Restart applicazione con PM2
 echo "🔄 Restart applicazione..."
 if pm2 show $APP_NAME > /dev/null 2>&1; then
@@ -50,8 +82,27 @@ if pm2 show $APP_NAME | grep -q "online"; then
 else
     echo "❌ Errore: applicazione non online"
     pm2 logs $APP_NAME --lines 50 --nostream
+    
+    # Rollback: ripristina ultimo backup
+    echo "🔄 Tentativo rollback backup..."
+    LATEST_BACKUP=$(ls -t $BACKUP_DIR/backup_*.sql.gz 2>/dev/null | head -1)
+    if [ -f "$LATEST_BACKUP" ]; then
+        echo "📦 Ripristino da: $LATEST_BACKUP"
+        gunzip -c $LATEST_BACKUP | PGPASSWORD=$PGPASSWORD psql -h $PGHOST -U $PGUSER -d $PGDATABASE
+        echo "✅ Database ripristinato"
+    fi
+    
     exit 1
 fi
 
+# =================== STATUS ===================
+echo ""
 echo "📊 Status PM2:"
 pm2 status
+
+echo ""
+echo "📈 Ultimi backup disponibili:"
+ls -lht $BACKUP_DIR/*.gz 2>/dev/null | head -5 || echo "Nessun backup trovato"
+
+echo ""
+echo "🌐 Applicazione disponibile su: https://vt.alfacom.it"

deploy/nginx.conf

@@ -10,7 +10,7 @@ upstream vigilanza_backend {
 server {
     listen 80;
     listen [::]:80;
-    server_name tuodominio.it www.tuodominio.it;
+    server_name vt.alfacom.it;
 
     # Let's Encrypt challenge
     location /.well-known/acme-challenge/ {
@@ -26,11 +26,11 @@ server {
 server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
-    server_name tuodominio.it www.tuodominio.it;
+    server_name vt.alfacom.it;
 
     # SSL Certificate (generato da certbot)
-    ssl_certificate /etc/letsencrypt/live/tuodominio.it/fullchain.pem;
+    ssl_certificate /etc/letsencrypt/live/vt.alfacom.it/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/tuodominio.it/privkey.pem;
+    ssl_certificate_key /etc/letsencrypt/live/vt.alfacom.it/privkey.pem;
 
     # SSL Security
     ssl_protocols TLSv1.2 TLSv1.3;

deploy/setup-server.sh

@@ -1,55 +1,57 @@
 #!/bin/bash
+# Setup automatico server AlmaLinux 9 per VigilanzaTurni
+# Esegui: sudo bash deploy/setup-server.sh
+
 set -e
 
-echo "================================================"
+# Colori output
-echo "Setup VigilanzaTurni su AlmaLinux 9"
-echo "================================================"
-
-# Colori per output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
-NC='\033[0m' # No Color
+NC='\033[0m'
 
-# Funzione di log
+log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
-log_info() {
+log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
-    echo -e "${GREEN}[INFO]${NC} $1"
+log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
-}
-
-log_warn() {
-    echo -e "${YELLOW}[WARN]${NC} $1"
-}
-
-log_error() {
-    echo -e "${RED}[ERROR]${NC} $1"
-}
 
 # Verifica root
 if [ "$EUID" -ne 0 ]; then 
-    log_error "Esegui questo script come root: sudo bash setup-server.sh"
+    log_error "Esegui come root: sudo bash $0"
     exit 1
 fi
 
+log_info "🚀 Setup server AlmaLinux 9 per VigilanzaTurni"
+log_info "Dominio: vt.alfacom.it"
+
+# =================== SYSTEM UPDATE ===================
 log_info "Aggiornamento sistema..."
 dnf update -y
 
-# =================== NODE.JS 20 ===================
+# =================== NODE.JS ===================
-log_info "Installazione Node.js 20 LTS..."
+log_info "Installazione Node.js 20..."
 dnf module reset nodejs -y
 dnf module enable nodejs:20 -y
 dnf install nodejs -y
 node --version
 npm --version
 
-# =================== POSTGRESQL 15 ===================
+# =================== PM2 ===================
+log_info "Installazione PM2..."
+npm install -g pm2
+pm2 startup systemd -u root --hp /root
+systemctl enable pm2-root
+
+# =================== POSTGRESQL ===================
 log_info "Installazione PostgreSQL 15..."
-dnf install -y postgresql15-server postgresql15-contrib
+dnf install -y postgresql15-server postgresql15
+
+# Inizializza database
 postgresql-setup --initdb
 systemctl enable postgresql
 systemctl start postgresql
 
-# Generazione password sicura PostgreSQL
+# Password database fornita dall'utente
-DB_PASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-25)
+DB_PASSWORD="553da84c94093919d46055d6ec37dfa2a03d0f46"
 
 # Creazione database e utente
 log_info "Configurazione database..."
@@ -61,26 +63,22 @@ GRANT ALL PRIVILEGES ON DATABASE vigilanza_turni TO vigilanza_user;
 GRANT ALL ON SCHEMA public TO vigilanza_user;
 EOF
 
-# Salva password in file sicuro
+log_info "✅ Database configurato con password fornita"
-echo "PGPASSWORD=${DB_PASSWORD}" > /root/.vigilanza_db_password
-chmod 600 /root/.vigilanza_db_password
-log_info "Password PostgreSQL salvata in: /root/.vigilanza_db_password"
 
 # Configurazione PostgreSQL per connessioni locali
 log_info "Configurazione autenticazione PostgreSQL..."
 PG_HBA="/var/lib/pgsql/data/pg_hba.conf"
-sed -i 's/ident$/md5/' $PG_HBA
+if ! grep -q "vigilanza_user" $PG_HBA; then
-systemctl restart postgresql
+    echo "local   vigilanza_turni    vigilanza_user                    md5" >> $PG_HBA
-
+    echo "host    vigilanza_turni    vigilanza_user    127.0.0.1/32    md5" >> $PG_HBA
-# =================== PM2 (Process Manager) ===================
+    systemctl restart postgresql
-log_info "Installazione PM2..."
+fi
-npm install -g pm2
-pm2 startup systemd -u root --hp /root
 
 # =================== NGINX ===================
 log_info "Installazione Nginx..."
 dnf install -y nginx
 systemctl enable nginx
+systemctl start nginx
 
 # =================== GIT ===================
 log_info "Installazione Git..."
@@ -89,10 +87,14 @@ dnf install -y git
 # =================== DIRECTORY APPLICAZIONE ===================
 log_info "Creazione directory applicazione..."
 mkdir -p /var/www/vigilanza-turni
-chown -R root:root /var/www/vigilanza-turni
+mkdir -p /var/backups/vigilanza-turni
+chmod 755 /var/www/vigilanza-turni
+chmod 700 /var/backups/vigilanza-turni
 
 # =================== FIREWALL ===================
-log_info "Configurazione Firewall..."
+log_info "Configurazione firewall..."
+systemctl enable firewalld
+systemctl start firewalld
 firewall-cmd --permanent --add-service=http
 firewall-cmd --permanent --add-service=https
 firewall-cmd --reload
@@ -107,14 +109,11 @@ log_info "Setup completato con successo!"
 log_info "================================================"
 log_info ""
 log_warn "PROSSIMI PASSI:"
-echo "1. Configura il DNS per puntare questo server"
+echo "1. Copia deploy/nginx.conf → /etc/nginx/conf.d/vigilanza-turni.conf"
-echo "2. Copia DATABASE_URL qui sotto nel file /var/www/vigilanza-turni/.env"
+echo "2. Clone repository: cd /var/www/vigilanza-turni && git clone <repo-url> ."
-echo "3. Ottieni certificato SSL: sudo certbot --nginx -d tuodominio.it"
+echo "3. Crea file .env con DATABASE_URL (password già configurata)"
-echo "4. Esegui il primo deployment con GitLab CI/CD"
+echo "4. Ottieni certificato SSL: sudo certbot --nginx -d vt.alfacom.it"
-echo ""
+echo "5. Esegui primo deploy: bash deploy/deploy.sh"
-log_warn "⚠️  IMPORTANTE - Salva questa password (disponibile in /root/.vigilanza_db_password):"
 echo ""
 log_info "DATABASE_URL per .env:"
 echo "postgresql://vigilanza_user:${DB_PASSWORD}@localhost:5432/vigilanza_turni"
-echo ""
-log_warn "Password PostgreSQL generata automaticamente: ${DB_PASSWORD}"

push-to-gitlab.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Script helper per push automatico verso GitLab da Replit
+# Script per push automatico verso GitLab
 
 set -e
 
@@ -9,9 +9,17 @@ YELLOW='\033[1;33m'
 RED='\033[0;31m'
 NC='\033[0m'
 
-echo -e "${GREEN}🚀 Push to GitLab Production${NC}"
+echo -e "${GREEN}🚀 Push to GitLab (vt.alfacom.it)${NC}"
 echo "========================================"
 
+# Verifica remote GitLab
+if ! git remote | grep -q "production"; then
+    echo -e "${YELLOW}⚠️  Remote 'production' non configurato${NC}"
+    echo "Configurazione remote GitLab..."
+    read -p "URL repository GitLab: " GITLAB_URL
+    git remote add production $GITLAB_URL
+fi
+
 # Verifica se ci sono modifiche
 if [[ -z $(git status -s) ]]; then
     echo -e "${YELLOW}⚠️  Nessuna modifica da committare${NC}"
@@ -52,8 +60,11 @@ git push production main
 
 echo -e "\n${GREEN}✅ Push completato!${NC}"
 echo "========================================"
-echo -e "${YELLOW}Prossimi passi:${NC}"
+echo -e "${YELLOW}Deployment automatico disponibile:${NC}"
-echo "1. Vai su GitLab: https://git.alfacom.it/marco/VigilanzaTurni/-/pipelines"
+echo ""
-echo "2. La pipeline CI/CD partirà automaticamente"
+echo "Sul server esegui:"
-echo "3. Clicca su 'deploy_production' per deployare su server"
+echo -e "${GREEN}  cd /var/www/vigilanza-turni${NC}"
+echo -e "${GREEN}  bash deploy/deploy.sh${NC}"
+echo ""
+echo "🌐 Sito: https://vt.alfacom.it"
 echo ""