Update deployment scripts and server setup for automatic deployment and database backup

Update deploy scripts to include database backup and restore functionality, configure Nginx for vt.alfacom.it, and modify server setup to use the provided database password.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 42d8028a-fa71-4ec2-938c-e43eedf7df01
Replit-Commit-Checkpoint-Type: intermediate_checkpoint

.env.production.example

@@ -13,20 +13,21 @@ PGPASSWORD=YOUR_SECURE_PASSWORD
 # Genera con: openssl rand -base64 32
 SESSION_SECRET=YOUR_RANDOM_SESSION_SECRET_HERE
 
-# =================== REPLIT AUTH (Produzione) ===================
-# Configurazione OIDC per autenticazione
-ISSUER_URL=https://replit.com/oidc
-REPL_ID=your-repl-id-here
-REPLIT_DOMAINS=tuodominio.it,www.tuodominio.it
+# =================== AUTHENTICATION ===================
+# Configurazione OIDC (senza Replit)
+ISSUER_URL=https://auth.vt.alfacom.it/oidc
+CLIENT_ID=vigilanza-turni
+CLIENT_SECRET=YOUR_OIDC_CLIENT_SECRET
 
-# =================== NODE ENVIRONMENT ===================
+# =================== APPLICATION ===================
 NODE_ENV=production
 PORT=5000
+APP_URL=https://vt.alfacom.it
 
-# =================== LOGGING (opzionale) ===================
+# =================== BACKUP ===================
+BACKUP_ENABLED=true
+BACKUP_DIR=/var/backups/vigilanza-turni
+BACKUP_RETENTION_DAYS=30
+
+# =================== LOGGING ===================
 LOG_LEVEL=info
-
-# =================== BACKUP (opzionale) ===================
-# BACKUP_ENABLED=true
-# BACKUP_SCHEDULE="0 2 * * *"  # Daily at 2 AM
-# BACKUP_RETENTION_DAYS=30

.replit

@@ -4,7 +4,7 @@ hidden = [".config", ".git", "generated-icon.png", "node_modules", "dist"]
 
 [nix]
 channel = "stable-24_05"
-packages = ["nano"]
+packages = ["nano", "zip", "openssh"]
 
 [deployment]
 deploymentTarget = "autoscale"

deploy/deploy.sh

@@ -2,19 +2,50 @@
 set -e
 
 # Script di deployment automatico per VigilanzaTurni
-# Eseguito da GitLab CI/CD Runner
+# Uso: bash deploy/deploy.sh
 
 APP_DIR="/var/www/vigilanza-turni"
 APP_NAME="vigilanza-turni"
+BACKUP_DIR="/var/backups/vigilanza-turni"
 
 echo "🚀 Deployment VigilanzaTurni - $(date)"
 
 # Vai alla directory applicazione
 cd $APP_DIR
 
-# Pull ultime modifiche (già fatto da GitLab Runner)
-echo "📦 Repository aggiornato"
+# Pull ultime modifiche (se eseguito manualmente)
+if [ -d .git ]; then
+    echo "📥 Pull ultime modifiche da GitLab..."
+    git pull origin main || true
+fi
 
+# =================== BACKUP DATABASE ===================
+echo "💾 Backup database pre-deployment..."
+mkdir -p $BACKUP_DIR
+BACKUP_FILE="$BACKUP_DIR/backup_$(date +%Y%m%d_%H%M%S).sql"
+
+# Load env vars
+if [ -f .env ]; then
+    export $(cat .env | grep -v '^#' | xargs)
+fi
+
+# Esegui backup PostgreSQL
+if command -v pg_dump &> /dev/null; then
+    PGPASSWORD=$PGPASSWORD pg_dump -h $PGHOST -U $PGUSER -d $PGDATABASE > $BACKUP_FILE
+    echo "✅ Backup salvato: $BACKUP_FILE"
+    
+    # Comprimi backup
+    gzip $BACKUP_FILE
+    echo "✅ Backup compresso: ${BACKUP_FILE}.gz"
+    
+    # Pulisci backup vecchi (> 30 giorni)
+    find $BACKUP_DIR -name "backup_*.sql.gz" -mtime +30 -delete
+    echo "🧹 Backup vecchi eliminati (retention: 30 giorni)"
+else
+    echo "⚠️  pg_dump non trovato, skip backup"
+fi
+
+# =================== BUILD & DEPLOY ===================
 # Installa TUTTE le dipendenze (serve per build e migrations)
 echo "📥 Installazione dipendenze (include devDependencies)..."
 npm ci
@@ -32,6 +63,7 @@ npm run db:push || true
 echo "🧹 Pulizia devDependencies (mantiene solo production)..."
 npm prune --production
 
+# =================== RESTART APPLICATION ===================
 # Restart applicazione con PM2
 echo "🔄 Restart applicazione..."
 if pm2 show $APP_NAME > /dev/null 2>&1; then
@@ -50,8 +82,27 @@ if pm2 show $APP_NAME | grep -q "online"; then
 else
     echo "❌ Errore: applicazione non online"
     pm2 logs $APP_NAME --lines 50 --nostream
+    
+    # Rollback: ripristina ultimo backup
+    echo "🔄 Tentativo rollback backup..."
+    LATEST_BACKUP=$(ls -t $BACKUP_DIR/backup_*.sql.gz 2>/dev/null | head -1)
+    if [ -f "$LATEST_BACKUP" ]; then
+        echo "📦 Ripristino da: $LATEST_BACKUP"
+        gunzip -c $LATEST_BACKUP | PGPASSWORD=$PGPASSWORD psql -h $PGHOST -U $PGUSER -d $PGDATABASE
+        echo "✅ Database ripristinato"
+    fi
+    
     exit 1
 fi
 
+# =================== STATUS ===================
+echo ""
 echo "📊 Status PM2:"
 pm2 status
+
+echo ""
+echo "📈 Ultimi backup disponibili:"
+ls -lht $BACKUP_DIR/*.gz 2>/dev/null | head -5 || echo "Nessun backup trovato"
+
+echo ""
+echo "🌐 Applicazione disponibile su: https://vt.alfacom.it"

deploy/nginx.conf

@@ -10,7 +10,7 @@ upstream vigilanza_backend {
 server {
     listen 80;
     listen [::]:80;
-    server_name tuodominio.it www.tuodominio.it;
+    server_name vt.alfacom.it;
 
     # Let's Encrypt challenge
     location /.well-known/acme-challenge/ {
@@ -26,11 +26,11 @@ server {
 server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
-    server_name tuodominio.it www.tuodominio.it;
+    server_name vt.alfacom.it;
 
     # SSL Certificate (generato da certbot)
-    ssl_certificate /etc/letsencrypt/live/tuodominio.it/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/tuodominio.it/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/vt.alfacom.it/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/vt.alfacom.it/privkey.pem;
 
     # SSL Security
     ssl_protocols TLSv1.2 TLSv1.3;

deploy/setup-server.sh

@@ -1,55 +1,57 @@
 #!/bin/bash
+# Setup automatico server AlmaLinux 9 per VigilanzaTurni
+# Esegui: sudo bash deploy/setup-server.sh
+
 set -e
 
-echo "================================================"
-echo "Setup VigilanzaTurni su AlmaLinux 9"
-echo "================================================"
-
-# Colori per output
+# Colori output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
-NC='\033[0m' # No Color
+NC='\033[0m'
 
-# Funzione di log
-log_info() {
-    echo -e "${GREEN}[INFO]${NC} $1"
-}
-
-log_warn() {
-    echo -e "${YELLOW}[WARN]${NC} $1"
-}
-
-log_error() {
-    echo -e "${RED}[ERROR]${NC} $1"
-}
+log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
+log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
+log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
 
 # Verifica root
 if [ "$EUID" -ne 0 ]; then 
-    log_error "Esegui questo script come root: sudo bash setup-server.sh"
+    log_error "Esegui come root: sudo bash $0"
     exit 1
 fi
 
+log_info "🚀 Setup server AlmaLinux 9 per VigilanzaTurni"
+log_info "Dominio: vt.alfacom.it"
+
+# =================== SYSTEM UPDATE ===================
 log_info "Aggiornamento sistema..."
 dnf update -y
 
-# =================== NODE.JS 20 ===================
-log_info "Installazione Node.js 20 LTS..."
+# =================== NODE.JS ===================
+log_info "Installazione Node.js 20..."
 dnf module reset nodejs -y
 dnf module enable nodejs:20 -y
 dnf install nodejs -y
 node --version
 npm --version
 
-# =================== POSTGRESQL 15 ===================
+# =================== PM2 ===================
+log_info "Installazione PM2..."
+npm install -g pm2
+pm2 startup systemd -u root --hp /root
+systemctl enable pm2-root
+
+# =================== POSTGRESQL ===================
 log_info "Installazione PostgreSQL 15..."
-dnf install -y postgresql15-server postgresql15-contrib
+dnf install -y postgresql15-server postgresql15
+
+# Inizializza database
 postgresql-setup --initdb
 systemctl enable postgresql
 systemctl start postgresql
 
-# Generazione password sicura PostgreSQL
-DB_PASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-25)
+# Password database fornita dall'utente
+DB_PASSWORD="553da84c94093919d46055d6ec37dfa2a03d0f46"
 
 # Creazione database e utente
 log_info "Configurazione database..."
@@ -61,26 +63,22 @@ GRANT ALL PRIVILEGES ON DATABASE vigilanza_turni TO vigilanza_user;
 GRANT ALL ON SCHEMA public TO vigilanza_user;
 EOF
 
-# Salva password in file sicuro
-echo "PGPASSWORD=${DB_PASSWORD}" > /root/.vigilanza_db_password
-chmod 600 /root/.vigilanza_db_password
-log_info "Password PostgreSQL salvata in: /root/.vigilanza_db_password"
+log_info "✅ Database configurato con password fornita"
 
 # Configurazione PostgreSQL per connessioni locali
 log_info "Configurazione autenticazione PostgreSQL..."
 PG_HBA="/var/lib/pgsql/data/pg_hba.conf"
-sed -i 's/ident$/md5/' $PG_HBA
+if ! grep -q "vigilanza_user" $PG_HBA; then
+    echo "local   vigilanza_turni    vigilanza_user                    md5" >> $PG_HBA
+    echo "host    vigilanza_turni    vigilanza_user    127.0.0.1/32    md5" >> $PG_HBA
     systemctl restart postgresql
-
-# =================== PM2 (Process Manager) ===================
-log_info "Installazione PM2..."
-npm install -g pm2
-pm2 startup systemd -u root --hp /root
+fi
 
 # =================== NGINX ===================
 log_info "Installazione Nginx..."
 dnf install -y nginx
 systemctl enable nginx
+systemctl start nginx
 
 # =================== GIT ===================
 log_info "Installazione Git..."
@@ -89,10 +87,14 @@ dnf install -y git
 # =================== DIRECTORY APPLICAZIONE ===================
 log_info "Creazione directory applicazione..."
 mkdir -p /var/www/vigilanza-turni
-chown -R root:root /var/www/vigilanza-turni
+mkdir -p /var/backups/vigilanza-turni
+chmod 755 /var/www/vigilanza-turni
+chmod 700 /var/backups/vigilanza-turni
 
 # =================== FIREWALL ===================
-log_info "Configurazione Firewall..."
+log_info "Configurazione firewall..."
+systemctl enable firewalld
+systemctl start firewalld
 firewall-cmd --permanent --add-service=http
 firewall-cmd --permanent --add-service=https
 firewall-cmd --reload
@@ -107,14 +109,11 @@ log_info "Setup completato con successo!"
 log_info "================================================"
 log_info ""
 log_warn "PROSSIMI PASSI:"
-echo "1. Configura il DNS per puntare questo server"
-echo "2. Copia DATABASE_URL qui sotto nel file /var/www/vigilanza-turni/.env"
-echo "3. Ottieni certificato SSL: sudo certbot --nginx -d tuodominio.it"
-echo "4. Esegui il primo deployment con GitLab CI/CD"
-echo ""
-log_warn "⚠️  IMPORTANTE - Salva questa password (disponibile in /root/.vigilanza_db_password):"
+echo "1. Copia deploy/nginx.conf → /etc/nginx/conf.d/vigilanza-turni.conf"
+echo "2. Clone repository: cd /var/www/vigilanza-turni && git clone <repo-url> ."
+echo "3. Crea file .env con DATABASE_URL (password già configurata)"
+echo "4. Ottieni certificato SSL: sudo certbot --nginx -d vt.alfacom.it"
+echo "5. Esegui primo deploy: bash deploy/deploy.sh"
 echo ""
 log_info "DATABASE_URL per .env:"
 echo "postgresql://vigilanza_user:${DB_PASSWORD}@localhost:5432/vigilanza_turni"
-echo ""
-log_warn "Password PostgreSQL generata automaticamente: ${DB_PASSWORD}"

push-to-gitlab.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Script helper per push automatico verso GitLab da Replit
+# Script per push automatico verso GitLab
 
 set -e
 
@@ -9,9 +9,17 @@ YELLOW='\033[1;33m'
 RED='\033[0;31m'
 NC='\033[0m'
 
-echo -e "${GREEN}🚀 Push to GitLab Production${NC}"
+echo -e "${GREEN}🚀 Push to GitLab (vt.alfacom.it)${NC}"
 echo "========================================"
 
+# Verifica remote GitLab
+if ! git remote | grep -q "production"; then
+    echo -e "${YELLOW}⚠️  Remote 'production' non configurato${NC}"
+    echo "Configurazione remote GitLab..."
+    read -p "URL repository GitLab: " GITLAB_URL
+    git remote add production $GITLAB_URL
+fi
+
 # Verifica se ci sono modifiche
 if [[ -z $(git status -s) ]]; then
     echo -e "${YELLOW}⚠️  Nessuna modifica da committare${NC}"
@@ -52,8 +60,11 @@ git push production main
 
 echo -e "\n${GREEN}✅ Push completato!${NC}"
 echo "========================================"
-echo -e "${YELLOW}Prossimi passi:${NC}"
-echo "1. Vai su GitLab: https://git.alfacom.it/marco/VigilanzaTurni/-/pipelines"
-echo "2. La pipeline CI/CD partirà automaticamente"
-echo "3. Clicca su 'deploy_production' per deployare su server"
+echo -e "${YELLOW}Deployment automatico disponibile:${NC}"
+echo ""
+echo "Sul server esegui:"
+echo -e "${GREEN}  cd /var/www/vigilanza-turni${NC}"
+echo -e "${GREEN}  bash deploy/deploy.sh${NC}"
+echo ""
+echo "🌐 Sito: https://vt.alfacom.it"
 echo ""