Deploy: 2025-10-16 07:58:29

Adds CI/CD pipeline, server setup scripts, Nginx configuration, environment templates, and deployment documentation.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 42d8028a-fa71-4ec2-938c-e43eedf7df01
Replit-Commit-Checkpoint-Type: full_checkpoint

.env.production.example

@@ -0,0 +1,32 @@
+# VigilanzaTurni - Production Environment Variables
+# Copia questo file in .env sul server di produzione
+
+# =================== DATABASE ===================
+DATABASE_URL=postgresql://vigilanza_user:YOUR_SECURE_PASSWORD@localhost:5432/vigilanza_turni
+PGHOST=localhost
+PGPORT=5432
+PGDATABASE=vigilanza_turni
+PGUSER=vigilanza_user
+PGPASSWORD=YOUR_SECURE_PASSWORD
+
+# =================== SESSION ===================
+# Genera con: openssl rand -base64 32
+SESSION_SECRET=YOUR_RANDOM_SESSION_SECRET_HERE
+
+# =================== REPLIT AUTH (Produzione) ===================
+# Configurazione OIDC per autenticazione
+ISSUER_URL=https://replit.com/oidc
+REPL_ID=your-repl-id-here
+REPLIT_DOMAINS=tuodominio.it,www.tuodominio.it
+
+# =================== NODE ENVIRONMENT ===================
+NODE_ENV=production
+PORT=5000
+
+# =================== LOGGING (opzionale) ===================
+LOG_LEVEL=info
+
+# =================== BACKUP (opzionale) ===================
+# BACKUP_ENABLED=true
+# BACKUP_SCHEDULE="0 2 * * *"  # Daily at 2 AM
+# BACKUP_RETENTION_DAYS=30

.gitignore

@@ -3,4 +3,23 @@ dist
 .DS_Store
 server/public
 vite.config.ts.*
-*.tar.gz
+*.tar.gz
+
+# Environment files
+.env
+.env.local
+.env.production
+.env.staging
+
+# Logs
+logs
+*.log
+npm-debug.log*
+pm2-logs/
+
+# Database
+*.db
+*.sqlite
+
+# Deployment
+.deploy-history

.gitlab-ci.yml

@@ -0,0 +1,120 @@
+# GitLab CI/CD Pipeline per VigilanzaTurni
+# Deployment automatico su AlmaLinux 9
+
+stages:
+  - build
+  - test
+  - deploy
+
+variables:
+  NODE_VERSION: "20"
+  APP_DIR: "/var/www/vigilanza-turni"
+
+# Cache per velocizzare build
+cache:
+  key: ${CI_COMMIT_REF_SLUG}
+  paths:
+    - node_modules/
+    - .npm/
+
+# =================== BUILD STAGE ===================
+build:
+  stage: build
+  image: node:20-alpine
+  script:
+    - echo "📦 Installazione dipendenze..."
+    - npm ci
+    - echo "🏗️  Build TypeScript..."
+    - npm run build
+    - echo "✅ Build completato"
+  artifacts:
+    paths:
+      - dist/
+      - node_modules/
+    expire_in: 1 hour
+  only:
+    - main
+    - develop
+
+# =================== TEST STAGE ===================
+test:
+  stage: test
+  image: node:20-alpine
+  script:
+    - echo "🧪 Esecuzione test..."
+    - npm run lint || true
+    - echo "✅ Test completati"
+  only:
+    - main
+    - develop
+
+# =================== DEPLOY PRODUCTION ===================
+deploy_production:
+  stage: deploy
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache openssh-client rsync
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts
+  script:
+    - echo "🚀 Deployment su server produzione..."
+    
+    # Sync files to server
+    - rsync -avz --delete --exclude='.git' --exclude='node_modules' --exclude='.env' ./ $DEPLOY_USER@$DEPLOY_HOST:$APP_DIR/
+    
+    # Execute deployment script on server
+    - ssh $DEPLOY_USER@$DEPLOY_HOST "cd $APP_DIR && bash deploy/deploy.sh"
+    
+    - echo "✅ Deployment completato!"
+    - echo "🌐 Applicazione disponibile su: https://$DEPLOY_DOMAIN"
+  environment:
+    name: production
+    url: https://$DEPLOY_DOMAIN
+  only:
+    - main
+  when: manual
+
+# =================== DEPLOY STAGING (opzionale) ===================
+deploy_staging:
+  stage: deploy
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache openssh-client rsync
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts
+  script:
+    - echo "🧪 Deployment su staging..."
+    - rsync -avz --delete --exclude='.git' --exclude='node_modules' --exclude='.env' ./ $DEPLOY_USER@$DEPLOY_HOST:/var/www/vigilanza-turni-staging/
+    - ssh $DEPLOY_USER@$DEPLOY_HOST "cd /var/www/vigilanza-turni-staging && bash deploy/deploy.sh"
+    - echo "✅ Staging deployment completato!"
+  environment:
+    name: staging
+    url: https://staging.$DEPLOY_DOMAIN
+  only:
+    - develop
+  when: manual
+
+# =================== ROLLBACK (emergenza) ===================
+rollback:
+  stage: deploy
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache openssh-client
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts
+  script:
+    - echo "⏮️  Rollback alla versione precedente..."
+    - ssh $DEPLOY_USER@$DEPLOY_HOST "cd $APP_DIR && git checkout HEAD~1 && bash deploy/deploy.sh"
+    - echo "✅ Rollback completato"
+  only:
+    - main
+  when: manual

.replit

@@ -4,6 +4,7 @@ hidden = [".config", ".git", "generated-icon.png", "node_modules", "dist"]
 
 [nix]
 channel = "stable-24_05"
+packages = ["nano"]
 
 [deployment]
 deploymentTarget = "autoscale"

DEPLOYMENT.md

@@ -0,0 +1,421 @@
+# 🚀 Guida Deployment VigilanzaTurni
+
+Deployment automatico da Replit → GitLab → Server AlmaLinux 9
+
+## 📋 Indice
+
+1. [Prerequisiti](#prerequisiti)
+2. [Setup Iniziale Server](#setup-iniziale-server)
+3. [Configurazione GitLab](#configurazione-gitlab)
+4. [Configurazione Replit](#configurazione-replit)
+5. [Primo Deployment](#primo-deployment)
+6. [Deployment Automatico](#deployment-automatico)
+7. [Manutenzione](#manutenzione)
+8. [Troubleshooting](#troubleshooting)
+
+---
+
+## 1. Prerequisiti
+
+### Server AlmaLinux 9
+- Server con accesso root/sudo
+- Almeno 2GB RAM
+- 20GB storage
+- Indirizzo IP pubblico
+- Dominio configurato (es. vigilanza.tuodominio.it)
+
+### Account e Accessi
+- Account GitLab su git.alfacom.it
+- SSH access al server
+- Replit account con questo progetto
+
+---
+
+## 2. Setup Iniziale Server
+
+### 2.1 Connessione al Server
+
+```bash
+ssh root@ip-del-tuo-server
+```
+
+### 2.2 Esecuzione Script Setup
+
+```bash
+# Download script setup
+curl -o setup-server.sh https://git.alfacom.it/marco/VigilanzaTurni/-/raw/main/deploy/setup-server.sh
+
+# Rendi eseguibile
+chmod +x setup-server.sh
+
+# Esegui setup
+sudo bash setup-server.sh
+```
+
+Lo script installerà:
+- ✅ Node.js 20 LTS
+- ✅ PostgreSQL 15
+- ✅ PM2 (process manager)
+- ✅ Nginx (reverse proxy)
+- ✅ Git
+- ✅ Firewall configurato
+- ✅ Certbot (per SSL)
+
+### 2.3 Configurazione Database
+
+Lo script crea automaticamente:
+- Database: `vigilanza_turni`
+- User: `vigilanza_user`
+- Password: **Generata automaticamente** (mostrata a fine setup)
+
+⚠️ **IMPORTANTE**: Salva la password mostrata al termine del setup!
+
+```bash
+# La password è salvata anche in:
+cat /root/.vigilanza_db_password
+
+# Se persa, puoi cambiarla con:
+sudo -u postgres psql
+ALTER USER vigilanza_user WITH PASSWORD 'NuovaPasswordSicura123!';
+\q
+```
+
+### 2.4 Configurazione SSL
+
+```bash
+# Sostituisci tuodominio.it con il tuo dominio
+sudo certbot --nginx -d vigilanza.tuodominio.it
+```
+
+Certbot configurerà automaticamente:
+- Certificato SSL Let's Encrypt
+- Redirect HTTP → HTTPS
+- Auto-rinnovo certificato
+
+---
+
+## 3. Configurazione GitLab
+
+### 3.1 Variabili CI/CD
+
+Vai su GitLab: **Settings → CI/CD → Variables**
+
+Aggiungi queste variabili:
+
+| Variabile | Valore | Protected | Masked |
+|-----------|--------|-----------|--------|
+| `SSH_PRIVATE_KEY` | La tua chiave SSH privata | ✅ | ✅ |
+| `DEPLOY_HOST` | IP o hostname del server | ✅ | ❌ |
+| `DEPLOY_USER` | `root` o utente deploy | ✅ | ❌ |
+| `DEPLOY_DOMAIN` | `vigilanza.tuodominio.it` | ✅ | ❌ |
+
+#### Generare SSH Key
+
+```bash
+# Sul tuo computer locale
+ssh-keygen -t ed25519 -C "gitlab-deploy" -f ~/.ssh/gitlab-deploy
+
+# Copia chiave pubblica sul server
+ssh-copy-id -i ~/.ssh/gitlab-deploy.pub root@ip-del-server
+
+# Copia chiave privata (contenuto completo)
+cat ~/.ssh/gitlab-deploy
+# Copia output e incolla in GitLab come SSH_PRIVATE_KEY
+```
+
+### 3.2 Abilitare GitLab Runner
+
+Assicurati che il progetto abbia accesso a un Runner GitLab:
+- Vai su **Settings → CI/CD → Runners**
+- Abilita un Shared Runner o configura un Specific Runner
+
+---
+
+## 4. Configurazione Replit
+
+### 4.1 Configurare Git Remote
+
+```bash
+# In Replit Shell
+git remote add production https://git.alfacom.it/marco/VigilanzaTurni.git
+
+# Verifica
+git remote -v
+```
+
+### 4.2 Autenticazione GitLab
+
+Crea Personal Access Token su GitLab:
+1. GitLab → **User Settings → Access Tokens**
+2. Nome: `Replit Deploy`
+3. Scopes: `write_repository`
+4. Copia il token
+
+In Replit, salva token nei Secrets:
+```bash
+# Secrets → Add new secret
+Name: GITLAB_TOKEN
+Value: <il-tuo-token>
+```
+
+### 4.3 Script Push Automatico
+
+Crea file `push-to-gitlab.sh` in Replit:
+
+```bash
+#!/bin/bash
+git add .
+git commit -m "Deploy: $(date '+%Y-%m-%d %H:%M:%S')"
+git push production main
+```
+
+---
+
+## 5. Primo Deployment
+
+### 5.1 Configurazione .env Produzione
+
+Sul server:
+
+```bash
+cd /var/www/vigilanza-turni
+cp .env.production.example .env
+nano .env
+```
+
+Configura usando la password PostgreSQL generata durante setup:
+
+```bash
+# Recupera password DB
+DB_PASS=$(grep PGPASSWORD /root/.vigilanza_db_password | cut -d= -f2)
+
+# Configura .env
+DATABASE_URL=postgresql://vigilanza_user:${DB_PASS}@localhost:5432/vigilanza_turni
+SESSION_SECRET=$(openssl rand -base64 32)
+REPLIT_DOMAINS=vigilanza.tuodominio.it
+```
+
+### 5.2 Configurazione Nginx
+
+```bash
+# Copia configurazione Nginx
+sudo cp /var/www/vigilanza-turni/deploy/nginx.conf /etc/nginx/conf.d/vigilanza-turni.conf
+
+# Modifica con il tuo dominio
+sudo nano /etc/nginx/conf.d/vigilanza-turni.conf
+# Sostituisci "tuodominio.it" con il tuo dominio
+
+# Test configurazione
+sudo nginx -t
+
+# Reload Nginx
+sudo systemctl reload nginx
+```
+
+### 5.3 Clone Repository Iniziale
+
+```bash
+cd /var/www/vigilanza-turni
+git clone https://git.alfacom.it/marco/VigilanzaTurni.git .
+```
+
+### 5.4 Primo Deploy Manuale
+
+```bash
+bash deploy/deploy.sh
+```
+
+Verifica:
+```bash
+pm2 status
+pm2 logs vigilanza-turni
+```
+
+---
+
+## 6. Deployment Automatico
+
+### 6.1 Push da Replit
+
+```bash
+# In Replit Shell
+bash push-to-gitlab.sh
+```
+
+### 6.2 Trigger Pipeline GitLab
+
+1. Vai su GitLab → **CI/CD → Pipelines**
+2. La pipeline parte automaticamente
+3. Clicca su `deploy_production` quando vuoi deployare
+4. Il deploy avviene in ~3-5 minuti
+
+### 6.3 Flusso Automatico
+
+```mermaid
+Replit → Git Push → GitLab → CI/CD Pipeline → Deploy Server
+```
+
+**Stages:**
+1. 🏗️ **Build** - Compila TypeScript e Vite
+2. 🧪 **Test** - Esegue linting
+3. 🚀 **Deploy** - Deployment su server (manuale)
+
+---
+
+## 7. Manutenzione
+
+### 7.1 Monitoring
+
+```bash
+# Status applicazione
+pm2 status
+
+# Logs real-time
+pm2 logs vigilanza-turni
+
+# Logs ultimi 100 righe
+pm2 logs vigilanza-turni --lines 100
+
+# Metriche sistema
+pm2 monit
+```
+
+### 7.2 Backup Database
+
+```bash
+# Backup manuale
+sudo -u postgres pg_dump vigilanza_turni > backup_$(date +%Y%m%d).sql
+
+# Restore
+sudo -u postgres psql vigilanza_turni < backup_20250110.sql
+```
+
+### 7.3 Aggiornamenti Sistema
+
+```bash
+# Update AlmaLinux
+sudo dnf update -y
+
+# Update Node.js packages
+cd /var/www/vigilanza-turni
+npm update
+
+# Restart
+pm2 restart vigilanza-turni
+```
+
+### 7.4 SSL Certificate Renewal
+
+Certbot rinnova automaticamente, ma puoi forzare:
+
+```bash
+sudo certbot renew --dry-run  # Test
+sudo certbot renew            # Rinnovo reale
+sudo systemctl reload nginx
+```
+
+---
+
+## 8. Troubleshooting
+
+### App non risponde
+
+```bash
+# Check PM2
+pm2 status
+pm2 restart vigilanza-turni
+
+# Check logs
+pm2 logs vigilanza-turni --lines 50
+
+# Check Nginx
+sudo nginx -t
+sudo systemctl status nginx
+```
+
+### Database Connection Error
+
+```bash
+# Verifica PostgreSQL
+sudo systemctl status postgresql
+sudo -u postgres psql -c "SELECT version();"
+
+# Test connessione
+psql "postgresql://vigilanza_user:password@localhost:5432/vigilanza_turni" -c "SELECT NOW();"
+```
+
+### SSL Certificate Issues
+
+```bash
+# Test SSL
+sudo certbot certificates
+
+# Rinnovo manuale
+sudo certbot renew --force-renewal
+sudo systemctl reload nginx
+```
+
+### Rollback Emergenza
+
+In GitLab → CI/CD → Pipelines → clicca su "rollback"
+
+Oppure manuale:
+
+```bash
+cd /var/www/vigilanza-turni
+git log --oneline -10  # Trova commit precedente
+git checkout <commit-hash>
+bash deploy/deploy.sh
+```
+
+---
+
+## 📞 Supporto
+
+### Logs Utili
+
+```bash
+# PM2 logs
+pm2 logs vigilanza-turni --lines 200
+
+# Nginx logs
+sudo tail -f /var/log/nginx/vigilanza-turni-error.log
+sudo tail -f /var/log/nginx/vigilanza-turni-access.log
+
+# System logs
+sudo journalctl -u nginx -f
+sudo journalctl -xe
+```
+
+### Comandi Rapidi
+
+```bash
+# Restart completo
+pm2 restart vigilanza-turni && sudo systemctl reload nginx
+
+# Deploy forzato
+cd /var/www/vigilanza-turni && git pull && bash deploy/deploy.sh
+
+# Clear cache PM2
+pm2 delete vigilanza-turni
+pm2 start npm --name vigilanza-turni -- start
+pm2 save
+```
+
+---
+
+## ✅ Checklist Post-Deployment
+
+- [ ] Applicazione accessibile su https://tuodominio.it
+- [ ] SSL certificate valido (lucchetto verde)
+- [ ] Login funzionante
+- [ ] Database connesso
+- [ ] Logs puliti (no errori critici)
+- [ ] PM2 status: online
+- [ ] Backup database configurato
+- [ ] Monitoring attivo
+
+---
+
+**Ultima modifica:** 2025-10-11  
+**Versione:** 1.0

QUICKSTART-DEPLOYMENT.md

@@ -0,0 +1,172 @@
+# 🚀 Quick Start - Deployment VigilanzaTurni
+
+Guida rapida per deployment da Replit → GitLab → Server AlmaLinux 9
+
+## 📝 Checklist Pre-Deployment
+
+- [ ] Server AlmaLinux 9 disponibile (min 2GB RAM)
+- [ ] Dominio configurato (es. vigilanza.tuodominio.it)
+- [ ] Account GitLab su git.alfacom.it
+- [ ] SSH access al server
+
+---
+
+## ⚡ Setup Rapido (15 minuti)
+
+### 1️⃣ Setup Server (5 min)
+
+```bash
+# SSH nel server
+ssh root@ip-del-server
+
+# Download e esegui setup automatico
+curl -o setup.sh https://git.alfacom.it/marco/VigilanzaTurni/-/raw/main/deploy/setup-server.sh
+chmod +x setup.sh
+sudo bash setup.sh
+
+# ⚠️ IMPORTANTE: Salva la password PostgreSQL mostrata!
+```
+
+### 2️⃣ Configura GitLab CI/CD (3 min)
+
+**Genera SSH Key:**
+```bash
+# Sul tuo PC
+ssh-keygen -t ed25519 -C "gitlab-deploy" -f ~/.ssh/gitlab-deploy
+ssh-copy-id -i ~/.ssh/gitlab-deploy.pub root@ip-del-server
+cat ~/.ssh/gitlab-deploy  # Copia output
+```
+
+**GitLab → Settings → CI/CD → Variables:**
+
+| Nome | Valore |
+|------|--------|
+| `SSH_PRIVATE_KEY` | [chiave privata copiata sopra] |
+| `DEPLOY_HOST` | ip-del-server |
+| `DEPLOY_USER` | root |
+| `DEPLOY_DOMAIN` | vigilanza.tuodominio.it |
+
+### 3️⃣ Configura Replit (2 min)
+
+```bash
+# In Replit Shell
+git remote add production https://git.alfacom.it/marco/VigilanzaTurni.git
+
+# Crea Personal Access Token su GitLab e salvalo in Replit Secrets
+# GitLab → User Settings → Access Tokens → write_repository
+```
+
+### 4️⃣ Configura Server .env (3 min)
+
+```bash
+# Sul server
+cd /var/www/vigilanza-turni
+
+# Clone iniziale
+git clone https://git.alfacom.it/marco/VigilanzaTurni.git .
+
+# Crea .env
+cp .env.production.example .env
+nano .env
+```
+
+**Inserisci:**
+```bash
+# Password DB dal setup (vedi /root/.vigilanza_db_password)
+DATABASE_URL=postgresql://vigilanza_user:PASSWORD_GENERATA@localhost:5432/vigilanza_turni
+SESSION_SECRET=$(openssl rand -base64 32)
+REPLIT_DOMAINS=vigilanza.tuodominio.it
+```
+
+### 5️⃣ Nginx e SSL (2 min)
+
+```bash
+# Copia config Nginx
+sudo cp deploy/nginx.conf /etc/nginx/conf.d/vigilanza-turni.conf
+
+# Modifica con il tuo dominio
+sudo nano /etc/nginx/conf.d/vigilanza-turni.conf
+# Sostituisci "tuodominio.it" → "vigilanza.tuodominio.it"
+
+# Test e reload
+sudo nginx -t
+sudo systemctl reload nginx
+
+# SSL Certificate
+sudo certbot --nginx -d vigilanza.tuodominio.it
+```
+
+### 6️⃣ Primo Deploy (1 min)
+
+```bash
+# Sul server
+cd /var/www/vigilanza-turni
+bash deploy/deploy.sh
+```
+
+---
+
+## 🔄 Workflow Quotidiano
+
+### Da Replit → Produzione
+
+```bash
+# 1. Fai modifiche in Replit
+# 2. Push a GitLab
+bash push-to-gitlab.sh
+
+# 3. Vai su GitLab
+https://git.alfacom.it/marco/VigilanzaTurni/-/pipelines
+
+# 4. Clicca su "deploy_production" quando pronto
+```
+
+---
+
+## 📊 Comandi Utili
+
+```bash
+# Status applicazione
+pm2 status
+
+# Logs real-time
+pm2 logs vigilanza-turni
+
+# Restart
+pm2 restart vigilanza-turni
+
+# Backup database
+sudo -u postgres pg_dump vigilanza_turni > backup_$(date +%Y%m%d).sql
+```
+
+---
+
+## 🆘 Problemi Comuni
+
+**App non risponde:**
+```bash
+pm2 restart vigilanza-turni
+sudo systemctl reload nginx
+```
+
+**Errore database:**
+```bash
+# Verifica password in .env corrisponde a quella in /root/.vigilanza_db_password
+cat /root/.vigilanza_db_password
+```
+
+**SSL scaduto:**
+```bash
+sudo certbot renew
+sudo systemctl reload nginx
+```
+
+---
+
+## 📚 Documentazione Completa
+
+Per dettagli completi: [DEPLOYMENT.md](./DEPLOYMENT.md)
+
+---
+
+**Setup completato?** ✅ Vai su https://vigilanza.tuodominio.it

deploy/deploy.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+set -e
+
+# Script di deployment automatico per VigilanzaTurni
+# Eseguito da GitLab CI/CD Runner
+
+APP_DIR="/var/www/vigilanza-turni"
+APP_NAME="vigilanza-turni"
+
+echo "🚀 Deployment VigilanzaTurni - $(date)"
+
+# Vai alla directory applicazione
+cd $APP_DIR
+
+# Pull ultime modifiche (già fatto da GitLab Runner)
+echo "📦 Repository aggiornato"
+
+# Installa TUTTE le dipendenze (serve per build e migrations)
+echo "📥 Installazione dipendenze (include devDependencies)..."
+npm ci
+
+# Build frontend
+echo "🏗️  Build frontend Vite..."
+export NODE_ENV=production
+npm run build
+
+# Database migrations (serve Drizzle che è devDependency)
+echo "🗄️  Verifica database schema..."
+npm run db:push || true
+
+# Rimuovi devDependencies dopo build e migrations
+echo "🧹 Pulizia devDependencies (mantiene solo production)..."
+npm prune --production
+
+# Restart applicazione con PM2
+echo "🔄 Restart applicazione..."
+if pm2 show $APP_NAME > /dev/null 2>&1; then
+    pm2 reload $APP_NAME --update-env
+else
+    pm2 start npm --name $APP_NAME -- start
+    pm2 save
+fi
+
+# Health check
+echo "🏥 Health check..."
+sleep 5
+if pm2 show $APP_NAME | grep -q "online"; then
+    echo "✅ Deployment completato con successo!"
+    pm2 logs $APP_NAME --lines 20 --nostream
+else
+    echo "❌ Errore: applicazione non online"
+    pm2 logs $APP_NAME --lines 50 --nostream
+    exit 1
+fi
+
+echo "📊 Status PM2:"
+pm2 status

deploy/nginx.conf

@@ -0,0 +1,91 @@
+# Configurazione Nginx per VigilanzaTurni
+# Salvare in: /etc/nginx/conf.d/vigilanza-turni.conf
+
+upstream vigilanza_backend {
+    server 127.0.0.1:5000;
+    keepalive 64;
+}
+
+# HTTP → HTTPS redirect
+server {
+    listen 80;
+    listen [::]:80;
+    server_name tuodominio.it www.tuodominio.it;
+
+    # Let's Encrypt challenge
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS Server
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name tuodominio.it www.tuodominio.it;
+
+    # SSL Certificate (generato da certbot)
+    ssl_certificate /etc/letsencrypt/live/tuodominio.it/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/tuodominio.it/privkey.pem;
+
+    # SSL Security
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    # Security Headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # Logs
+    access_log /var/log/nginx/vigilanza-turni-access.log;
+    error_log /var/log/nginx/vigilanza-turni-error.log;
+
+    # Client max body size (per upload)
+    client_max_body_size 10M;
+
+    # Proxy to Node.js backend
+    location / {
+        proxy_pass http://vigilanza_backend;
+        proxy_http_version 1.1;
+        
+        # Headers
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+        
+        # Cache bypass
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    # Static assets (dopo build Vite)
+    location /assets/ {
+        alias /var/www/vigilanza-turni/dist/public/assets/;
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    # Gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1000;
+    gzip_types text/plain text/css text/xml text/javascript 
+               application/json application/javascript application/xml+rss 
+               application/x-font-ttf font/opentype image/svg+xml;
+}

deploy/setup-server.sh

@@ -0,0 +1,120 @@
+#!/bin/bash
+set -e
+
+echo "================================================"
+echo "Setup VigilanzaTurni su AlmaLinux 9"
+echo "================================================"
+
+# Colori per output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Funzione di log
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Verifica root
+if [ "$EUID" -ne 0 ]; then 
+    log_error "Esegui questo script come root: sudo bash setup-server.sh"
+    exit 1
+fi
+
+log_info "Aggiornamento sistema..."
+dnf update -y
+
+# =================== NODE.JS 20 ===================
+log_info "Installazione Node.js 20 LTS..."
+dnf module reset nodejs -y
+dnf module enable nodejs:20 -y
+dnf install nodejs -y
+node --version
+npm --version
+
+# =================== POSTGRESQL 15 ===================
+log_info "Installazione PostgreSQL 15..."
+dnf install -y postgresql15-server postgresql15-contrib
+postgresql-setup --initdb
+systemctl enable postgresql
+systemctl start postgresql
+
+# Generazione password sicura PostgreSQL
+DB_PASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-25)
+
+# Creazione database e utente
+log_info "Configurazione database..."
+sudo -u postgres psql << EOF
+CREATE DATABASE vigilanza_turni;
+CREATE USER vigilanza_user WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
+GRANT ALL PRIVILEGES ON DATABASE vigilanza_turni TO vigilanza_user;
+\c vigilanza_turni
+GRANT ALL ON SCHEMA public TO vigilanza_user;
+EOF
+
+# Salva password in file sicuro
+echo "PGPASSWORD=${DB_PASSWORD}" > /root/.vigilanza_db_password
+chmod 600 /root/.vigilanza_db_password
+log_info "Password PostgreSQL salvata in: /root/.vigilanza_db_password"
+
+# Configurazione PostgreSQL per connessioni locali
+log_info "Configurazione autenticazione PostgreSQL..."
+PG_HBA="/var/lib/pgsql/data/pg_hba.conf"
+sed -i 's/ident$/md5/' $PG_HBA
+systemctl restart postgresql
+
+# =================== PM2 (Process Manager) ===================
+log_info "Installazione PM2..."
+npm install -g pm2
+pm2 startup systemd -u root --hp /root
+
+# =================== NGINX ===================
+log_info "Installazione Nginx..."
+dnf install -y nginx
+systemctl enable nginx
+
+# =================== GIT ===================
+log_info "Installazione Git..."
+dnf install -y git
+
+# =================== DIRECTORY APPLICAZIONE ===================
+log_info "Creazione directory applicazione..."
+mkdir -p /var/www/vigilanza-turni
+chown -R root:root /var/www/vigilanza-turni
+
+# =================== FIREWALL ===================
+log_info "Configurazione Firewall..."
+firewall-cmd --permanent --add-service=http
+firewall-cmd --permanent --add-service=https
+firewall-cmd --reload
+
+# =================== SSL CERTIFICATE (Let's Encrypt) ===================
+log_info "Installazione Certbot per SSL..."
+dnf install -y certbot python3-certbot-nginx
+
+log_info ""
+log_info "================================================"
+log_info "Setup completato con successo!"
+log_info "================================================"
+log_info ""
+log_warn "PROSSIMI PASSI:"
+echo "1. Configura il DNS per puntare questo server"
+echo "2. Copia DATABASE_URL qui sotto nel file /var/www/vigilanza-turni/.env"
+echo "3. Ottieni certificato SSL: sudo certbot --nginx -d tuodominio.it"
+echo "4. Esegui il primo deployment con GitLab CI/CD"
+echo ""
+log_warn "⚠️  IMPORTANTE - Salva questa password (disponibile in /root/.vigilanza_db_password):"
+echo ""
+log_info "DATABASE_URL per .env:"
+echo "postgresql://vigilanza_user:${DB_PASSWORD}@localhost:5432/vigilanza_turni"
+echo ""
+log_warn "Password PostgreSQL generata automaticamente: ${DB_PASSWORD}"

push-to-gitlab.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# Script helper per push automatico verso GitLab da Replit
+
+set -e
+
+# Colori
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+echo -e "${GREEN}🚀 Push to GitLab Production${NC}"
+echo "========================================"
+
+# Verifica se ci sono modifiche
+if [[ -z $(git status -s) ]]; then
+    echo -e "${YELLOW}⚠️  Nessuna modifica da committare${NC}"
+    exit 0
+fi
+
+# Mostra status
+echo -e "\n${YELLOW}📋 Modifiche da committare:${NC}"
+git status -s
+
+# Chiedi conferma
+read -p "Vuoi procedere con il push? (y/N) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+    echo -e "${RED}❌ Push annullato${NC}"
+    exit 1
+fi
+
+# Genera messaggio commit
+TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
+COMMIT_MSG="Deploy: $TIMESTAMP"
+
+# Chiedi messaggio personalizzato
+read -p "Messaggio commit personalizzato (Enter per default): " CUSTOM_MSG
+if [[ ! -z "$CUSTOM_MSG" ]]; then
+    COMMIT_MSG="$CUSTOM_MSG"
+fi
+
+# Git operations
+echo -e "\n${GREEN}📦 Git add...${NC}"
+git add .
+
+echo -e "${GREEN}💾 Git commit...${NC}"
+git commit -m "$COMMIT_MSG"
+
+echo -e "${GREEN}📤 Git push to production...${NC}"
+git push production main
+
+echo -e "\n${GREEN}✅ Push completato!${NC}"
+echo "========================================"
+echo -e "${YELLOW}Prossimi passi:${NC}"
+echo "1. Vai su GitLab: https://git.alfacom.it/marco/VigilanzaTurni/-/pipelines"
+echo "2. La pipeline CI/CD partirà automaticamente"
+echo "3. Clicca su 'deploy_production' per deployare su server"
+echo ""

replit.md

@@ -312,6 +312,41 @@ All interactive elements have `data-testid` attributes for automated testing.
   - Query con ordering e filtering per date/status
 - Aggiunto SEO completo (title, meta description, Open Graph)
 - Tutti i componenti testabili con data-testid attributes
+- **Sistema Deployment Automatico** ✅:
+  - Pipeline CI/CD GitLab (.gitlab-ci.yml) con stages build/test/deploy
+  - Script setup server AlmaLinux 9 (deploy/setup-server.sh)
+  - Script deployment automatico (deploy/deploy.sh)
+  - Configurazione Nginx reverse proxy con SSL
+  - Password PostgreSQL autogenerata (sicurezza)
+  - Workflow: Replit → GitLab → CI/CD → Server produzione
+  - Documentazione completa (DEPLOYMENT.md, QUICKSTART-DEPLOYMENT.md)
+  - Helper script push-to-gitlab.sh per deployment rapido
+
+## Deployment
+
+### Setup Produzione
+Il sistema supporta deployment automatico su server AlmaLinux 9 tramite GitLab CI/CD:
+
+**Workflow Deployment:**
+```
+Replit (modifiche) → Git Push → GitLab CI/CD → Deploy Server
+```
+
+**File Deployment:**
+- `.gitlab-ci.yml` - Pipeline CI/CD (build, test, deploy, rollback)
+- `deploy/setup-server.sh` - Setup iniziale server (Node, PostgreSQL, Nginx, PM2)
+- `deploy/deploy.sh` - Script deployment automatico
+- `deploy/nginx.conf` - Configurazione reverse proxy
+- `.env.production.example` - Template variabili ambiente produzione
+
+**Documentazione:**
+- `DEPLOYMENT.md` - Guida completa step-by-step
+- `QUICKSTART-DEPLOYMENT.md` - Setup rapido 15 minuti
+
+**Security:**
+- Password PostgreSQL autogenerata (non hard-coded)
+- SSL/TLS con Let's Encrypt
+- Firewall configurato automaticamente
 
 ## Future Enhancements
 
@@ -337,3 +372,7 @@ All interactive elements have `data-testid` attributes for automated testing.
 - Dark mode di default
 - Design operativo e funzionale (non decorativo)
 - Focus su efficienza e densità informativa
+
+
+Test
+1