Add Linux deployment scripts

- deploy.sh: Publish and deploy from dev machine
- server-setup.sh: One-time Ubuntu server setup (Nginx, Docker, SQL Server)
- README.md: Deployment documentation and troubleshooting guide

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

deploy/README.md

@@ -0,0 +1,161 @@
+# TrueCV Deployment Guide
+
+## Quick Start
+
+### 1. Server Setup (run once on fresh Ubuntu server)
+
+```bash
+# Copy server-setup.sh to your server
+scp deploy/server-setup.sh user@your-server:/tmp/
+
+# SSH into server and run setup
+ssh user@your-server
+sudo bash /tmp/server-setup.sh
+```
+
+**Before running**, edit the script and update:
+- `DOMAIN` - Your domain name
+- `DB_PASSWORD` - Strong password for SQL Server
+- `ADMIN_EMAIL` - Email for SSL certificate notifications
+
+### 2. Deploy Application (run from dev machine)
+
+```bash
+# Edit deploy.sh and update configuration
+nano deploy/deploy.sh
+
+# Make executable and run
+chmod +x deploy/deploy.sh
+./deploy/deploy.sh
+```
+
+**Update these values in deploy.sh:**
+- `SERVER_USER` - SSH username
+- `SERVER_HOST` - Server hostname or IP
+- `DOMAIN` - Your domain name
+
+### 3. Enable SSL
+
+After DNS is configured and app is deployed:
+
+```bash
+ssh user@your-server
+sudo certbot --nginx -d truecv.yourdomain.com
+```
+
+## Configuration
+
+### Environment Variables
+
+The systemd service sets these environment variables:
+- `ASPNETCORE_ENVIRONMENT=Production`
+- `ASPNETCORE_URLS=http://localhost:5000`
+- `ConnectionStrings__DefaultConnection=...`
+
+To add more (like API keys), edit:
+```bash
+sudo systemctl edit truecv
+```
+
+Add:
+```ini
+[Service]
+Environment=OpenAI__ApiKey=your-key-here
+```
+
+### appsettings.Production.json
+
+For sensitive settings, create `/var/www/truecv/appsettings.Production.json`:
+
+```json
+{
+  "ConnectionStrings": {
+    "DefaultConnection": "Server=127.0.0.1;Database=TrueCV;User Id=SA;Password=YourPassword;TrustServerCertificate=True"
+  },
+  "OpenAI": {
+    "ApiKey": "your-openai-key"
+  }
+}
+```
+
+## Maintenance
+
+### View Logs
+```bash
+# Application logs
+sudo journalctl -u truecv -f
+
+# Nginx logs
+sudo tail -f /var/log/nginx/access.log
+sudo tail -f /var/log/nginx/error.log
+
+# SQL Server logs
+docker logs truecv-sql -f
+```
+
+### Restart Services
+```bash
+sudo systemctl restart truecv
+sudo systemctl restart nginx
+docker restart truecv-sql
+```
+
+### Database Backup
+```bash
+# Backup
+docker exec truecv-sql /opt/mssql-tools18/bin/sqlcmd \
+    -S localhost -U SA -P 'YourPassword' -C \
+    -Q "BACKUP DATABASE TrueCV TO DISK='/var/opt/mssql/backup/truecv.bak'"
+
+# Copy backup from container
+docker cp truecv-sql:/var/opt/mssql/backup/truecv.bak ./truecv-backup.bak
+```
+
+### Rollback Deployment
+```bash
+# On server - restore previous version
+sudo systemctl stop truecv
+sudo rm -rf /var/www/truecv
+sudo mv /var/www/truecv.backup.YYYYMMDD_HHMMSS /var/www/truecv
+sudo systemctl start truecv
+```
+
+## Troubleshooting
+
+### App won't start
+```bash
+# Check status
+sudo systemctl status truecv
+
+# Check logs
+sudo journalctl -u truecv -n 100
+
+# Test manually
+cd /var/www/truecv
+sudo -u www-data dotnet TrueCV.Web.dll
+```
+
+### Database connection issues
+```bash
+# Check SQL Server is running
+docker ps | grep truecv-sql
+
+# Test connection
+docker exec -it truecv-sql /opt/mssql-tools18/bin/sqlcmd \
+    -S localhost -U SA -P 'YourPassword' -C \
+    -Q "SELECT name FROM sys.databases"
+```
+
+### Blazor SignalR issues
+Ensure Nginx is configured for WebSocket support (included in setup script).
+
+Check browser console for connection errors.
+
+## Security Checklist
+
+- [ ] Change default SQL Server password
+- [ ] Enable SSL with Let's Encrypt
+- [ ] Configure firewall (UFW)
+- [ ] Set up automated backups
+- [ ] Enable fail2ban for SSH protection
+- [ ] Keep system updated regularly