# 🏗️ PROXMOX BEST PRACTICES - NETGESCON ENTERPRISE

## 📋 CONFIGURAZIONE TEMPLATE BASE

### 1. Creazione Template Ubuntu 22.04 LTS

```bash
# Download ISO Ubuntu Server 22.04 LTS
wget https://releases.ubuntu.com/22.04/ubuntu-22.04.3-live-server-amd64.iso

# Configurazione VM Template (Proxmox Web UI)
VM ID: 9000
Nome: ubuntu-netgescon-template
ISO: ubuntu-22.04.3-live-server-amd64.iso
Tipo: Linux (Ubuntu)
```

### 2. Specifiche Hardware Template

```yaml
CPU:
  Cores: 2
  Type: host (migliori performance)
  
Memory:
  RAM: 4096 MB
  Ballooning: Disabilitato
  
Storage:
  Disk: 40 GB (virtio-scsi)
  Cache: Write back
  Format: qcow2
  
Network:
  Bridge: vmbr0
  Model: VirtIO (migliori performance)
  
BIOS:
  Type: OVMF (UEFI)
  Add EFI Disk: Sì
```

### 3. Installazione Ubuntu Ottimizzata

```bash
# Durante installazione Ubuntu:
Hostname: netgescon-template
Username: netgescon
Password: [password sicura]
SSH Server: ✓ Installa
Snap packages: □ Nessuno

# Partizionamento personalizzato:
/boot/efi: 512 MB (FAT32)
swap: 2 GB
/: resto del disco (ext4)
```

### 4. Post-Installazione Template

```bash
# Aggiornamento sistema
sudo apt update && sudo apt upgrade -y

# Installazione guest tools
sudo apt install -y qemu-guest-agent
sudo systemctl enable qemu-guest-agent
sudo systemctl start qemu-guest-agent

# Pulizia pre-template
sudo apt autoremove -y
sudo apt autoclean
sudo rm -rf /tmp/*
sudo rm -rf /var/tmp/*
history -c

# Shutdown per conversione template
sudo shutdown -h now
```

### 5. Conversione a Template

```bash
# In Proxmox shell
qm template 9000
```

## 🚀 DEPLOYMENT ARCHITETTURA 3-VM

### Configurazione Hardware Differenziata

#### VM-PRODUCTION (ID: 100)
```yaml
Name: netgescon-production
Memory: 6144 MB
CPU Cores: 4
Storage: 80 GB SSD
Network: vmbr0 + Firewall
Boot Order: 1 (auto-start)
Protection: ✓ (anti-delete)
Backup: Ogni 6 ore
```

#### VM-DEVELOPMENT (ID: 101)
```yaml
Name: netgescon-development  
Memory: 4096 MB
CPU Cores: 2
Storage: 60 GB
Network: vmbr0
Boot Order: 2
Git Repository: /var/git/netgescon.git
IDE: VS Code Server
```

#### VM-CLIENT-TEST (ID: 102)
```yaml
Name: netgescon-client-test
Memory: 3072 MB
CPU Cores: 2  
Storage: 40 GB
Network: vmbr1 (NAT - simula cliente)
Boot Order: 3
Purpose: Remote update testing
```

## 🔧 CONFIGURAZIONE NETWORK AVANZATA

### Bridge Configuration

```bash
# /etc/network/interfaces (Proxmox host)

# Bridge produzione (sicuro)
auto vmbr0
iface vmbr0 inet static
    address 192.168.1.10/24
    gateway 192.168.1.1
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

# Bridge sviluppo/test (isolato)
auto vmbr1  
iface vmbr1 inet static
    address 192.168.10.1/24
    bridge_ports none
    bridge_stp off
    bridge_fd 0
```

### Firewall Rules (Proxmox)

```bash
# Gruppo: netgescon-production
[group netgescon-production]
IN ACCEPT -p tcp --dport 22  # SSH
IN ACCEPT -p tcp --dport 80  # HTTP
IN ACCEPT -p tcp --dport 443 # HTTPS
IN DROP                      # Default deny

# Gruppo: netgescon-development
[group netgescon-development]
IN ACCEPT -p tcp --dport 22    # SSH
IN ACCEPT -p tcp --dport 8000  # Laravel dev
IN ACCEPT -p tcp --dport 3000  # Node dev server
IN ACCEPT -source 192.168.1.0/24 # Access da produzione

# Gruppo: netgescon-client
[group netgescon-client]
IN ACCEPT -p tcp --dport 22    # SSH
IN ACCEPT -p tcp --dport 80    # HTTP test
IN ACCEPT -source 192.168.1.100 # Solo da produzione
```

## 📊 MONITORING E BACKUP

### Backup Strategy

```bash
# Configurazione backup automatico Proxmox
vzdump 100 --mode snapshot --compress lzo --storage backup-storage --maxfiles 7
vzdump 101 --mode suspend --compress gzip --storage backup-storage --maxfiles 3  
vzdump 102 --mode stop --compress gzip --storage backup-storage --maxfiles 3

# Schedule crontab Proxmox
# Production: ogni 6 ore
0 */6 * * * vzdump 100 --mode snapshot --quiet 1

# Development: giornaliero  
0 2 * * * vzdump 101 --mode suspend --quiet 1

# Client test: settimanale
0 3 * * 0 vzdump 102 --mode stop --quiet 1
```

### Monitoring Setup

```bash
# Installazione monitoring tools su Proxmox
apt install -y prometheus-node-exporter
apt install -y grafana

# Configurazione alerts
cat > /etc/prometheus/alert.rules <<EOF
groups:
- name: netgescon
  rules:
  - alert: VMDown
    expr: up{job="netgescon"} == 0
    for: 5m
  - alert: HighCPU
    expr: 100 - (avg(irate(cpu_time_total[5m])) * 100) > 80
  - alert: HighMemory  
    expr: (memory_usage / memory_total) * 100 > 85
EOF
```

## 🔄 SINCRONIZZAZIONE E DEPLOYMENT

### Git Workflow Multi-VM

```bash
# Setup repository centrale su VM-PRODUCTION
git init --bare /var/git/netgescon.git

# Hook post-receive per auto-deploy
cat > /var/git/netgescon.git/hooks/post-receive <<'EOF'
#!/bin/bash
cd /var/www/netgescon/netgescon-laravel
git --git-dir=/var/git/netgescon.git --work-tree=/var/www/netgescon/netgescon-laravel checkout -f main
composer install --no-dev --optimize-autoloader
npm run build
php artisan migrate --force
systemctl reload nginx
EOF

chmod +x /var/git/netgescon.git/hooks/post-receive
```

### Automated Sync Script

```bash
#!/bin/bash
# /usr/local/bin/netgescon-sync.sh

PROD_IP="192.168.1.100"
DEV_IP="192.168.1.101"  
CLIENT_IP="192.168.1.102"

# Sync development to client for testing
rsync -avz --exclude='.git' --exclude='vendor' \
  netgescon@$DEV_IP:/var/www/netgescon/ \
  netgescon@$CLIENT_IP:/var/www/netgescon/

# Rebuild on client
ssh netgescon@$CLIENT_IP "cd /var/www/netgescon/netgescon-laravel && composer install && npm run build"

# Run tests
ssh netgescon@$CLIENT_IP "cd /var/www/netgescon/netgescon-laravel && php artisan test"
```

## 🛡️ SICUREZZA E HARDENING

### VM Security Best Practices

```bash
# Configurazione SSH sicura
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
echo "AllowUsers netgescon" >> /etc/ssh/sshd_config

# Firewall locale (ufw)
ufw --force enable
ufw default deny incoming
ufw allow from 192.168.1.0/24 to any port 22
ufw allow 80,443/tcp

# Fail2ban
apt install -y fail2ban
systemctl enable fail2ban

# Automatic security updates
apt install -y unattended-upgrades
echo 'Unattended-Upgrade::Automatic-Reboot "false";' >> /etc/apt/apt.conf.d/50unattended-upgrades
```

### SSL/TLS Configuration

```bash
# Certificati SSL con Let's Encrypt
apt install -y certbot python3-certbot-nginx

# Configurazione automatica SSL
certbot --nginx -d netgescon-prod.local --non-interactive --agree-tos --email admin@netgescon.local

# Auto-renewal
echo "0 12 * * * /usr/bin/certbot renew --quiet" | crontab -
```

## 📈 PERFORMANCE OPTIMIZATION

### Database Tuning

```bash
# MySQL configuration per NetGescon
cat > /etc/mysql/mysql.conf.d/netgescon.cnf <<EOF
[mysqld]
# NetGescon specific optimizations
innodb_buffer_pool_size = 2G
innodb_log_file_size = 256M
query_cache_size = 128M
query_cache_limit = 64M
max_connections = 200
tmp_table_size = 64M
max_heap_table_size = 64M
EOF
```

### PHP-FPM Optimization

```bash
# Pool configuration per VM
cat > /etc/php/8.2/fpm/pool.d/netgescon.conf <<EOF
[netgescon]
user = www-data
group = www-data
listen = /run/php/php8.2-fpm-netgescon.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 500
EOF
```

## 🎯 DEPLOYMENT CHECKLIST

### ✅ Pre-Deployment
- [ ] Template Ubuntu 22.04 creato e testato
- [ ] Proxmox backup storage configurato
- [ ] Network bridges configurati
- [ ] Firewall rules create
- [ ] Monitoring dashboard setup

### ✅ Deployment
- [ ] 3 VM create con script automatico
- [ ] SSH keys distribuite
- [ ] Git repository setup
- [ ] NetGescon installato su tutte le VM
- [ ] Database sincronizzato

### ✅ Post-Deployment  
- [ ] Backup automatici attivi
- [ ] Monitoring alerts configurati
- [ ] SSL certificati installati
- [ ] Performance tuning applicato
- [ ] Team access configurato

## 💡 TIPS & TRICKS PROXMOX

### Gestione Template
```bash
# Backup template per sicurezza
qm backup 9000 --storage backup-storage

# Update template (clona, aggiorna, riconverti)
qm clone 9000 9001 --full --name ubuntu-netgescon-template-update
# ... aggiornamenti ...
qm template 9001
qm destroy 9000
qm set 9001 --vmid 9000
```

### Resource Management
```bash
# Limite CPU e RAM dinamici
qm set 100 --memory 8192 --cores 6  # Scale up production
qm set 101 --memory 2048 --cores 1  # Scale down development

# Live migration tra nodi Proxmox
qm migrate 100 proxmox-node2 --online
```

### Troubleshooting
```bash
# Log VM
qm monitor 100
info status
info network

# Console accesso diretto
qm terminal 100

# Snapshot per testing
qm snapshot 102 test-before-update
# ... testing ...
qm rollback 102 test-before-update
```

---

## 🎉 RISULTATO FINALE

Con questa configurazione Proxmox avrai un'**architettura enterprise** per NetGescon che garantisce:

- ⚡ **Performance**: Hardware dedicato per ogni environment
- 🔒 **Sicurezza**: Isolamento e firewall avanzato  
- 🔄 **Scalabilità**: Facilmente espandibile
- 💾 **Backup**: Automatico e ridondante
- 👥 **Team Work**: Sviluppo parallelo senza conflitti
- 📊 **Monitoring**: Visibilità completa sistema

**Ready for production deployment!** 🚀