diff --git a/apache-ssl-config.conf b/apache-ssl-config.conf
new file mode 100644
index 0000000..b846b7c
--- /dev/null
+++ b/apache-ssl-config.conf
@@ -0,0 +1,64 @@
+# Harheimer TC Website - HTTPS VirtualHost
+# Speichern unter: /etc/apache2/sites-available/harheimertc.tsschulz.de-ssl.conf
+
+<VirtualHost *:443>
+    ServerName harheimertc.tsschulz.de
+    ServerAdmin admin@tsschulz.de
+
+    DocumentRoot /var/www/harheimertc/dist
+
+    ErrorLog ${APACHE_LOG_DIR}/harheimertc-ssl-error.log
+    CustomLog ${APACHE_LOG_DIR}/harheimertc-ssl-access.log combined
+
+    # SSL-Konfiguration
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/harheimertc.tsschulz.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/harheimertc.tsschulz.de/privkey.pem
+
+    # Moderne SSL-Konfiguration
+    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+    SSLHonorCipherOrder off
+    SSLSessionTickets off
+
+    # Security Headers
+    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+    Header always set X-Frame-Options DENY
+    Header always set X-Content-Type-Options nosniff
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
+
+    # SPA Fallback für Nuxt.js
+    <Directory "/var/www/harheimertc/dist">
+        Options Indexes FollowSymLinks
+        AllowOverride All
+        Require all granted
+        
+        # Fallback für Client-Side Routing
+        RewriteEngine On
+        RewriteBase /
+        RewriteRule ^index\.html$ - [L]
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteCond %{REQUEST_FILENAME} !-d
+        RewriteRule . /index.html [L]
+    </Directory>
+
+    # API-Routes für Nuxt Server (falls Server-Side Rendering verwendet wird)
+    ProxyPreserveHost On
+    ProxyPass /api/ http://localhost:3100/api/
+    ProxyPassReverse /api/ http://localhost:3100/api/
+</VirtualHost>
+
+# HTTP zu HTTPS Redirect
+<VirtualHost *:80>
+    ServerName harheimertc.tsschulz.de
+    ServerAdmin admin@tsschulz.de
+
+    ErrorLog ${APACHE_LOG_DIR}/harheimertc-redirect-error.log
+    CustomLog ${APACHE_LOG_DIR}/harheimertc-redirect-access.log combined
+
+    # Redirect zu HTTPS
+    RewriteEngine On
+    RewriteCond %{SERVER_NAME} =harheimertc.tsschulz.de
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
diff --git a/ecosystem.config.js b/ecosystem.config.js
new file mode 100644
index 0000000..98c13da
--- /dev/null
+++ b/ecosystem.config.js
@@ -0,0 +1,20 @@
+module.exports = {
+  apps: [{
+    name: 'harheimertc',
+    script: 'npm',
+    args: 'run start',
+    cwd: '/var/www/harheimertc',
+    instances: 1,
+    autorestart: true,
+    watch: false,
+    max_memory_restart: '1G',
+    env: {
+      NODE_ENV: 'production',
+      PORT: 3100
+    },
+    error_file: '/var/log/pm2/harheimertc-error.log',
+    out_file: '/var/log/pm2/harheimertc-out.log',
+    log_file: '/var/log/pm2/harheimertc-combined.log',
+    time: true
+  }]
+}
diff --git a/production-setup.sh b/production-setup.sh
new file mode 100644
index 0000000..0aa792f
--- /dev/null
+++ b/production-setup.sh
@@ -0,0 +1,68 @@
+# Harheimer TC - Production Server Setup
+# PM2 Konfiguration für Nuxt 3 Backend
+
+# PM2 installieren
+npm install -g pm2
+
+# Environment-Datei erstellen
+cat > .env.production << EOF
+NODE_ENV=production
+PORT=3100
+SMTP_HOST=your-smtp-host
+SMTP_PORT=587
+SMTP_USER=j.dichmann@gmx.de
+SMTP_PASS=your-password
+SMTP_FROM=j.dichmann@gmx.de
+SMTP_TO=j.dichmann@gmx.de
+EOF
+
+# PM2 Ecosystem-Datei erstellen
+cat > ecosystem.config.js << EOF
+module.exports = {
+  apps: [{
+    name: 'harheimertc',
+    script: 'npm',
+    args: 'run start',
+    cwd: '/var/www/harheimertc',
+    instances: 1,
+    autorestart: true,
+    watch: false,
+    max_memory_restart: '1G',
+    env: {
+      NODE_ENV: 'production',
+      PORT: 3100
+    },
+    error_file: '/var/log/pm2/harheimertc-error.log',
+    out_file: '/var/log/pm2/harheimertc-out.log',
+    log_file: '/var/log/pm2/harheimertc-combined.log',
+    time: true
+  }]
+}
+EOF
+
+# PM2 starten
+pm2 start ecosystem.config.js
+pm2 save
+pm2 startup
+
+# Apache-Konfiguration für Backend-Proxy
+cat > /etc/apache2/sites-available/harheimertc-api.tsschulz.de.conf << EOF
+<VirtualHost *:443>
+    ServerName harheimertc-api.tsschulz.de
+    ServerAdmin admin@tsschulz.de
+
+    # SSL-Konfiguration
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/harheimertc-api.tsschulz.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/harheimertc-api.tsschulz.de/privkey.pem
+
+    # Proxy zu Nuxt Backend
+    ProxyPreserveHost On
+    ProxyPass / http://localhost:3100/
+    ProxyPassReverse / http://localhost:3100/
+
+    # Logs
+    ErrorLog \${APACHE_LOG_DIR}/harheimertc-api-error.log
+    CustomLog \${APACHE_LOG_DIR}/harheimertc-api-access.log combined
+</VirtualHost>
+EOF