diff --git a/CHECK_SERVICES.md b/CHECK_SERVICES.md
new file mode 100644
index 0000000..a6a2bf0
--- /dev/null
+++ b/CHECK_SERVICES.md
@@ -0,0 +1,213 @@
+# Services überprüfen und verwalten
+
+## Backend-Service Status prüfen
+
+Das Deploy-Script verwendet **PM2** als Standard. Hier die Befehle:
+
+### Mit PM2 (Standard)
+
+```bash
+# Status anzeigen
+pm2 status
+
+# Detaillierte Info
+pm2 info timeclock-backend
+
+# Ist der Service laufend?
+pm2 list | grep timeclock-backend
+
+# Logs ansehen
+pm2 logs timeclock-backend
+
+# Letzten 50 Zeilen
+pm2 logs timeclock-backend --lines 50
+```
+
+### Backend manuell starten (falls nicht laufend)
+
+```bash
+cd /var/www/timeclock/backend
+pm2 start src/index.js --name timeclock-backend --env production
+pm2 save
+```
+
+### Mit systemd (falls PM2 nicht verwendet)
+
+```bash
+# Status prüfen
+sudo systemctl status timeclock
+
+# Ist der Service aktiv?
+systemctl is-active timeclock
+
+# Logs ansehen
+sudo journalctl -u timeclock -f
+```
+
+---
+
+## Alle Services überprüfen
+
+### Kompletter Status-Check
+
+```bash
+# Backend (PM2)
+echo "=== Backend (PM2) ==="
+pm2 status
+
+# Apache2
+echo ""
+echo "=== Apache2 ==="
+sudo systemctl status apache2 --no-pager | head -n 15
+
+# Backend-Health-Check
+echo ""
+echo "=== Backend Health-Check ==="
+curl -s http://localhost:3010/api/health | jq || curl http://localhost:3010/api/health
+
+# Frontend erreichbar?
+echo ""
+echo "=== Frontend Check ==="
+curl -I https://stechuhr3.tsschulz.de 2>/dev/null | head -n 5
+```
+
+### Oder mit dem Deploy-Script
+
+```bash
+cd /var/www/timeclock
+./deploy.sh status
+```
+
+---
+
+## Backend neu starten
+
+### Mit PM2
+
+```bash
+# Neustart
+pm2 restart timeclock-backend
+
+# Stoppen
+pm2 stop timeclock-backend
+
+# Starten
+pm2 start timeclock-backend
+
+# Löschen und neu starten
+pm2 delete timeclock-backend
+cd /var/www/timeclock/backend
+pm2 start src/index.js --name timeclock-backend --env production
+pm2 save
+```
+
+### Mit systemd
+
+```bash
+sudo systemctl restart timeclock
+sudo systemctl stop timeclock
+sudo systemctl start timeclock
+```
+
+---
+
+## Troubleshooting
+
+### Backend läuft nicht
+
+1. **Prüfe Logs:**
+   ```bash
+   pm2 logs timeclock-backend --err
+   ```
+
+2. **Prüfe .env Datei:**
+   ```bash
+   cat /var/www/timeclock/backend/.env
+   ```
+
+3. **Prüfe Port-Belegung:**
+   ```bash
+   sudo netstat -tulpn | grep 3010
+   # oder
+   sudo lsof -i :3010
+   ```
+
+4. **Prüfe Datenbank-Verbindung:**
+   ```bash
+   mysql -h tsschulz.de -u stechuhr2 -p stechuhr2 -e "SHOW TABLES;"
+   ```
+
+5. **Manuell starten (Debug):**
+   ```bash
+   cd /var/www/timeclock/backend
+   node src/index.js
+   # Siehst du Fehler?
+   ```
+
+### Backend startet, aber API antwortet nicht
+
+1. **Health-Check direkt:**
+   ```bash
+   curl http://localhost:3010/api/health
+   ```
+
+2. **Apache Proxy prüfen:**
+   ```bash
+   # Ist Proxy-Modul aktiv?
+   apache2ctl -M | grep proxy
+   
+   # Apache Error-Log
+   sudo tail -f /var/log/apache2/stechuhr3-error.log
+   ```
+
+3. **Firewall prüfen:**
+   ```bash
+   sudo ufw status
+   ```
+
+---
+
+## Monitoring einrichten
+
+### PM2 Monitoring
+
+```bash
+# Real-time Monitoring
+pm2 monit
+
+# Web-Dashboard (PM2 Plus)
+pm2 plus
+```
+
+### Automatischer Neustart bei Absturz
+
+PM2 startet automatisch neu. Konfiguration:
+
+```bash
+pm2 startup systemd
+# Führe den angezeigten Befehl aus
+pm2 save
+```
+
+### Health-Check Cronjob
+
+Siehe `scripts/health-check.sh` für automatisches Monitoring!
+
+---
+
+## Schnell-Befehle
+
+```bash
+# Alles prüfen
+./deploy.sh status
+
+# Logs live ansehen
+./deploy.sh logs
+
+# Backend neu starten
+pm2 restart timeclock-backend
+
+# Apache neu starten
+sudo systemctl restart apache2
+```
+
diff --git a/deployment-configs/INSTALL_CONFIGS.sh b/deployment-configs/INSTALL_CONFIGS.sh
new file mode 100755
index 0000000..3baef85
--- /dev/null
+++ b/deployment-configs/INSTALL_CONFIGS.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# =============================================================================
+# TimeClock v3 - Apache-Konfiguration installieren
+# =============================================================================
+
+set -e
+
+echo "🚀 Installiere TimeClock Apache-Konfiguration..."
+
+# 1. SSLStapling global aktivieren
+echo "📝 Konfiguriere SSLStapling..."
+if ! grep -q "SSLStaplingCache" /etc/apache2/mods-available/ssl.conf; then
+    sudo sed -i '/<\/IfModule>/i \    # OCSP Stapling Cache\n    SSLStaplingCache shmcb:\/var\/run\/ocsp(128000)' /etc/apache2/mods-available/ssl.conf
+    echo "✅ SSLStapling konfiguriert"
+else
+    echo "✅ SSLStapling bereits konfiguriert"
+fi
+
+# 2. Kopiere HTTP-Config
+echo "📝 Kopiere HTTP-VirtualHost..."
+sudo cp stechuhr3.tsschulz.de.conf /etc/apache2/sites-available/
+
+# 3. Kopiere HTTPS-Config
+echo "📝 Kopiere HTTPS-VirtualHost..."
+sudo cp stechuhr3.tsschulz.de-le-ssl.conf /etc/apache2/sites-available/
+
+# 4. Aktiviere Sites (falls noch nicht aktiv)
+echo "📝 Aktiviere VirtualHosts..."
+sudo a2ensite stechuhr3.tsschulz.de 2>/dev/null || echo "✅ HTTP bereits aktiviert"
+sudo a2ensite stechuhr3.tsschulz.de-le-ssl 2>/dev/null || echo "✅ HTTPS bereits aktiviert"
+
+# 5. Teste Konfiguration
+echo "🔍 Teste Apache-Konfiguration..."
+sudo apache2ctl configtest
+
+# 6. Apache neustarten
+echo "🔄 Starte Apache neu..."
+sudo systemctl restart apache2
+
+# 7. Status prüfen
+echo ""
+echo "📊 Apache Status:"
+sudo systemctl status apache2 --no-pager | head -n 10
+
+echo ""
+echo "✅ Installation abgeschlossen!"
+echo ""
+echo "🌐 Teste deine App:"
+echo "   https://stechuhr3.tsschulz.de"
+echo "   https://stechuhr3.tsschulz.de/api/health"
+
+exit 0
+
diff --git a/deployment-configs/stechuhr3.tsschulz.de-le-ssl.conf b/deployment-configs/stechuhr3.tsschulz.de-le-ssl.conf
new file mode 100644
index 0000000..f357914
--- /dev/null
+++ b/deployment-configs/stechuhr3.tsschulz.de-le-ssl.conf
@@ -0,0 +1,128 @@
+# TimeClock v3 - HTTPS VirtualHost
+# Speichern unter: /etc/apache2/sites-available/stechuhr3.tsschulz.de-le-ssl.conf
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerName stechuhr3.tsschulz.de
+    ServerAdmin admin@tsschulz.de
+
+    # =================================================================
+    # Frontend (Vue.js SPA)
+    # =================================================================
+    DocumentRoot /var/www/timeclock/frontend/dist
+    
+    <Directory /var/www/timeclock/frontend/dist>
+        Options -Indexes +FollowSymLinks
+        AllowOverride All
+        Require all granted
+        
+        # SPA Fallback - alle Requests zu index.html
+        <IfModule mod_rewrite.c>
+            RewriteEngine On
+            RewriteBase /
+            RewriteRule ^index\.html$ - [L]
+            RewriteCond %{REQUEST_FILENAME} !-f
+            RewriteCond %{REQUEST_FILENAME} !-d
+            RewriteCond %{REQUEST_URI} !^/api
+            RewriteRule . /index.html [L]
+        </IfModule>
+    </Directory>
+
+    # =================================================================
+    # API Reverse Proxy zum Backend
+    # =================================================================
+    <IfModule mod_proxy.c>
+        ProxyPreserveHost On
+        ProxyRequests Off
+        ProxyTimeout 60
+        
+        # API Proxy
+        ProxyPass /api http://localhost:3010/api retry=0
+        ProxyPassReverse /api http://localhost:3010/api
+        
+        <Location /api>
+            # Proxy Headers
+            RequestHeader set X-Forwarded-Proto "https"
+            RequestHeader set X-Forwarded-Port "443"
+            RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+        </Location>
+    </IfModule>
+
+    # =================================================================
+    # Gzip Compression
+    # =================================================================
+    <IfModule mod_deflate.c>
+        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
+        AddOutputFilterByType DEFLATE application/javascript application/x-javascript application/json
+        AddOutputFilterByType DEFLATE application/xml application/xml+rss application/rss+xml
+        AddOutputFilterByType DEFLATE image/svg+xml
+        AddOutputFilterByType DEFLATE font/ttf font/woff font/woff2
+    </IfModule>
+
+    # =================================================================
+    # Security Headers
+    # =================================================================
+    <IfModule mod_headers.c>
+        Header always set X-Frame-Options "SAMEORIGIN"
+        Header always set X-Content-Type-Options "nosniff"
+        Header always set X-XSS-Protection "1; mode=block"
+        Header always set Referrer-Policy "strict-origin-when-cross-origin"
+        Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+    </IfModule>
+
+    # =================================================================
+    # Cache-Control
+    # =================================================================
+    # Cache für statische Assets
+    <FilesMatch "\.(js|css|png|jpg|jpeg|gif|ico|svg|webp|woff|woff2|ttf|eot)$">
+        <IfModule mod_headers.c>
+            Header set Cache-Control "public, max-age=31536000, immutable"
+        </IfModule>
+    </FilesMatch>
+    
+    # Kein Cache für HTML
+    <FilesMatch "\.(html|htm)$">
+        <IfModule mod_headers.c>
+            Header set Cache-Control "no-cache, no-store, must-revalidate"
+            Header set Pragma "no-cache"
+            Header set Expires "0"
+        </IfModule>
+    </FilesMatch>
+
+    # =================================================================
+    # Sicherheit: Verstecke sensible Dateien
+    # =================================================================
+    <DirectoryMatch "^\.|\/\.">
+        Require all denied
+    </DirectoryMatch>
+    
+    <FilesMatch "^\.">
+        Require all denied
+    </FilesMatch>
+    
+    <FilesMatch "\.env">
+        Require all denied
+    </FilesMatch>
+
+    # =================================================================
+    # Limits
+    # =================================================================
+    LimitRequestBody 10485760
+    TimeOut 300
+
+    # =================================================================
+    # Logging
+    # =================================================================
+    ErrorLog ${APACHE_LOG_DIR}/stechuhr3-error.log
+    CustomLog ${APACHE_LOG_DIR}/stechuhr3-access.log combined
+
+    # =================================================================
+    # SSL-Konfiguration (von Certbot verwaltet)
+    # =================================================================
+    SSLCertificateFile /etc/letsencrypt/live/stechuhr3.tsschulz.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/stechuhr3.tsschulz.de/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
+</IfModule>
+
diff --git a/deployment-configs/stechuhr3.tsschulz.de.conf b/deployment-configs/stechuhr3.tsschulz.de.conf
new file mode 100644
index 0000000..3918fd8
--- /dev/null
+++ b/deployment-configs/stechuhr3.tsschulz.de.conf
@@ -0,0 +1,18 @@
+# TimeClock v3 - HTTP VirtualHost
+# Speichern unter: /etc/apache2/sites-available/stechuhr3.tsschulz.de.conf
+
+<VirtualHost *:80>
+    ServerName stechuhr3.tsschulz.de
+    ServerAdmin admin@tsschulz.de
+
+    DocumentRoot /var/www/timeclock/frontend/dist
+
+    ErrorLog ${APACHE_LOG_DIR}/stechuhr3-error.log
+    CustomLog ${APACHE_LOG_DIR}/stechuhr3-access.log combined
+
+    # Redirect zu HTTPS
+    RewriteEngine On
+    RewriteCond %{SERVER_NAME} =stechuhr3.tsschulz.de
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
+