diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2cf2d84..50ab2b4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,7 @@
-stages: [install, build, deploy]
+stages:
+  - install
+  - build
+  - deploy
 
 variables:
   NODE_ENV: production
@@ -13,23 +16,25 @@ variables:
     - corepack prepare pnpm@9.12.0 --activate
     - pnpm -v
 
+# Cache node_modules für schnellere Builds
 cache:
   key: ${CI_COMMIT_REF_SLUG}
   paths:
     - node_modules/
 
+# 1) Dependencies installieren
 install:
   stage: install
   <<: *node_pnpm
   script:
     - echo "📦 Installing deps..."
-    # Nutze --frozen-lockfile nur, wenn pnpm-lock.yaml im Repo committed ist
     - if [ -f pnpm-lock.yaml ]; then pnpm install --frozen-lockfile --reporter=append-only; else pnpm install --reporter=append-only; fi
   artifacts:
     paths:
       - node_modules/
     expire_in: 1h
 
+# 2) Build erzeugen
 build:
   stage: build
   <<: *node_pnpm
@@ -42,22 +47,29 @@ build:
       - ${BUILD_DIR}/
     expire_in: 1 week
 
-.deploy_template: &deploy
+# 3) Template für FTPS-Deploy (lftp)
+.deploy_ftps_template: &deploy_ftps
   stage: deploy
   image: alpine:3.20
   before_script:
-    - apk add --no-cache openssh-client rsync
-    - mkdir -p ~/.ssh
-    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
-    - chmod 600 ~/.ssh/id_ed25519
-    - ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
+    - echo "📡 Installing lftp..."
+    - apk add --no-cache lftp
   script:
-    - rsync -az --delete ${BUILD_DIR}/ $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH
+    - echo "🚀 Deploy via FTPS to $FTP_HOST:$FTP_PATH ..."
+    - lftp -e "
+        set ftp:passive-mode true;
+        set ssl:verify-certificate no;
+        open -u $FTP_USER,$FTP_PASSWORD $FTP_HOST;
+        mirror -R --delete --parallel=4 ${BUILD_DIR}/ $FTP_PATH;
+        bye
+      "
+    - echo "✅ Deploy finished."
 
+# 3a) Staging-Deployment
 deploy:staging:
-  <<: *deploy
+  <<: *deploy_ftps
   variables:
-    DEPLOY_PATH: /www/htdocs/w020df28/projects/usbcheck/staging/
+    FTP_PATH: $FTP_PATH_STAGING
   environment:
     name: staging
     url: https://staging.usbcheck.it
@@ -65,36 +77,14 @@ deploy:staging:
     - develop
     - merge_requests
 
+# 3b) Production-Deployment
 deploy:production:
-  <<: *deploy
+  <<: *deploy_ftps
   variables:
-    DEPLOY_PATH: /www/htdocs/w020df28/projects/usbcheck/web/
+    FTP_PATH: $FTP_PATH_PROD
   environment:
     name: production
     url: https://www.usbcheck.it
   only:
     - main
   when: manual
-
-
-ssh:diagnose:
-  stage: deploy
-  image: alpine:3.20
-  script:
-    - apk add --no-cache openssh-client
-    - mkdir -p ~/.ssh && chmod 700 ~/.ssh
-    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
-    - chmod 600 ~/.ssh/id_ed25519
-
-    # zeige Fingerprint & public key (sollte zum KAS-Eintrag passen)
-    - echo "Public key derived from private key:"
-    - ssh-keygen -y -f ~/.ssh/id_ed25519 | tee /tmp/ci_pubkey.pub
-    - echo "Fingerprint:"; ssh-keygen -lf ~/.ssh/id_ed25519
-
-    # Hostkey anlernen
-    - ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
-
-    # Sehr ausführlicher Login-Test (ohne Befehl)
-    - echo "Trying SSH with -vvv..."
-    - ssh -vvv -o IdentitiesOnly=yes -o PreferredAuthentications=publickey $DEPLOY_USER@$DEPLOY_HOST 'echo OK'
-  when: manual