diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..43dc098
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,68 @@
+stages:
+  - build
+  - publish
+  - deploy
+
+variables:
+  REGISTRY: registry.gitlab.com/$CI_PROJECT_PATH
+
+# ---------- BUILD ----------
+build-rag:
+  stage: build
+  image: eclipse-temurin:25-jdk-alpine
+  cache:
+    key: "${CI_COMMIT_REF_SLUG}-rag"
+    paths:
+      - rag-service/.m2/repository
+  script:
+    - cd rag-service
+    - chmod +x mvnw
+    - ./mvnw package -DskipTests -B -Dmaven.repo.local=.m2/repository
+  artifacts:
+    paths:
+      - rag-service/target/*.jar
+    expire_in: 1h
+
+# ---------- PUBLISH DOCKER IMAGE ----------
+publish-rag:
+  stage: publish
+  image: docker:27
+  services:
+    - docker:27-dind
+  variables:
+    DOCKER_TLS_CERTDIR: ""
+  before_script:
+    - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin
+  script:
+    - docker build -t $REGISTRY/rag-service:${CI_COMMIT_SHORT_SHA} -t $REGISTRY/rag-service:latest rag-service/
+    - docker push $REGISTRY/rag-service:${CI_COMMIT_SHORT_SHA}
+    - docker push $REGISTRY/rag-service:latest
+  needs: [build-rag]
+
+# ---------- DEPLOY TO VPS ----------
+deploy:
+  stage: deploy
+  image: alpine:3.20
+  needs: [publish-rag]
+  only:
+    - main
+  before_script:
+    - apk add --no-cache openssh-client
+    - mkdir -p ~/.ssh
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
+    - chmod 600 ~/.ssh/id_ed25519
+    - ssh-keyscan -H $VPS_HOST >> ~/.ssh/known_hosts
+  script:
+    - |
+      ssh $VPS_USER@$VPS_HOST << ENDSSH
+        set -e
+        echo "$CI_REGISTRY_PASSWORD" | docker login registry.gitlab.com -u "$CI_REGISTRY_USER" --password-stdin
+        cd /opt/services
+        export CI_COMMIT_SHORT_SHA=${CI_COMMIT_SHORT_SHA}
+        docker compose -f docker-compose.yml -f docker-compose.prod.yml pull rag-service
+        docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d rag-service
+        docker image prune -f
+      ENDSSH
+  environment:
+    name: production
+    url: https://balexvic.com
\ No newline at end of file
diff --git a/rag-service/Dockerfile b/rag-service/Dockerfile
new file mode 100644
index 0000000..4e7fbe5
--- /dev/null
+++ b/rag-service/Dockerfile
@@ -0,0 +1,19 @@
+# Stage 1: Build
+FROM eclipse-temurin:25-jdk-alpine AS build
+WORKDIR /app
+COPY pom.xml .
+COPY .mvn .mvn
+COPY mvnw .
+RUN chmod +x mvnw && ./mvnw dependency:go-offline -B
+COPY src src
+RUN ./mvnw package -DskipTests -B
+
+# Stage 2: Run
+FROM eclipse-temurin:25-jdk-alpine
+WORKDIR /app
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+COPY --from=build /app/target/*.jar app.jar
+RUN chown appuser:appgroup app.jar
+USER appuser
+EXPOSE 8080
+ENTRYPOINT ["java", "-jar", "app.jar"]
\ No newline at end of file
diff --git a/rag-service/src/main/resources/application.properties b/rag-service/src/main/resources/application.properties
index 217b255..7bebe9e 100644
--- a/rag-service/src/main/resources/application.properties
+++ b/rag-service/src/main/resources/application.properties
@@ -1,5 +1,6 @@
 spring.application.name=rag
-spring.ai.ollama.base-url=http://localhost:11431
+#spring.ai.ollama.base-url=http://localhost:11431
+spring.ai.ollama.base-url=http://localhost:11434
 #spring.ai.ollama.chat.model=gemma3:4b-it-q4_K_M
 spring.ai.ollama.chat.model=llama3.1:8b-instruct-q4_K_M
 jwt.secret=ywfI6dBznYmHbokihB/OBzZz6E0Fj+6PiqrM8dQ5c3t0HeYarblCbOGM8vQtOt472AtQ+MsCH7OVIKHOzjrPsQ==