iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/roadmap/prod-env/02-godaddy-credentials.md
Murat ÖZDEMİR 5ddba7eba4 docs: update production roadmap for HA Vault and shared storage 
- Refactor production setup documentation to reflect a 3-node Vault Raft cluster starting from launch.
- Update all paths to use StorageBox mounts for shared state (SWAG config, TLS certs, Monitoring data).
- Switch Nginx configuration convention from proxy-confs to site-confs to align with SWAG's auto-include behavior.
- Standardize TLS private key extensions to .pem.
- Update node failover and recovery facts to include monitoring services.
- Align deployment pipeline instructions with the latest environment variable-driven approach.
2026-05-16 16:18:21 +03:00

2.0 KiB
Raw Blame History

02 — GoDaddy DNS Credentials for SWAG (Prod)

Context

Identical to test-env-setup/02, except the storagebox path is prod/ instead of test/.

⚠️ Security — Rotate credentials before use

If credentials were shared in any chat log, Slack message, or email, revoke them immediately:

  1. Go to: https://developer.godaddy.com/keys
  2. Revoke the exposed key
  3. Create a new Production key pair

Never commit credentials to the repository.

Step 1 — Add credentials to storagebox .env.secrets.shared (prod path)

Open the file at storagebox path:

prod/secrets/iklim.co/.env.secrets.shared

Add:

GODADDY_KEY=<your-new-api-key>
GODADDY_SECRET=<your-new-api-secret>

Step 2 — Repo template file

Same file as test: swag/dns-conf/godaddy.ini.tpl (already created in test step 02). No additional action needed in the repo.

Step 3 — (Handled by pipeline) Write credentials file on prod host

The deploy pipeline (see 08-deploy-pipeline-update.md) runs on iklim-app-01:

set -a; . ./.env; set +a
mkdir -p "$SWAG_DNS_CONF_DIR"
envsubst < swag/dns-conf/godaddy.ini.tpl > "$SWAG_DNS_CONF_DIR/godaddy.ini"
chmod 600 "$SWAG_DNS_CONF_DIR/godaddy.ini"

Step 4 — GoDaddy A records for prod subdomains

In GoDaddy DNS panel for iklim.co, add/update A records pointing to the Floating IP (iklim-prod-app-fip). To get the Floating IP value: terraform output prod_floating_ip

Record Value
api <iklim-prod-app-fip>
apigw <iklim-prod-app-fip>
rabbitmq <iklim-prod-app-fip>
grafana <iklim-prod-app-fip>

The Floating IP is assigned to iklim-app-01 (06-prod-terraform-iaac.mdfloating_ip.tf). If failover is needed, the Floating IP can be reassigned to another app node; DNS does not change.

Notes

  • Test and prod SWAG instances both obtain *.iklim.co independently from Let's Encrypt. There is no conflict — they use the same domain, different servers.
  • DNSPROPAGATION=90 handles GoDaddy's typical 30-90s propagation delay.