iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/roadmap/prod-env/02-godaddy-credentials.md
Murat ÖZDEMİR 76f87aa2f9 Integrate DB nodes into Swarm and refine prod service deployment 
- Database nodes now join the Docker Swarm as workers with `role=db` labels, allowing Swarm to manage their dedicated services.
- The `docker-stack-infra.yml` has been updated for production to focus solely on application-level infrastructure components.
- Dedicated database services (PostgreSQL, MongoDB, Patroni-etcd) are now explicitly deployed in separate Swarm stacks on `iklim-db-XX` nodes.
- Standardizes node naming conventions (`iklim-app-XX`, `iklim-db-XX`) across the production roadmap documentation.
- Clarifies that the `etcd` service within `docker-stack-infra.yml` is exclusively for APISIX configuration, distinct from Patroni's etcd cluster.
2026-05-11 14:53:21 +03:00

64 lines
2.1 KiB
Markdown
Raw Blame History

# 02 — GoDaddy DNS Credentials for SWAG (Prod)
## Context
Identical to test-env-setup/02, except the storagebox path is `prod/` instead of `test/`.
## ⚠️ Security — Rotate credentials before use
If credentials were shared in any chat log, Slack message, or email, **revoke them immediately**:
1. Go to: https://developer.godaddy.com/keys
2. Revoke the exposed key
3. Create a new Production key pair
**Never commit credentials to the repository.**
## Step 1 — Add credentials to storagebox `.env.secrets.shared` (prod path)
Open the file at storagebox path:
```
prod/secrets/iklim.co/.env.secrets.shared
```
Add:
```bash
GODADDY_KEY=<your-new-api-key>
GODADDY_SECRET=<your-new-api-secret>
```
## Step 2 — Repo template file
Same file as test: `swag/dns-conf/godaddy.ini.tpl` (already created in test step 02).
No additional action needed in the repo.
## Step 3 — (Handled by pipeline) Write credentials file on prod host
The deploy pipeline (see `08-deploy-pipeline-update.md`) runs on iklim-app-01:
```bash
mkdir -p /opt/iklimco/swag/dns-conf
envsubst < swag/dns-conf/godaddy.ini.tpl > /opt/iklimco/swag/dns-conf/godaddy.ini
chmod 600 /opt/iklimco/swag/dns-conf/godaddy.ini
```
## Step 4 — GoDaddy A records for prod subdomains
In GoDaddy DNS panel for `iklim.co`, add/update A records pointing to iklim-app-01's public IP:
| Record | Value |
|--------|-------|
| `api` | `<iklim-app-01-public-ip>` |
| `apigw` | `<iklim-app-01-public-ip>` |
| `rabbitmq` | `<iklim-app-01-public-ip>` |
| `grafana` | `<iklim-app-01-public-ip>` |
> Swarm's routing mesh means any node IP would work, but iklim-app-01 is the designated
> entry point (runs SWAG). Using a single IP keeps DNS simple.
>
> For HA: add a load balancer or use Hetzner's floating IP in front of the 3 service nodes.
> DNS then points to the floating IP. This is a future improvement.
## Notes
- Test and prod SWAG instances both obtain `*.iklim.co` independently from Let's Encrypt.
There is no conflict — they use the same domain, different servers.
- `DNSPROPAGATION=90` handles GoDaddy's typical 30-90s propagation delay.
Reference in New Issue View Git Blame Copy Permalink