iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/roadmap/prod-env/02-godaddy-credentials.md
Murat ÖZDEMİR 81c38e8d39 initial commit
2026-05-09 16:26:06 +03:00

64 lines
2.1 KiB
Markdown
Raw Blame History

# 02 — GoDaddy DNS Credentials for SWAG (Prod)
## Context
Identical to test-env-setup/02, except the storagebox path is `prod/` instead of `test/`.
## ⚠️ Security — Rotate credentials before use
If credentials were shared in any chat log, Slack message, or email, **revoke them immediately**:
1. Go to: https://developer.godaddy.com/keys
2. Revoke the exposed key
3. Create a new Production key pair
**Never commit credentials to the repository.**
## Step 1 — Add credentials to storagebox `.env.secrets.shared` (prod path)
Open the file at storagebox path:
```
prod/secrets/iklim.co/.env.secrets.shared
```
Add:
```bash
GODADDY_KEY=<your-new-api-key>
GODADDY_SECRET=<your-new-api-secret>
```
## Step 2 — Repo template file
Same file as test: `swag/dns-conf/godaddy.ini.tpl` (already created in test step 02).
No additional action needed in the repo.
## Step 3 — (Handled by pipeline) Write credentials file on prod host
The deploy pipeline (see `08-deploy-pipeline-update.md`) runs on service-1:
```bash
mkdir -p /opt/iklimco/swag/dns-conf
envsubst < swag/dns-conf/godaddy.ini.tpl > /opt/iklimco/swag/dns-conf/godaddy.ini
chmod 600 /opt/iklimco/swag/dns-conf/godaddy.ini
```
## Step 4 — GoDaddy A records for prod subdomains
In GoDaddy DNS panel for `iklim.co`, add/update A records pointing to service-1's public IP:
| Record | Value |
|--------|-------|
| `api` | `<service-1-public-ip>` |
| `apigw` | `<service-1-public-ip>` |
| `rabbitmq` | `<service-1-public-ip>` |
| `grafana` | `<service-1-public-ip>` |
> Swarm's routing mesh means any node IP would work, but service-1 is the designated
> entry point (runs SWAG). Using a single IP keeps DNS simple.
>
> For HA: add a load balancer or use Hetzner's floating IP in front of the 3 service nodes.
> DNS then points to the floating IP. This is a future improvement.
## Notes
- Test and prod SWAG instances both obtain `*.iklim.co` independently from Let's Encrypt.
There is no conflict — they use the same domain, different servers.
- `DNSPROPAGATION=90` handles GoDaddy's typical 30-90s propagation delay.
Reference in New Issue View Git Blame Copy Permalink