iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/roadmap/prod-env/02-godaddy-credentials.md
Murat ÖZDEMİR 8875af8e8a docs: fix roadmap and setup reference direction 
Remove setup runbook references from prod roadmap docs so roadmap remains design intent only. Keep setup-to-roadmap links, but normalize them to explicit relative paths.
2026-06-15 19:57:21 +03:00

67 lines
2.6 KiB
Markdown
Raw Blame History

# 02 — GoDaddy DNS Credentials for SWAG (Prod)
## Context
Same credential model as `../test-env/02-godaddy-credentials.md`, except the StorageBox path is `prod/` instead of `test/`.
## ⚠️ Security — Rotate credentials before use
If credentials were shared in any chat log, Slack message, or email, **revoke them immediately**:
1. Go to: https://developer.godaddy.com/keys
2. Revoke the exposed key
3. Create a new Production key pair
**Never commit credentials to the repository.**
## Step 1 — Add credentials to storagebox `.env.secrets.swag` (prod path)
Open the file at storagebox path:
```
prod/secrets/iklim.co/.env.secrets.swag
```
Add:
```bash
GODADDY_KEY=<your-new-api-key>
GODADDY_SECRET=<your-new-api-secret>
```
> `.env.secrets.swag` contains SWAG/GoDaddy credentials only.
> `.env.secrets.shared` contains AppRole IDs, DB passwords, and other runtime secrets — do not mix.
## Step 2 — Repo template file
Same file as test: `template/swag/dns-conf/godaddy.ini.tpl` (already created in test step 02). No additional action needed in the repo.
## Step 3 — (Handled by pipeline) Write credentials file on prod StorageBox path
The deploy pipeline (see `08-deploy-pipeline-update.md`) runs on iklim-app-01:
```bash
set -a; . ./.env; set +a
mkdir -p "$SWAG_DNS_CONFIG_DIR"
envsubst < template/swag/dns-conf/godaddy.ini.tpl > "$SWAG_DNS_CONFIG_DIR/godaddy.ini"
chmod 600 "$SWAG_DNS_CONFIG_DIR/godaddy.ini"
```
## Step 4 — GoDaddy A records for prod subdomains (handled by pipeline)
The deploy pipeline's **Update DNS Records** step automatically manages A records via GoDaddy API. It reads the Floating IP from the Gitea variable `vars.PROD_FLOATING_IP` — set this once in Gitea project settings.
To get the Floating IP: `terraform output prod_floating_ip`
| Record | Value |
|--------|-------|
| `api` | `vars.PROD_FLOATING_IP` |
| `apigw` | `vars.PROD_FLOATING_IP` |
| `rabbitmq` | `vars.PROD_FLOATING_IP` |
| `grafana` | `vars.PROD_FLOATING_IP` |
Logic: for each record, pipeline queries the current value via GoDaddy API. If already correct, it skips. Otherwise it creates/updates the record.
> The Floating IP is assigned to `iklim-app-01` by `terraform/hetzner/prod/floating_ip.tf`; use the production Terraform output for the `PROD_FLOATING_IP` value.
> If failover is needed, the Floating IP can be reassigned to another app node; DNS does not change.
## Notes
- Test and prod SWAG instances both obtain `*.iklim.co` independently from Let's Encrypt. There is no conflict — they use the same domain, different servers.
- `DNSPROPAGATION=90` handles GoDaddy's typical 30-90s propagation delay.
Reference in New Issue View Git Blame Copy Permalink