# DNS Setup Guide for candivista.com This guide will help you configure your domain name `candivista.com` to point to your VPS at `168.231.108.135`. ## DNS Configuration ### Required DNS Records You need to add the following DNS records in your domain registrar's DNS management panel: #### A Records ``` Type: A Name: @ Value: 168.231.108.135 TTL: 300 (or default) Type: A Name: www Value: 168.231.108.135 TTL: 300 (or default) ``` #### Optional CNAME Record (Alternative to www A record) ``` Type: CNAME Name: www Value: candivista.com TTL: 300 (or default) ``` ### DNS Propagation After adding these records: 1. DNS changes can take 5 minutes to 48 hours to propagate globally 2. You can check propagation status at: https://www.whatsmydns.net/ 3. Test locally with: `nslookup candivista.com` and `nslookup www.candivista.com` ## SSL Certificate Setup ### Option 1: Let's Encrypt (Recommended) 1. **Update your email in the SSL setup script:** ```bash # Edit nginx/ssl-setup.sh EMAIL="your-actual-email@example.com" ``` 2. **Run the SSL setup:** ```bash chmod +x nginx/ssl-setup.sh ./nginx/ssl-setup.sh ``` 3. **Deploy with SSL:** ```bash ./deploy-production.sh ``` ### Option 2: Cloudflare (Alternative) If you prefer using Cloudflare: 1. **Add your domain to Cloudflare** 2. **Point your nameservers to Cloudflare** 3. **Enable SSL/TLS encryption mode: "Full (strict)"** 4. **Update nginx configuration to use Cloudflare's origin certificates** ## Verification Steps ### 1. Check DNS Resolution ```bash # Check A record nslookup candivista.com nslookup www.candivista.com # Check from different locations dig candivista.com @8.8.8.8 dig www.candivista.com @1.1.1.1 ``` ### 2. Test HTTP/HTTPS Access ```bash # Test HTTP (should redirect to HTTPS) curl -I http://candivista.com # Test HTTPS curl -I https://candivista.com # Test www subdomain curl -I https://www.candivista.com ``` ### 3. SSL Certificate Verification ```bash # Check SSL certificate openssl s_client -connect candivista.com:443 -servername candivista.com # Test SSL Labs rating # Visit: https://www.ssllabs.com/ssltest/analyze.html?d=candivista.com ``` ## Troubleshooting ### Common Issues 1. **DNS not resolving:** - Wait for propagation (up to 48 hours) - Check DNS records are correct - Verify TTL settings 2. **SSL certificate issues:** - Ensure domain points to your server before running SSL setup - Check firewall allows ports 80 and 443 - Verify Let's Encrypt can reach your server 3. **Nginx not starting:** - Check nginx configuration: `nginx -t` - Check logs: `docker logs candidat-nginx` - Verify SSL certificates exist ### Useful Commands ```bash # Check nginx configuration docker exec candidat-nginx nginx -t # View nginx logs docker logs candidat-nginx # Restart nginx docker-compose restart nginx # Check all services docker-compose ps # View all logs docker-compose logs -f ``` ## Security Considerations 1. **Firewall Configuration:** - Only allow ports 80, 443, and SSH (22) - Block direct access to backend ports (8083, 3000, 3306) 2. **SSL Security:** - The nginx configuration includes modern SSL settings - HSTS is enabled for security - Regular certificate renewal is automated 3. **Rate Limiting:** - API endpoints are rate limited - Admin endpoints have stricter limits - Connection limits per IP are enforced ## Monitoring ### Health Checks - Application health: `https://candivista.com/health` - Nginx status: `https://candivista.com/nginx_status` (internal only) ### Log Monitoring ```bash # Real-time access logs docker exec candidat-nginx tail -f /var/log/nginx/access.log # Error logs docker exec candidat-nginx tail -f /var/log/nginx/error.log # Application logs docker-compose logs -f backend docker-compose logs -f frontend ``` ## Next Steps 1. **Configure your domain DNS records** as described above 2. **Wait for DNS propagation** (check with whatsmydns.net) 3. **Update your email** in the SSL setup script 4. **Run the deployment script** to set up SSL and deploy 5. **Test your application** at https://candivista.com 6. **Set up monitoring** and regular backups