DNS Setup Guide for candivista.com

This guide will help you configure your domain name candivista.com to point to your VPS at 168.231.108.135.

DNS Configuration

Required DNS Records

You need to add the following DNS records in your domain registrar's DNS management panel:

A Records

Type: A
Name: @
Value: 168.231.108.135
TTL: 300 (or default)

Type: A  
Name: www
Value: 168.231.108.135
TTL: 300 (or default)

Optional CNAME Record (Alternative to www A record)

Type: CNAME
Name: www
Value: candivista.com
TTL: 300 (or default)

DNS Propagation

After adding these records:

  1. DNS changes can take 5 minutes to 48 hours to propagate globally
  2. You can check propagation status at: https://www.whatsmydns.net/
  3. Test locally with: nslookup candivista.com and nslookup www.candivista.com

SSL Certificate Setup

Option 1: Let's Encrypt (Recommended)

  1. Update your email in the SSL setup script:

    # Edit nginx/ssl-setup.sh
EMAIL="your-actual-email@example.com"

  2. Run the SSL setup:

    chmod +x nginx/ssl-setup.sh
./nginx/ssl-setup.sh

  3. Deploy with SSL:

    ./deploy-production.sh

Option 2: Cloudflare (Alternative)

If you prefer using Cloudflare:

  1. Add your domain to Cloudflare
  2. Point your nameservers to Cloudflare
  3. Enable SSL/TLS encryption mode: "Full (strict)"
  4. Update nginx configuration to use Cloudflare's origin certificates

Verification Steps

1. Check DNS Resolution

# Check A record
nslookup candivista.com
nslookup www.candivista.com

# Check from different locations
dig candivista.com @8.8.8.8
dig www.candivista.com @1.1.1.1

2. Test HTTP/HTTPS Access

# Test HTTP (should redirect to HTTPS)
curl -I http://candivista.com

# Test HTTPS
curl -I https://candivista.com

# Test www subdomain
curl -I https://www.candivista.com

3. SSL Certificate Verification

# Check SSL certificate
openssl s_client -connect candivista.com:443 -servername candivista.com

# Test SSL Labs rating
# Visit: https://www.ssllabs.com/ssltest/analyze.html?d=candivista.com

Troubleshooting

Common Issues

  1. DNS not resolving:

    • Wait for propagation (up to 48 hours)
    • Check DNS records are correct
    • Verify TTL settings

  2. SSL certificate issues:

    • Ensure domain points to your server before running SSL setup
    • Check firewall allows ports 80 and 443
    • Verify Let's Encrypt can reach your server

  3. Nginx not starting:

    • Check nginx configuration: nginx -t
    • Check logs: docker logs candidat-nginx
    • Verify SSL certificates exist

Useful Commands

# Check nginx configuration
docker exec candidat-nginx nginx -t

# View nginx logs
docker logs candidat-nginx

# Restart nginx
docker-compose restart nginx

# Check all services
docker-compose ps

# View all logs
docker-compose logs -f

Security Considerations

  1. Firewall Configuration:

    • Only allow ports 80, 443, and SSH (22)
    • Block direct access to backend ports (8083, 3000, 3306)

  2. SSL Security:

    • The nginx configuration includes modern SSL settings
    • HSTS is enabled for security
    • Regular certificate renewal is automated

  3. Rate Limiting:

    • API endpoints are rate limited
    • Admin endpoints have stricter limits
    • Connection limits per IP are enforced

Monitoring

Health Checks

  • Application health: https://candivista.com/health
  • Nginx status: https://candivista.com/nginx_status (internal only)

Log Monitoring

# Real-time access logs
docker exec candidat-nginx tail -f /var/log/nginx/access.log

# Error logs
docker exec candidat-nginx tail -f /var/log/nginx/error.log

# Application logs
docker-compose logs -f backend
docker-compose logs -f frontend

Next Steps

  1. Configure your domain DNS records as described above
  2. Wait for DNS propagation (check with whatsmydns.net)
  3. Update your email in the SSL setup script
  4. Run the deployment script to set up SSL and deploy
  5. Test your application at https://candivista.com
  6. Set up monitoring and regular backups