# DNS Setup Guide for candivista.com
This guide will help you configure your domain name `candivista.com` to point to your VPS at `168.231.108.135`.
## DNS Configuration
### Required DNS Records
You need to add the following DNS records in your domain registrar's DNS management panel:
#### A Records
```
Type: A
Name: @
Value: 168.231.108.135
TTL: 300 (or default)
Type: A
Name: www
Value: 168.231.108.135
TTL: 300 (or default)
```
#### Optional CNAME Record (Alternative to www A record)
```
Type: CNAME
Name: www
Value: candivista.com
TTL: 300 (or default)
```
### DNS Propagation
After adding these records:
1. DNS changes can take 5 minutes to 48 hours to propagate globally
2. You can check propagation status at: https://www.whatsmydns.net/
3. Test locally with: `nslookup candivista.com` and `nslookup www.candivista.com`
## SSL Certificate Setup
### Option 1: Let's Encrypt (Recommended)
1. **Update your email in the SSL setup script:**
```bash
# Edit nginx/ssl-setup.sh
EMAIL="your-actual-email@example.com"
```
2. **Run the SSL setup:**
```bash
chmod +x nginx/ssl-setup.sh
./nginx/ssl-setup.sh
```
3. **Deploy with SSL:**
```bash
./deploy-production.sh
```
### Option 2: Cloudflare (Alternative)
If you prefer using Cloudflare:
1. **Add your domain to Cloudflare**
2. **Point your nameservers to Cloudflare**
3. **Enable SSL/TLS encryption mode: "Full (strict)"**
4. **Update nginx configuration to use Cloudflare's origin certificates**
## Verification Steps
### 1. Check DNS Resolution
```bash
# Check A record
nslookup candivista.com
nslookup www.candivista.com
# Check from different locations
dig candivista.com @8.8.8.8
dig www.candivista.com @1.1.1.1
```
### 2. Test HTTP/HTTPS Access
```bash
# Test HTTP (should redirect to HTTPS)
curl -I http://candivista.com
# Test HTTPS
curl -I https://candivista.com
# Test www subdomain
curl -I https://www.candivista.com
```
### 3. SSL Certificate Verification
```bash
# Check SSL certificate
openssl s_client -connect candivista.com:443 -servername candivista.com
# Test SSL Labs rating
# Visit: https://www.ssllabs.com/ssltest/analyze.html?d=candivista.com
```
## Troubleshooting
### Common Issues
1. **DNS not resolving:**
- Wait for propagation (up to 48 hours)
- Check DNS records are correct
- Verify TTL settings
2. **SSL certificate issues:**
- Ensure domain points to your server before running SSL setup
- Check firewall allows ports 80 and 443
- Verify Let's Encrypt can reach your server
3. **Nginx not starting:**
- Check nginx configuration: `nginx -t`
- Check logs: `docker logs candidat-nginx`
- Verify SSL certificates exist
### Useful Commands
```bash
# Check nginx configuration
docker exec candidat-nginx nginx -t
# View nginx logs
docker logs candidat-nginx
# Restart nginx
docker-compose restart nginx
# Check all services
docker-compose ps
# View all logs
docker-compose logs -f
```
## Security Considerations
1. **Firewall Configuration:**
- Only allow ports 80, 443, and SSH (22)
- Block direct access to backend ports (8083, 3000, 3306)
2. **SSL Security:**
- The nginx configuration includes modern SSL settings
- HSTS is enabled for security
- Regular certificate renewal is automated
3. **Rate Limiting:**
- API endpoints are rate limited
- Admin endpoints have stricter limits
- Connection limits per IP are enforced
## Monitoring
### Health Checks
- Application health: `https://candivista.com/health`
- Nginx status: `https://candivista.com/nginx_status` (internal only)
### Log Monitoring
```bash
# Real-time access logs
docker exec candidat-nginx tail -f /var/log/nginx/access.log
# Error logs
docker exec candidat-nginx tail -f /var/log/nginx/error.log
# Application logs
docker-compose logs -f backend
docker-compose logs -f frontend
```
## Next Steps
1. **Configure your domain DNS records** as described above
2. **Wait for DNS propagation** (check with whatsmydns.net)
3. **Update your email** in the SSL setup script
4. **Run the deployment script** to set up SSL and deploy
5. **Test your application** at https://candivista.com
6. **Set up monitoring** and regular backups
Reference in New Issue View Git Blame Copy Permalink