docs(devops): add GoDaddy DNS runbook for bytelyst

2026-03-31 09:00:11 +00:00 · 2026-03-31 09:00:11 +00:00 · a597646034
commit a597646034
parent abfbb70583
3 changed files with 117 additions and 6 deletions
--- a/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md
+++ b/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md
@ -8,17 +8,18 @@
 > - [`SECURE_API_EXPOSURE.md`](../single_azure_vm/docker/SECURE_API_EXPOSURE.md) — Caddy decision + architecture
 > - [`DEPLOYMENT_STATUS_2026-03-29.md`](../single_azure_vm/docker/DEPLOYMENT_STATUS_2026-03-29.md) — current VM status
 > - [`ECOSYSTEM_WEB_APPS_INVENTORY.md`](./ECOSYSTEM_WEB_APPS_INVENTORY.md) — full Vercel audit
+> - [`GODADDY_DNS_SETUP_BYTELYST.md`](./GODADDY_DNS_SETUP_BYTELYST.md) — GoDaddy DNS runbook for `bytelyst.com`

 ---

 ## Progress Tracker

-| #   | Prompt                   |     Status     | Commit SHA | Verified |
-| --- | ------------------------ | :------------: | :--------: | :------: |
-| A1  | Caddy Gateway Setup      | 🟨 In progress |     —      |    ⬜    |
-| A2  | Gitea HTTPS Exposure     | ⬜ Not started |     —      |    ⬜    |
+| #   | Prompt                     |     Status     | Commit SHA | Verified |
+| --- | -------------------------- | :------------: | :--------: | :------: |
+| A1  | Caddy Gateway Setup        | 🟨 In progress |     —      |    ⬜    |
+| A2  | Gitea HTTPS Exposure       | ⬜ Not started |     —      |    ⬜    |
 | A3  | Internal Dashboard Hosting | ⬜ Not started |     —      |    ⬜    |
-| A4  | NSG Lockdown             | ⬜ Not started |     —      |    ⬜    |
+| A4  | NSG Lockdown               | ⬜ Not started |     —      |    ⬜    |

 **Execution order:**

@ -37,7 +38,7 @@ These VM-hosted DNS records must exist before Caddy can obtain Let's Encrypt cer
 | ---------------------- | ---- | ---------------------- | ------------------- |
 | `api.bytelyst.com`     | A    | `<Azure VM public IP>` | Backend API gateway |
 | `gitea.bytelyst.com`   | A    | `<Azure VM public IP>` | Gitea npm registry  |
-| `admin.bytelyst.com`   | A    | `<Azure VM public IP>` | Internal admin UI |
+| `admin.bytelyst.com`   | A    | `<Azure VM public IP>` | Internal admin UI   |
 | `tracker.bytelyst.com` | A    | `<Azure VM public IP>` | Internal tracker UI |

 **Verify DNS before starting A1:**
--- a/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md
+++ b/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md
@ -0,0 +1,106 @@
+# GoDaddy DNS Setup — bytelyst.com
+
+This runbook tracks the manual DNS changes for `bytelyst.com` in GoDaddy for the current ByteLyst Azure VM architecture.
+
+Related docs:
+
+- [`CODEX_PROMPTS_TRACK_A_AZURE_VM.md`](/opt/bytelyst/learning_ai_common_plat/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md)
+- [`TRACK_A_HANDOFF_2026-03-29.md`](/opt/bytelyst/learning_ai_common_plat/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md)
+- [`README.md`](/opt/bytelyst/learning_ai_common_plat/docs/devops/single_azure_vm/docker/README.md)
+
+## Target Architecture
+
+For the current internal-on-VM setup, these hostnames should point to the Azure VM public IP:
+
+| Hostname               | Type | Target                 | Purpose                                      |
+| ---------------------- | ---- | ---------------------- | -------------------------------------------- |
+| `api.bytelyst.com`     | `A`  | `<Azure VM public IP>` | Public backend API gateway through Caddy     |
+| `gitea.bytelyst.com`   | `A`  | `<Azure VM public IP>` | Gitea and private npm registry through Caddy |
+| `admin.bytelyst.com`   | `A`  | `<Azure VM public IP>` | Internal admin dashboard                     |
+| `tracker.bytelyst.com` | `A`  | `<Azure VM public IP>` | Internal tracker dashboard                   |
+
+Recommended temporary TTL during cutover:
+
+- `600` seconds or lower while changes are propagating
+
+## Preconditions
+
+- You know the current Azure VM public IP.
+- Ports `80` and `443` are allowed by the Azure NSG.
+- Caddy is configured on the VM for the target hostnames.
+- You are editing DNS in the authoritative GoDaddy zone for `bytelyst.com`.
+
+## GoDaddy Steps
+
+1. Sign in to GoDaddy.
+2. Open `My Products`.
+3. Under `Domains`, find `bytelyst.com`.
+4. Click `DNS`.
+5. In the `Records` section, create or update these `A` records:
+
+| Name      | Type | Value                  | TTL   |
+| --------- | ---- | ---------------------- | ----- |
+| `api`     | `A`  | `<Azure VM public IP>` | `600` |
+| `gitea`   | `A`  | `<Azure VM public IP>` | `600` |
+| `admin`   | `A`  | `<Azure VM public IP>` | `600` |
+| `tracker` | `A`  | `<Azure VM public IP>` | `600` |
+
+6. Save each record.
+7. Remove or correct any conflicting `A`, `CNAME`, or forwarding records for the same names.
+
+## Validation
+
+Run these from the VM after saving the records:
+
+```bash
+dig +short api.bytelyst.com
+dig +short gitea.bytelyst.com
+dig +short admin.bytelyst.com
+dig +short tracker.bytelyst.com
+curl -sf https://api.ipify.org && echo
+```
+
+Expected result:
+
+- all four hostnames resolve to the same Azure VM public IP
+- the resolved IP matches the output from `https://api.ipify.org`
+
+After DNS resolves correctly, validate HTTPS:
+
+```bash
+curl -sI https://api.bytelyst.com/platform/health | head -5
+curl -sI https://gitea.bytelyst.com | head -5
+curl -sI https://admin.bytelyst.com | head -5
+curl -sI https://tracker.bytelyst.com | head -5
+```
+
+Expected result:
+
+- valid TLS responses from Caddy
+- `200`, `302`, or auth-gated responses are acceptable depending on the app
+- certificate issuance should complete automatically once DNS and ports are correct
+
+## Troubleshooting
+
+If records do not resolve as expected:
+
+- verify that GoDaddy is the authoritative DNS provider for `bytelyst.com`
+- check for duplicate records for `api`, `gitea`, `admin`, or `tracker`
+- wait for propagation and retry with low TTL still in place
+- confirm Azure NSG allows inbound `80` and `443`
+- confirm Caddy is running and reachable on the VM
+
+Useful checks:
+
+```bash
+docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}' | grep -E 'caddy|admin-web|tracker-web|platform-service'
+docker logs caddy --tail 100
+```
+
+## Change Log
+
+Use this section to record real DNS cutovers:
+
+| Date         | Operator | Change                                                  | Result         |
+| ------------ | -------- | ------------------------------------------------------- | -------------- |
+| `2026-03-31` | Codex    | Created GoDaddy-specific DNS runbook for `bytelyst.com` | Document added |
--- a/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md
+++ b/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md
@ -2,6 +2,10 @@

 This handoff captures the current state of Track A on the Azure VM at `/opt/bytelyst/`.

+Registrar-specific DNS runbook:
+
+- [`GODADDY_DNS_SETUP_BYTELYST.md`](/opt/bytelyst/learning_ai_common_plat/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md)
+
 Architecture decision after this handoff:

 - The VM should host self-hosted infrastructure, backend APIs, and internal web tools in Docker