diff --git a/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md b/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md index 8bf49130..0f996582 100644 --- a/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md +++ b/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md @@ -8,17 +8,18 @@ > - [`SECURE_API_EXPOSURE.md`](../single_azure_vm/docker/SECURE_API_EXPOSURE.md) — Caddy decision + architecture > - [`DEPLOYMENT_STATUS_2026-03-29.md`](../single_azure_vm/docker/DEPLOYMENT_STATUS_2026-03-29.md) — current VM status > - [`ECOSYSTEM_WEB_APPS_INVENTORY.md`](./ECOSYSTEM_WEB_APPS_INVENTORY.md) — full Vercel audit +> - [`GODADDY_DNS_SETUP_BYTELYST.md`](./GODADDY_DNS_SETUP_BYTELYST.md) — GoDaddy DNS runbook for `bytelyst.com` --- ## Progress Tracker -| # | Prompt | Status | Commit SHA | Verified | -| --- | ------------------------ | :------------: | :--------: | :------: | -| A1 | Caddy Gateway Setup | 🟨 In progress | — | ⬜ | -| A2 | Gitea HTTPS Exposure | ⬜ Not started | — | ⬜ | +| # | Prompt | Status | Commit SHA | Verified | +| --- | -------------------------- | :------------: | :--------: | :------: | +| A1 | Caddy Gateway Setup | 🟨 In progress | — | ⬜ | +| A2 | Gitea HTTPS Exposure | ⬜ Not started | — | ⬜ | | A3 | Internal Dashboard Hosting | ⬜ Not started | — | ⬜ | -| A4 | NSG Lockdown | ⬜ Not started | — | ⬜ | +| A4 | NSG Lockdown | ⬜ Not started | — | ⬜ | **Execution order:** @@ -37,7 +38,7 @@ These VM-hosted DNS records must exist before Caddy can obtain Let's Encrypt cer | ---------------------- | ---- | ---------------------- | ------------------- | | `api.bytelyst.com` | A | `` | Backend API gateway | | `gitea.bytelyst.com` | A | `` | Gitea npm registry | -| `admin.bytelyst.com` | A | `` | Internal admin UI | +| `admin.bytelyst.com` | A | `` | Internal admin UI | | `tracker.bytelyst.com` | A | `` | Internal tracker UI | **Verify DNS before starting A1:** diff --git a/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md b/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md new file mode 100644 index 00000000..4a0e7d32 --- /dev/null +++ b/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md @@ -0,0 +1,106 @@ +# GoDaddy DNS Setup — bytelyst.com + +This runbook tracks the manual DNS changes for `bytelyst.com` in GoDaddy for the current ByteLyst Azure VM architecture. + +Related docs: + +- [`CODEX_PROMPTS_TRACK_A_AZURE_VM.md`](/opt/bytelyst/learning_ai_common_plat/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md) +- [`TRACK_A_HANDOFF_2026-03-29.md`](/opt/bytelyst/learning_ai_common_plat/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md) +- [`README.md`](/opt/bytelyst/learning_ai_common_plat/docs/devops/single_azure_vm/docker/README.md) + +## Target Architecture + +For the current internal-on-VM setup, these hostnames should point to the Azure VM public IP: + +| Hostname | Type | Target | Purpose | +| ---------------------- | ---- | ---------------------- | -------------------------------------------- | +| `api.bytelyst.com` | `A` | `` | Public backend API gateway through Caddy | +| `gitea.bytelyst.com` | `A` | `` | Gitea and private npm registry through Caddy | +| `admin.bytelyst.com` | `A` | `` | Internal admin dashboard | +| `tracker.bytelyst.com` | `A` | `` | Internal tracker dashboard | + +Recommended temporary TTL during cutover: + +- `600` seconds or lower while changes are propagating + +## Preconditions + +- You know the current Azure VM public IP. +- Ports `80` and `443` are allowed by the Azure NSG. +- Caddy is configured on the VM for the target hostnames. +- You are editing DNS in the authoritative GoDaddy zone for `bytelyst.com`. + +## GoDaddy Steps + +1. Sign in to GoDaddy. +2. Open `My Products`. +3. Under `Domains`, find `bytelyst.com`. +4. Click `DNS`. +5. In the `Records` section, create or update these `A` records: + +| Name | Type | Value | TTL | +| --------- | ---- | ---------------------- | ----- | +| `api` | `A` | `` | `600` | +| `gitea` | `A` | `` | `600` | +| `admin` | `A` | `` | `600` | +| `tracker` | `A` | `` | `600` | + +6. Save each record. +7. Remove or correct any conflicting `A`, `CNAME`, or forwarding records for the same names. + +## Validation + +Run these from the VM after saving the records: + +```bash +dig +short api.bytelyst.com +dig +short gitea.bytelyst.com +dig +short admin.bytelyst.com +dig +short tracker.bytelyst.com +curl -sf https://api.ipify.org && echo +``` + +Expected result: + +- all four hostnames resolve to the same Azure VM public IP +- the resolved IP matches the output from `https://api.ipify.org` + +After DNS resolves correctly, validate HTTPS: + +```bash +curl -sI https://api.bytelyst.com/platform/health | head -5 +curl -sI https://gitea.bytelyst.com | head -5 +curl -sI https://admin.bytelyst.com | head -5 +curl -sI https://tracker.bytelyst.com | head -5 +``` + +Expected result: + +- valid TLS responses from Caddy +- `200`, `302`, or auth-gated responses are acceptable depending on the app +- certificate issuance should complete automatically once DNS and ports are correct + +## Troubleshooting + +If records do not resolve as expected: + +- verify that GoDaddy is the authoritative DNS provider for `bytelyst.com` +- check for duplicate records for `api`, `gitea`, `admin`, or `tracker` +- wait for propagation and retry with low TTL still in place +- confirm Azure NSG allows inbound `80` and `443` +- confirm Caddy is running and reachable on the VM + +Useful checks: + +```bash +docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}' | grep -E 'caddy|admin-web|tracker-web|platform-service' +docker logs caddy --tail 100 +``` + +## Change Log + +Use this section to record real DNS cutovers: + +| Date | Operator | Change | Result | +| ------------ | -------- | ------------------------------------------------------- | -------------- | +| `2026-03-31` | Codex | Created GoDaddy-specific DNS runbook for `bytelyst.com` | Document added | diff --git a/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md b/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md index b2f84f75..8db0922e 100644 --- a/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md +++ b/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md @@ -2,6 +2,10 @@ This handoff captures the current state of Track A on the Azure VM at `/opt/bytelyst/`. +Registrar-specific DNS runbook: + +- [`GODADDY_DNS_SETUP_BYTELYST.md`](/opt/bytelyst/learning_ai_common_plat/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md) + Architecture decision after this handoff: - The VM should host self-hosted infrastructure, backend APIs, and internal web tools in Docker