# DNS and domain (Namecheap) **Domain:** `ikon168.com` **Hostnames:** **`agent.ikon168.com`** (CS Agent), **`docs.ikon168.com`** (documentation), **`portal.ikon168.com`** (IKON168 Customer Portal preview). Summary: [00-Production-Domain-ikon168.md](00-Production-Domain-ikon168.md). --- ## 0. Nameservers and A records **Nameservers do not change.** Keep the registrar’s current nameservers for `ikon168.com`. **Required change:** In **Advanced DNS**, add **A records** so each hostname resolves to the **application server’s public IPv4** supplied in deployment documentation (example: `34.143.185.136` — verify current value before go-live). | Topic | Detail | |-------|--------| | Pointing traffic | Use **A records** at the registrar; no DNS delegation to a third-party DNS host is required unless you choose one. | | Account access | Domain administrators add the records locally. **Collaborator access** to the registrar is optional, not mandatory. | --- ## 1. Why DNS must be configured HTTPS and stable URLs require DNS to resolve **`agent.ikon168.com`**, **`docs.ikon168.com`**, and **`portal.ikon168.com`** to the correct infrastructure. The domain does **not** need to move to another registrar. --- ## 2. Values to obtain before editing DNS Confirm with the **implementation / operations** team: - Final **hostnames** — **`agent.ikon168.com`**, **`docs.ikon168.com`**, and **`portal.ikon168.com`** ([00-Production-Domain-ikon168.md](00-Production-Domain-ikon168.md)). - **Target:** IPv4 for **A records**, or a **CNAME** target if using a load balancer or CDN. Do not assume IP or hostname without confirmation. --- ## 3. Typical records (Namecheap Advanced DNS) | Type | Host / Name | Value | Purpose | |------|-------------|-------|---------| | **A** | `agent` | Server IPv4 | `agent.ikon168.com` | | **A** | `docs` | Server IPv4 (or other if split) | `docs.ikon168.com` | | **A** | `portal` | Server IPv4 (same VM) | `portal.ikon168.com` | Turn off **parking** or **URL redirect** for these hosts if they would block correct resolution. **TTL:** Default or automatic is usually sufficient; lower TTL briefly if you expect to change targets soon. --- ## 4. Registrar access models | Model | Description | |-------|-------------| | **Administrators add records** | Implementation team sends host + IP; your DNS admin edits **Advanced DNS**. No third-party login required. | | **Delegated access** | Optional: registrar **collaborator** features, if policy allows. | | **Shared passwords** | **Not recommended** for third parties. | Do not transmit registrar or application passwords through unsecured messaging. --- ## 5. HTTPS (TLS) After DNS resolves correctly, TLS is issued (e.g. Let’s Encrypt via Caddy or another reverse proxy). Certificate issuance **fails** if DNS is wrong or **TCP 80** is blocked (HTTP-01 validation). --- ## 6. Multiple services on one domain - **`agent.ikon168.com`** → CS Agent. - **`docs.ikon168.com`** → separate app (doc sync / dashboard). - **`portal.ikon168.com`** → IKON168 Customer Portal preview with LiveChat widget. Each hostname needs an appropriate **A** or **CNAME**; targets may differ if services run on different hosts. --- ## 7. Checklist - [ ] Hostnames and record types confirmed with the operations team. - [ ] **Advanced DNS** updated at the registrar. - [ ] Conflicts removed (parking, redirects). - [ ] Propagation waited for (minutes to hours). - [ ] Operations team notified for verification and TLS enablement. --- ## 8. Server-side steps (after DNS) On the deployment host (e.g. GCP VM): 1. `DOMAIN=agent.ikon168.com` in `config/.env` (matches the CS Agent hostname). 2. Firewall: **TCP 80** and **443** open. 3. Production stack with reverse proxy and TLS (e.g. `deploy/docker-compose.production.yml` — see project **README**). 4. Optionally restrict public **8080** if HTTP was only for UAT. A separate app on **`docs.ikon168.com`** may need its own process or reverse-proxy site definition. --- Back to [README.md](README.md) · [04-Integration-and-Go-Live-Checklist.md](04-Integration-and-Go-Live-Checklist.md)