# DNS values and information security

Reference for configuring **`ikon168.com`** DNS and protecting credentials.

---

## Hostnames and roles

| Hostname | Role |
|----------|------|
| **`agent.ikon168.com`** | CS Agent web UI, API, and health checks (HTTPS after TLS is enabled). |
| **`docs.ikon168.com`** | Documentation or admin dashboard (separate application; enable when deployed). |
| **`portal.ikon168.com`** | IKON168 Customer Portal preview with the embedded LiveChat widget for UAT. |

---

## Records to add (Namecheap Advanced DNS)

Use **A records** at the registrar. **Nameservers** remain unchanged; only add records under **Advanced DNS**.

| Type | Host | Value |
|------|------|--------|
| A | `agent` | IPv4 of the application server (see deployment documentation). |
| A | `docs` | Same IPv4 unless the docs app is hosted elsewhere. |
| A | `portal` | Same IPv4 for the customer portal preview. |

Disable **parking** or **URL redirect** on these hosts if they would override the A records.

**Example deployment IP (confirm before use):** `34.143.185.136` — ephemeral cloud IPs can change if the instance is recreated; use the current value from infrastructure documentation.

---

## Firewall (host / cloud)

For automatic HTTPS (Let’s Encrypt HTTP-01), the server must accept inbound **TCP 80** and **443** on the public interface, in addition to any rules already in place.

---

## Confidential information

Do **not** distribute in public or unsecured channels:

- API keys (LLM, LiveChat PAT)
- Telegram bot tokens and sensitive group identifiers
- Backoffice and third-party account passwords

Share operational values through agreed **secure channels** only. Public server IP and public HTTPS URLs are not equivalent to credentials.

---

See [07-DNS-and-Domain-Namecheap.md](07-DNS-and-Domain-Namecheap.md) for procedure and checklist.