Skip to content

DNS & TLS

Nudova serves the whole product on three hostnames and gets real HTTPS certificates automatically. You do one thing — point three DNS records at the box — and Caddy handles the rest.

Add three A records at your DNS provider, all pointing at your VPS IP:

Type Name Value TTL Serves
A @ (bare domain, or a shop subdomain) your VPS IP 300 storefront
A api your VPS IP 300 the API
A admin your VPS IP 300 staff admin app

Setting DOMAIN=your-domain.com in .env is what tells the stack to use these three hosts — the api. and admin. names, plus Django’s allowed hosts, CORS and CSRF, all derive from that one knob. See Store settings & branding.

Caddy is the only container that publishes ports (80 and 443). On the first request to each host it obtains a Let’s Encrypt certificate, redirects all HTTP to HTTPS, and renews certificates automatically before they expire. There is no manual certificate step and nothing to cron.

  1. DNS records point at the box (above).

  2. Ports 80 and 443 are open (the hardening firewall allows them; on Hostinger/DigitalOcean, any cloud firewall must allow them too).

  3. docker compose up -d — Caddy fetches certificates on first request.

  4. Verify:

    Terminal window
    curl -sI http://api.your-domain.com/health/ | head -1 # 308 → HTTPS redirect
    curl -s https://api.your-domain.com/health/ # "status": "success"
Symptom Fix
Browser warns about the certificate DNS wasn’t pointing at the box when Caddy started. Fix the A record, then docker compose restart caddy.
curl: connection refused Ports 80/443 blocked — check docker compose ps shows caddy Up, and your firewall (and any cloud firewall) allows 80/443.
DisallowedHost error page Your domain isn’t in DJANGO_ALLOWED_HOSTS → it derives from DOMAIN; fix .env and docker compose up -d web.

More: Troubleshooting & FAQ.