Secure Server Setup
The server is secured using SSH with a private key and password. Administrative access requires proper authentication before configuring domain routing.
Domain Name System (DNS) Fundamentals
DNS translates human-readable domain names into IP addresses. An A record maps a domain to an IPv4 address, AAAA maps to IPv6, CNAME creates aliases, and MX handles email routing. DNS changes propagate globally and are controlled by TTL settings.
Pointing a Domain to a VPS
A subdomain is configured in Cloudflare by creating A and AAAA records pointing to the VPS IP address. This connects the domain to the server infrastructure.
Reverse Proxy Concept
A reverse proxy acts as a single entry point for incoming traffic and routes requests to applications running on different ports. It hides internal ports, enables multiple applications on one server, and simplifies domain-based routing.
HTTPS and Security Management
The reverse proxy manages SSL/TLS certificates, enabling HTTPS by default. It also enhances security by preventing direct exposure of internal services and can support load balancing.
Using Caddy as Reverse Proxy
Caddy is selected due to its simplicity, single-binary deployment, built-in reverse proxy, and automatic HTTPS via Let's Encrypt. It is written in Go and provides configuration validation utilities.
Installing and Running Caddy
Caddy is installed on a Debian server via package manager. It runs as a systemd service, and its configuration file defines domain routing behavior.
Configuring Domain Routing with Caddy
The Caddyfile is updated to bind the configured subdomain. After restarting the service, the domain successfully resolves with HTTPS and a valid certificate.
Next Deployment Steps
The next steps include installing PostgreSQL, deploying the application binary, and managing it with systemd to make the application fully accessible online.
Okay, we have a secure server now that we can SSH into and perform administrative action with the knowledge that you need our private SSH key and our password to interact with the server. Before we can point our domain name to our server, we need to know a little bit about DNS and also what our reverse proxy is and also
to install a reverse proxy on a server. Let's start with DNS. So DNS is short for domain name system. It's translate a human readable domain name like masterfulstackgolang.com into an IP address, which is the IP address you saw me receive when I created the server or the VPS. Without DNS, you would have to
Type in the IP address by the website, which is not really a good user experience. There's a bunch of different providers or registers you can purchase domains from. I mainly use Cloudflare. There's also one called Namecheap. Both of them is really, really good. And here we can first of all buy the domain, but we can also point records to that domain.
which means we can map an IPv4 address, which is the one you saw us creating the CSS config, to through an A record, a Las Martina 4 here. So we can take this IPv4 address and create an A record that points a domain to that IP. We can also use ip
v6 address. We can use CNAME records to create aliases from one domain to another. We can create what is known as MX records to set email exchange records, which you will need if you ever start sending emails from your application. We will set this up in just a second on my domain on master full stack Golang. We're going to be creating a domain that points to our VPS.
at demo.masterforce.goelang.com. Now, we also need to talk about DNS propagation. So changes to these records are not instant. They have to propagate across the internet. And this can take anywhere from a few minutes to 48 hours. And we can also specify TTL, Time to Life, that controls how long a record is cached. So the practical
Or the short version of DNS is that we point a domain's A record to a VPS IP address. So again, demo.masterforce.goland.com gets pointed to our IP. And then through our reverse proxy, we will have that one set up, SSL and the certificates we need to host traffic on HTTPS. And then underneath it will reverse
the request that it receives to the application. So that is really short for what is a reverse proxy, but the problem we are trying to solve, for example, would be to run multiple applications on one server. So maybe we have an API, maybe we have a front-end and a back-end that's running in separate instances. Maybe we have multiple applications on our server. All of these servers will have to run on different ports.
on the server, so we have been using 8080, we could have one on 8081, 82, so one and so forth. We also don't want the user to type in demo at masterfuls.goelang.com and then the port, which they will have to if we don't use a reverse proxy. We want them to just type in the domain name and nothing else. So this reverse proxy sits in front of our applications and routes and
Simply make sure that they directs the income request to the correct application. And it acts as a single entry point for all traffic. It handles SSLs, TLS certificates. So we can actually have HTTPS, which is table stakes at this. Like you need to have HTTPS in this day and age. We can also have multiple different domains running.
on the same server. So for example, the site that you're watching this on is on masterfulstackgolang.com. And I can have that version of the application that you're watching this on run on the same server that we will host the demo application on, for example, and then just tell our viewers proxy to route traffic to the correct application. There's also some security measures here.
applications don't need to be directly exposed to the internet. We also get SSL management, so we don't have to manually handle certificates for all of our apps. We can also do stuff like load balancing and distribute traffic across multiple instances. It's also a lot easier to handle ports without necessarily affecting users. And for reverse processing, we're going to be using
program or tool called catty. And the main, not the main, the big thing for me at least is that the catty is written in Go. So it's a single binary. There's no dependencies. It has a reverse proxying built in and it automatically handles HTTPS. It obtains and renews SSL certificates automatically through let's encrypt.
It's a simple config. It's readable. It provides us with some agility, utility functionalities to format and validate that the config is in the right format. There's also other alternatives like EngineX, Apache, both also good alternatives, but we're gonna stick with Go and use Caddy. Let's register some
some DNS records. And here I am in my Cloudflare dashboard. I have blurred out all the things that you're not supposed to see. But we have this at record. It will be quite similar to other providers where we're going to specify demo because I'm in the DNS management for masterfulstackgoaling.com. I'm going to paste the IP address that we have here.
There we go. I'm going to save it. And then for good measure, I'm also going to add a triple A quadruple A record for IPv6. That also points to demo at masterfulstake-go-lang.com. This is not valid. Is it valid now? There we go. All right. Our DNS is now set up.
The next step is we need to install catty on the server. So if we go here to cattyserver.com, you can see it's the ultimate server, makes your site more secure, more reliable, all these good things. So let's go to docs and let's go to install. We will be running this on Debian so we can basically grab all of this and go back to our terminal here. And in here, I'm actually going to paste everything. Yes.
and we need to provide. We're gonna do it one more time and do it step by step. So we will first grab this right here. We have some dependencies we need to make sure is in place. So let's do that and we say password. I misspelled password. Yes, we are already
having most of the dependencies. Then let's grab the next one. Good. Let's grab the next inline and continue. All right. Then you see much on things we just curled. Okay, let's do some sudo. There we go.
sudo one more time and let's then run sudo apt update and finally let's install catty great so we installed catty 2.10.2
Let's jump to the top here and click getting started. So let's start by grabbing Caddy and see what happens. We get back the help. All right, we say Caddy run, loading new config. So we can also, we are already running it. So let me just try and check sudo system, CTL status Caddy.
and we are running catty as a systemd command. We'll get into systemd in the next module when we actually talk about deploying our application, but it's running. If we go to slash ec slash catty and ls, see we have the catty file here. And if we open that, we can see we have a very basic catty file here and we should
Technically, we're able to go to our IP address at port 80. We see that Caddy is actually running on our IP address. And this is because we allowed HTTP access through the port 80. So this is working. Now, let's try and change things up a bit here and say,
Oh, we need to come out and say sudo vi. So we need sudo permission to change this file. And now let's say demo at masterfullstackglang.com. Give that a save. Let's then say sudo systemctl restart caddy. Let's check the status.
It's running. Let's try and see if we can access the same thing here, but on demo at masterfullstacklang.com, port 80, and we can. So this is working now. You can also see we have HTTPS. We have a valid certificate. The connection is secure. Now the only thing we need to do is we need to
install Postgres on our server and get our binary onto the server. And then we're going to run it through systemd, which is the same process that runs catty. But all of that will be the topic of the next module. And then we can actually see our application live on the internet, which is going to be very exciting.
