Replace placeholder "YOUR-PROD-RAILWAY-APP.up.railway.app" with the actual
Railway production domain "blackroad-operating-system-production.up.railway.app".
This fixes the issue where https://os.blackroad.systems was not receiving
updates from new deployments.
## Problem
The blackroad.systems domain was returning HTTP 403 Forbidden with a
fallback page ("Status: Nginx API") instead of serving the BlackRoad OS
application. This was caused by:
1. Domain configured in "forward" mode instead of DNS mode
2. Missing or misconfigured Nginx server blocks
3. Requests falling through to default server block
## Solution
### 1. Updated Domain Configuration (ops/domains.yaml)
- Changed blackroad.systems from "forward" to "dns" mode
- Domain now points directly to application server via CNAME
- Established blackroad.systems as canonical apex domain
- www.blackroad.systems redirects to apex domain (301)
- Aligns with DOMAIN_SPEC.md positioning as flagship corporate site
### 2. Created Nginx Configuration (ops/nginx/blackroad.systems.conf)
- Proper server_name directives for blackroad.systems
- HTTP to HTTPS redirects (301)
- www to apex domain redirects (301)
- Modern SSL/TLS configuration
- Security headers (HSTS, X-Frame-Options, etc.)
- SPA fallback routing with try_files
- Static asset caching with versioning
- Health check endpoint at /healthz
- Separate server blocks for apex and www subdomains
### 3. Deployment Guide (ops/DOMAIN_FIX_GUIDE.md)
- Step-by-step deployment instructions
- DNS configuration and verification
- SSL certificate setup
- Nginx deployment and testing
- Troubleshooting guide
- Post-deployment validation checklist
## Testing Required
After deployment:
1. Apply DNS changes: python3 ops/scripts/apply_domains.py
2. Deploy Nginx config to server
3. Obtain SSL certificates
4. Verify all redirects and endpoints
5. Purge CDN caches if applicable
## References
- blackroad-universe/domains/blackroad-systems/DOMAIN_SPEC.md
- ops/scripts/apply_domains.py
This script reads a YAML configuration file and applies DNS and forwarding settings for domains using GoDaddy and Cloudflare APIs. It ensures idempotency, meaning re-running it won't create duplicate records.
Added configuration for multiple domains with forwarding and DNS settings.Initial universal domain orchestrator configuration: specify forwarding and DNS settings for blackroad domains and subdomains.
Implements a declarative domain orchestrator that reads ops/domains.yaml
and automatically applies DNS and forwarding configuration via GoDaddy
and Cloudflare APIs.
Features:
- YAML-based configuration for all domains (ops/domains.yaml)
- Python script to apply changes idempotently (ops/scripts/apply_domains.py)
- GitHub Actions workflow to sync on YAML changes (sync-domains.yml)
- Optional health check workflow (domain-health.yml)
- Comprehensive documentation (docs/domains-overview.md)
The system supports:
- GoDaddy: DNS records and 301 forwarding
- Cloudflare: DNS records (CNAME, A)
All API credentials are read from GitHub secrets (GODADDY_API_KEY,
GODADDY_API_SECRET, CLOUDFLARE_TOKEN).
