Add API Subdomain: api.upstream-dso.tacc.utexas.edu


## Summary
Request to add a new subdomain `api.upstream-dso.tacc.utexas.edu` to provide dedicated API access for the upstream-dso application.

## Background
Currently, the API is accessible through the main domain `upstream-dso.tacc.utexas.edu`. To improve organization and potentially enable different configurations for API vs web traffic, we need to add a dedicated API subdomain.

## Requirements

### DNS Configuration
- [ ] Add A record for `api.upstream-dso.tacc.utexas.edu` pointing to the same IP as `upstream-dso.tacc.utexas.edu`
- [ ] Verify DNS propagation

### SSL Certificate
- [ ] Update/expand existing SSL certificate to include `api.upstream-dso.tacc.utexas.edu`
- [ ] Handle CAA record restrictions for `tacc.utexas.edu` domain

### Infrastructure Updates
- [ ] Update Traefik configuration to route `api.upstream-dso.tacc.utexas.edu` to the API container
- [ ] Test both domains are accessible and properly routed

## Technical Details

**Current Configuration:**
- Main domain: `upstream-dso.tacc.utexas.edu`
- API accessible at: `upstream-dso.tacc.utexas.edu/docs` (FastAPI docs)

**Desired Configuration:**
- Main domain: `upstream-dso.tacc.utexas.edu` (unchanged)
- API domain: `api.upstream-dso.tacc.utexas.edu`
- API docs: `api.upstream-dso.tacc.utexas.edu/docs`

**Docker Compose Changes Needed:**
```yaml
labels:
  - traefik.enable=true
  - traefik.http.routers.app-api.rule=Host(`api.upstream-dso.tacc.utexas.edu`)
  - traefik.http.routers.app-api.tls=true
  - traefik.http.services.app-api.loadbalancer.server.port=8000
```

## Challenges Encountered

### CAA Record Issue
When attempting to generate SSL certificates with Let's Encrypt, encountered CAA policy restriction:
```
CAA record for tacc.utexas.edu prevents issuance
```

**Resolution needed:**
- Contact TACC IT to either:
  - Add Let's Encrypt to CAA record for `tacc.utexas.edu`
  - Provide alternative certificate solution
  - Create CAA exception for `upstream-dso.tacc.utexas.edu` subdomains

## Acceptance Criteria
- [ ] `api.upstream-dso.tacc.utexas.edu` resolves to correct IP address
- [ ] HTTPS works without certificate warnings
- [ ] API endpoints accessible via new subdomain
- [ ] FastAPI documentation available at `api.upstream-dso.tacc.utexas.edu/docs`
- [ ] Original domain `upstream-dso.tacc.utexas.edu` continues to work
- [ ] No service interruption during deployment

## Priority
**Medium** - Improves API organization but doesn't block current functionality

## Additional Context
- Server: `upstream-dso` 
- Current IP: [INSERT_SERVER_IP]
- Traefik version: 2.11
- Let's Encrypt integration: Existing setup using `/etc/letsencrypt` mount

## Next Steps
1. **IT Request**: Submit request to TACC IT for DNS and certificate authority approval
2. **DNS Update**: Add A record for API subdomain
3. **Certificate**: Generate/expand SSL certificate
4. **Deploy**: Update Traefik configuration
5. **Test**: Verify both domains work correctly


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add API Subdomain: api.upstream-dso.tacc.utexas.edu #115

Summary

Background

Requirements

DNS Configuration

SSL Certificate

Infrastructure Updates

Technical Details

Challenges Encountered

CAA Record Issue

Acceptance Criteria

Priority

Additional Context

Next Steps

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add API Subdomain: api.upstream-dso.tacc.utexas.edu #115

Description

Summary

Background

Requirements

DNS Configuration

SSL Certificate

Infrastructure Updates

Technical Details

Challenges Encountered

CAA Record Issue

Acceptance Criteria

Priority

Additional Context

Next Steps

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions