# Excourse: Domains and Subdomains

Infinity Tools helps you self-host everything—including your future WordPress site. Before you install Traefik or any applications, take a moment to decide how your domain should point to your server. In this chapter you'll set up your **main domain** (even if WordPress isn't running yet) and map out the **subdomains** each Infinity Tools app will use.

**Why this chapter now?** Getting DNS ready right after installing Infinity Tools (Chapter 2) means Traefik can issue certificates instantly, your apps come online with friendly URLs, and you won't have to pause mid-install to fix domain problems.

## Decide Where Your Main Domain Should Go

Your **main domain** (also called the apex domain or root domain) is what people type to reach your primary site—for example, `myinfinitytools.com`. Most beginners following this guide want the main domain to load a WordPress site that **they will install with Infinity Tools** in Chapter 11.

### No WordPress Yet? That's OK.

Even though WordPress isn't installed yet, point your main domain to the server where Infinity Tools runs. Until WordPress is live you'll see Traefik's default page (or a simple placeholder), which is perfectly fine.

You'll create two records now:

- `@` → your server's public IP address (A record)
- `www` → `@` (CNAME) so both reach the same place

Later, when you install WordPress with Traefik integration, Infinity Tools will automatically use these records to serve your new site over HTTPS.

## What is a Subdomain?

**A subdomain** is like a separate address within your main website. Think of it as different rooms in the same house - each room has its own purpose, but they're all part of the same building.

**Examples of subdomains:**

- `vault.myinfinitytools.com` - For your password manager
- `files.myinfinitytools.com` - For your file storage
- `admin.myinfinitytools.com` - For your admin panel

**Important Note:**

From a security standpoint, it is considered poor practice to use obvious subdomain names (like “admin” or “files”) for sensitive services such as administration panels or data storage. Such names reveal potentially valuable targets to attackers during reconnaissance and were chosen here for illustration purposes.

### Breaking Down a Subdomain

Let's look at `vault.myinfinitytools.com`:

- **vault** - This is the subdomain (the "room")
- **myinfinitytools** - This is your domain name (the "house")
- **com** - This is the top-level domain (the "neighborhood")

## Why Do We Need Subdomains?

Subdomains help organize your services and make them easier to access:

- ✅ **Easy to remember** - `vault.mydomain.com` is clear
- ✅ **Professional looking** - Each service has its own address
- ✅ **SSL certificates work better** - Each subdomain gets its own certificate
- ✅ **Easy to manage** - You can move services around easily

**Without subdomains:** You'd have to use ports like `mydomain.com:8080` or `mydomain.com:3000` - much harder to remember!

## Plan Your Subdomains

Start a simple list of the services you plan to run with Infinity Tools. These examples match the chapters you'll follow later. You can always add more subdomains later.

### Security Services

- `vault.mydomain.com` - Vaultwarden (Chapter 7)
- `pass.mydomain.com` - Passbolt (Chapter 8)
- `vpn.mydomain.com` - VPN or remote access gateway

### File and Storage Services

- `files.mydomain.com` - Nextcloud (Chapter 10)
- `sync.mydomain.com` - Syncthing (Chapter 9)
- `backup.mydomain.com` - Borgmatic status or backup dashboard

### Web and Content Services

- `www.mydomain.com` - Redirect to your main domain once WordPress is live (Chapter 11)
- `blog.mydomain.com` - Alternate marketing site or staging WordPress
- `docs.mydomain.com` - Docs portal built with BookStack or similar

### Monitoring and Analytics

- `stats.mydomain.com` - Matomo analytics (Chapter 12)
- `monitor.mydomain.com` - Monitoring stack (Uptime Kuma, Grafana, etc.)
- `status.mydomain.com` - Public status page

## How to Create Subdomains

The process varies by hosting provider, but the steps are always: point `@` and `www` to your Infinity Tools server, then create matching records for every subdomain Traefik will serve.

### Step 1: Get Your Server's IP Address

First, you need to know your server's IP address. You can find this in your server provider's dashboard or by running this command on your server:

```
curl ifconfig.me
```

This will show you your server's public IP address (something like `123.456.789.012`).

### Step 2: Access Your DNS Management

Log into your domain registrar or hosting provider and look for:

- **DNS Management**
- **DNS Settings**
- **Domain Management**
- **Name Servers**

## Provider-Specific Instructions

Below are examples from popular registrars and DNS hosts. Interfaces may change, but the record types stay the same. Each provider follows the same basic pattern:

- Optionally, an **A record** for `@` pointing to your Infinity Tools server IP — this makes `https://yourdomain.com` and `https://www.yourdomain.com` resolve to the server (for example, to host WordPress later).   
    **Skip this step** if your main website is hosted elsewhere and you only want to connect specific subdomains.
- A **CNAME record** for `www` pointing to `@`.
- Individual **A records** for every service subdomain (e.g. `vault`, `files`, `monitor`) pointing to your Infinity Tools server IP.

**Note:** The example IP `203.0.113.42` is for illustration only — replace it with your actual server IP.

### Hetzner Cloud

If you manage DNS in Hetzner:

1. Log into the [Hetzner Cloud Console](https://console.hetzner.cloud).
2. Go to **DNS** and select your domain.
3. Click **Add record** → choose **A** → set **Name** to `@` and **Value** to your server IP → **Save**.
4. Add a **CNAME** record with **Name** `www` pointing to `@`.
5. Repeat **Add record** → **A** for each service subdomain (e.g., `vault`, `files`) and set the same server IP.

**Example:** To prepare WordPress for the main domain and Vaultwarden on `vault.myinfinitytools.com`:

- `@` → `203.0.113.42` (A record)
- `www` → `@` (CNAME)
- `vault` → `203.0.113.42` (A record)

### Cloudflare

If you proxy traffic through Cloudflare:

1. Log into the [Cloudflare Dashboard](https://dash.cloudflare.com).
2. Select your domain and open **DNS → Records**.
3. Click **Add record** → choose **A** → set **Name** to `@`, **IPv4 address** to your server IP, TTL **Auto**, Proxy status **Off (DNS only)** while testing → **Save**.
4. Add a **CNAME** record for `www` pointing to `@`.
5. Add individual **A** records for each service subdomain (e.g., `files`, `vault`) pointing to the same IP. You can enable the orange-cloud proxy after confirming Traefik and certificates work.

### Namecheap

If you registered your domain with Namecheap:

1. Log into your [Namecheap account](https://www.namecheap.com).
2. Open **Domain List** → click **Manage** next to your domain.
3. Go to the **Advanced DNS** tab.
4. Under **Host Records**, click **Add New Record** → choose **A Record** → set **Host** to `@`, **Value** to your server IP, TTL **Automatic** → **Save**.
5. Add a **CNAME Record** with **Host** `www` and **Value** `@`.
6. Add more **A Records** for each service subdomain (e.g., `vault`, `files`) pointing to the same IP.

### GoDaddy

If you're using GoDaddy DNS:

1. Log into your [GoDaddy account](https://www.godaddy.com).
2. Open **My Products** → locate your domain → click **DNS**.
3. Click **Add** in the **Records** section, choose **A**, set **Name** to `@`, **Value** to your server IP, TTL **1 Hour** → **Save**.
4. Add a **CNAME** record with **Name** `www` pointing to `@`.
5. Add more **A** records for each service subdomain (Name = `vault`, `files`, etc.; Value = server IP).

### Porkbun

If you manage DNS with Porkbun:

1. Log into the [Porkbun Domain Management](https://porkbun.com/account/domains) panel.
2. Click **Details** next to your domain.
3. In **Quick DNS Config**, click **Edit**.
4. Add an **A** record with **Host** `@` and **Answer** = your server IP.
5. Add a **CNAME** record with **Host** `www` and **Answer** `@`.
6. Add more **A** records for each service subdomain (Host = `vault`, `files`, etc.; Answer = server IP).
7. Click **Save Changes**.

### Google Domains / Squarespace Domains

If your domain is managed in Google Domains (now Squarespace):

1. Sign in at [domains.google](https://domains.google).
2. Select your domain and open the **DNS** tab.
3. Under **Custom records**, click **+ Add record**.
4. Choose **A**, set **Name** to `@`, **Data** to your server IP, **TTL** to the default → **Save**.
5. Add a **CNAME** with **Name** `www` and **Data** `@`.
6. Add more **A** records for each service subdomain (`vault`, `files`, etc.) pointing to the same IP.

### OVHcloud

If you manage DNS at OVH:

1. Log into the [OVHcloud Manager](https://www.ovh.com/manager).
2. Go to **Domains** → select your domain → **DNS zone**.
3. Click **Add an entry** → choose **A** → set **Sub-domain** to `@` and **Target** to your server IP → confirm.
4. Add another entry: **Type** **CNAME**, **Sub-domain** `www`, **Target** `yourdomain.com.` (OVH will append the dot automatically).
5. Add additional **A** entries for each service subdomain (`vault`, `files`, etc.) pointing to the same IP.

## Understanding DNS Propagation

After creating a subdomain, it takes time for the change to spread across the internet. This is called **DNS propagation**.

### How Long Does It Take?

- **Usually:** 5-30 minutes
- **Sometimes:** Up to 24 hours
- **Rarely:** Up to 48 hours

### How to Check if It's Working

You can test if your subdomain is working by visiting it in your browser:

- Go to `https://vault.yourdomain.com`
- If you see a page (even an error), the subdomain is working
- If you get "This site can't be reached", it's still propagating

### Testing with Command Line

You can also test from your server:

```
# Test if subdomain resolves
nslookup vault.yourdomain.com

# Test if it points to your server
dig vault.yourdomain.com
```

## Create Your Domain Checklist

Before installing applications, map out every DNS record you want in place. This keeps your launch organized and helps you avoid downtime on your main site.

### Essential Records

These are the records most beginners configure on day one:

- `@` → Your Infinity Tools server IP (WordPress will live here later)
- `www` → CNAME pointing to `@`
- `vault.yourdomain.com` → Your server IP for Vaultwarden
- `files.yourdomain.com` → Your server IP for Nextcloud or file storage

### Optional Subdomains

Add these after your core services are live:

- `blog.yourdomain.com` → Alternate blog or marketing site
- `admin.yourdomain.com` → Admin panel (use with caution, see security tips)
- `sync.yourdomain.com` → File synchronization endpoint
- `stats.yourdomain.com` → Analytics tools like Matomo
- `monitor.yourdomain.com` → Monitoring dashboards
- `backup.yourdomain.com` → Backup management interface

## Best Practices

### Naming Conventions

- ✅ **Use descriptive names** - `vault` instead of `app1`
- ✅ **Keep them short** - `files` instead of `file-storage-system`
- ✅ **Use lowercase** - `vault` not `Vault`
- ✅ **Avoid special characters** - No spaces, symbols, or accents

### Security Considerations

- ✅ **Don't use obvious names** - Avoid `admin` for sensitive services
- ✅ **Use random names for sensitive services** - `a7b9c2` instead of `admin`
- ✅ **Document your subdomains** - Keep a list of what each one does

## Troubleshooting

### Subdomain Not Working

If your subdomain isn't working:

1. **Check the DNS record** - Make sure it points to the right IP
2. **Wait for propagation** - Give it 30 minutes to an hour
3. **Check for typos** - Make sure the subdomain name is correct
4. **Test with different tools** - Try `nslookup` or online DNS checkers

### Common Mistakes

- ❌ **Including the full domain in the host field** - Use `vault` not `vault.mydomain.com`
- ❌ **Pointing your main domain to the wrong place** - Double-check WordPress instructions before editing `@` and `www`
- ❌ **Wrong IP address** - Make sure you're using your server's public IP
- ❌ **Wrong record type** - Use "A" record, not "CNAME" for IP addresses
- ❌ **Not saving the record** - Make sure to click "Save" after creating

## Quick Reference

**Find your server IP:**

```
curl ifconfig.me
```

**Verify your main domain record:**

```
nslookup yourdomain.com
```

**Test subdomain resolution:**

```
nslookup vault.yourdomain.com
```

**Test from browser:**

```
https://vault.yourdomain.com
```

*Tip:* Until WordPress or another app is installed you'll likely see Traefik's default page at your main domain. That's expected.

## You're Ready!

Now you understand how to prepare both your main domain and subdomains! This knowledge will be essential as you install applications like Vaultwarden, Nextcloud, and connect your WordPress site.

**What you learned:**

- ✅ **How to point your main domain** - Aim it at your Infinity Tools server so WordPress is ready to launch
- ✅ **What subdomains are** - Separate addresses for different services
- ✅ **How to plan them** - Build a checklist before installing apps
- ✅ **How to create DNS records** - Step-by-step instructions for popular providers
- ✅ **How to test everything** - Browser and command-line methods

**Next step:** Move on to Chapter 3 (*Setting Up Your Foundation*). Keep this checklist handy—each time you install an app, add or confirm the subdomain you planned.

## What You Learned

- **Main domain setup** - How to point `@` and `www` to your Infinity Tools server
- **Subdomains** - Separate addresses for different services on your domain
- **DNS Records** - How to point each subdomain to your server
- **DNS Propagation** - How long it takes for changes to take effect
- **Testing Methods** - How to verify both main and subdomains are working
- **Planning** - How to organize your services with a checklist

You now have the foundation knowledge needed to set up professional-looking, organized services on your server!

---

*Next: Chapter 3 - Setting Up Your Foundation.*