[{"data":1,"prerenderedAt":1386},["ShallowReactive",2],{"\u002Fdeploy\u002Fflask-domain-and-dns-setup-for-production":3},{"id":4,"title":5,"body":6,"description":1376,"extension":1377,"meta":1378,"navigation":64,"path":1382,"seo":1383,"stem":1384,"__hash__":1385},"content\u002Fdeploy\u002Fflask-domain-and-dns-setup-for-production.md","Flask Domain and DNS Setup for Production",{"type":7,"value":8,"toc":1359},"minimark",[9,13,17,22,25,247,250,254,261,265,777,781,867,871,874,879,939,942,958,962,982,984,1006,1010,1045,1047,1064,1068,1091,1093,1106,1110,1131,1133,1144,1148,1246,1250,1271,1275,1283,1297,1305,1316,1324,1332,1340,1348,1352,1355],[10,11,5],"h1",{"id":12},"flask-domain-and-dns-setup-for-production",[14,15,16],"p",{},"If you're trying to point a domain to a Flask app in production, this guide shows you how to set up DNS and connect the domain to your server step-by-step. The goal is to make the domain resolve correctly, reach Nginx, and be ready for HTTPS.",[18,19,21],"h2",{"id":20},"quick-fix-quick-setup","Quick Fix \u002F Quick Setup",[14,23,24],{},"Use this when you have a single VPS with a public IPv4 address and Nginx in front of Gunicorn.",[26,27,32],"pre",{"className":28,"code":29,"language":30,"meta":31,"style":31},"language-bash shiki shiki-themes github-light github-dark","# 1) Get your server public IP\ncurl -4 ifconfig.me\n\n# 2) At your DNS provider, create records\n# Replace values with your real domain and IP\n\n# A record\n@      A      YOUR_SERVER_IP\n\n# Optional www record\nwww    CNAME  @\n\n# 3) Verify DNS propagation\ndig +short example.com A\ndig +short www.example.com\n\n# 4) Point Nginx server_name to the domain\nsudo nano \u002Fetc\u002Fnginx\u002Fsites-available\u002Fflask_app\n# server_name example.com www.example.com;\n\n# 5) Test and reload Nginx\nsudo nginx -t\nsudo systemctl reload nginx\n\n# 6) Confirm the domain reaches the server\ncurl -I http:\u002F\u002Fexample.com\n","bash","",[33,34,35,44,59,66,72,78,83,89,101,106,112,124,129,135,150,160,165,171,183,189,194,200,211,225,230,236],"code",{"__ignoreMap":31},[36,37,40],"span",{"class":38,"line":39},"line",1,[36,41,43],{"class":42},"sJ8bj","# 1) Get your server public IP\n",[36,45,47,51,55],{"class":38,"line":46},2,[36,48,50],{"class":49},"sScJk","curl",[36,52,54],{"class":53},"sj4cs"," -4",[36,56,58],{"class":57},"sZZnC"," ifconfig.me\n",[36,60,62],{"class":38,"line":61},3,[36,63,65],{"emptyLinePlaceholder":64},true,"\n",[36,67,69],{"class":38,"line":68},4,[36,70,71],{"class":42},"# 2) At your DNS provider, create records\n",[36,73,75],{"class":38,"line":74},5,[36,76,77],{"class":42},"# Replace values with your real domain and IP\n",[36,79,81],{"class":38,"line":80},6,[36,82,65],{"emptyLinePlaceholder":64},[36,84,86],{"class":38,"line":85},7,[36,87,88],{"class":42},"# A record\n",[36,90,92,95,98],{"class":38,"line":91},8,[36,93,94],{"class":49},"@",[36,96,97],{"class":57},"      A",[36,99,100],{"class":57},"      YOUR_SERVER_IP\n",[36,102,104],{"class":38,"line":103},9,[36,105,65],{"emptyLinePlaceholder":64},[36,107,109],{"class":38,"line":108},10,[36,110,111],{"class":42},"# Optional www record\n",[36,113,115,118,121],{"class":38,"line":114},11,[36,116,117],{"class":49},"www",[36,119,120],{"class":57},"    CNAME",[36,122,123],{"class":57},"  @\n",[36,125,127],{"class":38,"line":126},12,[36,128,65],{"emptyLinePlaceholder":64},[36,130,132],{"class":38,"line":131},13,[36,133,134],{"class":42},"# 3) Verify DNS propagation\n",[36,136,138,141,144,147],{"class":38,"line":137},14,[36,139,140],{"class":49},"dig",[36,142,143],{"class":57}," +short",[36,145,146],{"class":57}," example.com",[36,148,149],{"class":57}," A\n",[36,151,153,155,157],{"class":38,"line":152},15,[36,154,140],{"class":49},[36,156,143],{"class":57},[36,158,159],{"class":57}," www.example.com\n",[36,161,163],{"class":38,"line":162},16,[36,164,65],{"emptyLinePlaceholder":64},[36,166,168],{"class":38,"line":167},17,[36,169,170],{"class":42},"# 4) Point Nginx server_name to the domain\n",[36,172,174,177,180],{"class":38,"line":173},18,[36,175,176],{"class":49},"sudo",[36,178,179],{"class":57}," nano",[36,181,182],{"class":57}," \u002Fetc\u002Fnginx\u002Fsites-available\u002Fflask_app\n",[36,184,186],{"class":38,"line":185},19,[36,187,188],{"class":42},"# server_name example.com www.example.com;\n",[36,190,192],{"class":38,"line":191},20,[36,193,65],{"emptyLinePlaceholder":64},[36,195,197],{"class":38,"line":196},21,[36,198,199],{"class":42},"# 5) Test and reload Nginx\n",[36,201,203,205,208],{"class":38,"line":202},22,[36,204,176],{"class":49},[36,206,207],{"class":57}," nginx",[36,209,210],{"class":53}," -t\n",[36,212,214,216,219,222],{"class":38,"line":213},23,[36,215,176],{"class":49},[36,217,218],{"class":57}," systemctl",[36,220,221],{"class":57}," reload",[36,223,224],{"class":57}," nginx\n",[36,226,228],{"class":38,"line":227},24,[36,229,65],{"emptyLinePlaceholder":64},[36,231,233],{"class":38,"line":232},25,[36,234,235],{"class":42},"# 6) Confirm the domain reaches the server\n",[36,237,239,241,244],{"class":38,"line":238},26,[36,240,50],{"class":49},[36,242,243],{"class":53}," -I",[36,245,246],{"class":57}," http:\u002F\u002Fexample.com\n",[14,248,249],{},"After DNS resolves correctly over HTTP, continue with your HTTPS setup.",[18,251,253],{"id":252},"whats-happening","What’s Happening",[14,255,256,257,260],{},"A domain only reaches your Flask app after DNS points the hostname to the correct public server endpoint. Nginx must also recognize that hostname through ",[33,258,259],{},"server_name",", or requests may hit the wrong virtual host. DNS changes are cached by resolvers, so updates may not appear immediately. This setup should be complete before issuing TLS certificates.",[18,262,264],{"id":263},"step-by-step-guide","Step-by-Step Guide",[266,267,268,295,333,371,414,426,540,578,623,685,727,769],"ol",{},[269,270,271,275,278,279,292,294],"li",{},[272,273,274],"strong",{},"Identify the public endpoint",[276,277],"br",{},"For a VPS, get the public IPv4 address:",[26,280,282],{"className":28,"code":281,"language":30,"meta":31,"style":31},"curl -4 ifconfig.me\n",[33,283,284],{"__ignoreMap":31},[36,285,286,288,290],{"class":38,"line":39},[36,287,50],{"class":49},[36,289,54],{"class":53},[36,291,58],{"class":57},[276,293],{},"If you use a load balancer, use its static IP or provider hostname instead.",[269,296,297,300,302,303,318,320,321],{},[272,298,299],{},"Decide which hostnames to serve",[276,301],{},"Typical production setup:",[304,305,306,312],"ul",{},[269,307,308,311],{},[33,309,310],{},"example.com"," as apex",[269,313,314,317],{},[33,315,316],{},"www.example.com"," as alias",[276,319],{},"Choose one canonical host. Common options:",[304,322,323,328],{},[269,324,325,327],{},[33,326,117],{}," redirects to apex",[269,329,330,331],{},"apex redirects to ",[33,332,117],{},[269,334,335,338,340,341,352,354,355,364,366,367,370],{},[272,336,337],{},"Create the apex DNS record",[276,339],{},"In your DNS provider dashboard, edit the zone for your domain and add:",[26,342,346],{"className":343,"code":344,"language":345,"meta":31,"style":31},"language-txt shiki shiki-themes github-light github-dark","@   A      YOUR_SERVER_IP\n","txt",[33,347,348],{"__ignoreMap":31},[36,349,350],{"class":38,"line":39},[36,351,344],{},[276,353],{},"If using IPv6 and the server is actually reachable over IPv6, also add:",[26,356,358],{"className":343,"code":357,"language":345,"meta":31,"style":31},"@   AAAA   YOUR_SERVER_IPV6\n",[33,359,360],{"__ignoreMap":31},[36,361,362],{"class":38,"line":39},[36,363,357],{},[276,365],{},"Do not add ",[33,368,369],{},"AAAA"," unless IPv6 is working end-to-end.",[269,372,373,379,381,382,391,393,394,403,405,406,409,410,413],{},[272,374,375,376,378],{},"Create the ",[33,377,117],{}," record",[276,380],{},"For a standard VPS setup, add:",[26,383,385],{"className":343,"code":384,"language":345,"meta":31,"style":31},"www   CNAME   @\n",[33,386,387],{"__ignoreMap":31},[36,388,389],{"class":38,"line":39},[36,390,384],{},[276,392],{},"If your provider requires the full hostname:",[26,395,397],{"className":343,"code":396,"language":345,"meta":31,"style":31},"www   CNAME   example.com\n",[33,398,399],{"__ignoreMap":31},[36,400,401],{"class":38,"line":39},[36,402,396],{},[276,404],{},"If you are pointing the apex to a load balancer hostname, use ",[33,407,408],{},"ALIAS"," or ",[33,411,412],{},"ANAME"," at the root if your DNS provider supports it.",[269,415,416,419,421,422,425],{},[272,417,418],{},"Use a practical TTL during rollout",[276,420],{},"Set a low TTL such as ",[33,423,424],{},"300"," seconds while changing records. Increase it later after validation.",[269,427,428,431,433,434,447,449,450,516,518,519],{},[272,429,430],{},"Update your Nginx server block",[276,432],{},"Open your Nginx site config:",[26,435,437],{"className":28,"code":436,"language":30,"meta":31,"style":31},"sudo nano \u002Fetc\u002Fnginx\u002Fsites-available\u002Fflask_app\n",[33,438,439],{"__ignoreMap":31},[36,440,441,443,445],{"class":38,"line":39},[36,442,176],{"class":49},[36,444,179],{"class":57},[36,446,182],{"class":57},[276,448],{},"Make sure it includes the production hostnames:",[26,451,455],{"className":452,"code":453,"language":454,"meta":31,"style":31},"language-nginx shiki shiki-themes github-light github-dark","server {\n    listen 80;\n    server_name example.com www.example.com;\n\n    location \u002F {\n        proxy_pass http:\u002F\u002F127.0.0.1:8000;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Forwarded-Proto $scheme;\n    }\n}\n","nginx",[33,456,457,462,467,472,476,481,486,491,496,501,506,511],{"__ignoreMap":31},[36,458,459],{"class":38,"line":39},[36,460,461],{},"server {\n",[36,463,464],{"class":38,"line":46},[36,465,466],{},"    listen 80;\n",[36,468,469],{"class":38,"line":61},[36,470,471],{},"    server_name example.com www.example.com;\n",[36,473,474],{"class":38,"line":68},[36,475,65],{"emptyLinePlaceholder":64},[36,477,478],{"class":38,"line":74},[36,479,480],{},"    location \u002F {\n",[36,482,483],{"class":38,"line":80},[36,484,485],{},"        proxy_pass http:\u002F\u002F127.0.0.1:8000;\n",[36,487,488],{"class":38,"line":85},[36,489,490],{},"        proxy_set_header Host $host;\n",[36,492,493],{"class":38,"line":91},[36,494,495],{},"        proxy_set_header X-Real-IP $remote_addr;\n",[36,497,498],{"class":38,"line":103},[36,499,500],{},"        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n",[36,502,503],{"class":38,"line":108},[36,504,505],{},"        proxy_set_header X-Forwarded-Proto $scheme;\n",[36,507,508],{"class":38,"line":114},[36,509,510],{},"    }\n",[36,512,513],{"class":38,"line":126},[36,514,515],{},"}\n",[276,517],{},"If needed, enable the site:",[26,520,522],{"className":28,"code":521,"language":30,"meta":31,"style":31},"sudo ln -s \u002Fetc\u002Fnginx\u002Fsites-available\u002Fflask_app \u002Fetc\u002Fnginx\u002Fsites-enabled\u002F\n",[33,523,524],{"__ignoreMap":31},[36,525,526,528,531,534,537],{"class":38,"line":39},[36,527,176],{"class":49},[36,529,530],{"class":57}," ln",[36,532,533],{"class":53}," -s",[36,535,536],{"class":57}," \u002Fetc\u002Fnginx\u002Fsites-available\u002Fflask_app",[36,538,539],{"class":57}," \u002Fetc\u002Fnginx\u002Fsites-enabled\u002F\n",[269,541,542,545,571,573,574,577],{},[272,543,544],{},"Test and reload Nginx",[26,546,548],{"className":28,"code":547,"language":30,"meta":31,"style":31},"sudo nginx -t && sudo systemctl reload nginx\n",[33,549,550],{"__ignoreMap":31},[36,551,552,554,556,559,563,565,567,569],{"class":38,"line":39},[36,553,176],{"class":49},[36,555,207],{"class":57},[36,557,558],{"class":53}," -t",[36,560,562],{"class":561},"sVt8B"," && ",[36,564,176],{"class":49},[36,566,218],{"class":57},[36,568,221],{"class":57},[36,570,224],{"class":57},[276,572],{},"Do not continue until ",[33,575,576],{},"nginx -t"," passes.",[269,579,580,583,585,586,601,603,604,606,607,620,622],{},[272,581,582],{},"Verify DNS resolution",[276,584],{},"From your machine, check the apex record:",[26,587,589],{"className":28,"code":588,"language":30,"meta":31,"style":31},"dig +short example.com A\n",[33,590,591],{"__ignoreMap":31},[36,592,593,595,597,599],{"class":38,"line":39},[36,594,140],{"class":49},[36,596,143],{"class":57},[36,598,146],{"class":57},[36,600,149],{"class":57},[276,602],{},"Check the ",[33,605,117],{}," host:",[26,608,610],{"className":28,"code":609,"language":30,"meta":31,"style":31},"dig +short www.example.com\n",[33,611,612],{"__ignoreMap":31},[36,613,614,616,618],{"class":38,"line":39},[36,615,140],{"class":49},[36,617,143],{"class":57},[36,619,159],{"class":57},[276,621],{},"The result must match your intended production endpoint.",[269,624,625,628,650,652,653,671,673,674],{},[272,626,627],{},"Verify the domain reaches Nginx",[26,629,631],{"className":28,"code":630,"language":30,"meta":31,"style":31},"curl -I http:\u002F\u002Fexample.com\ncurl -I http:\u002F\u002Fwww.example.com\n",[33,632,633,641],{"__ignoreMap":31},[36,634,635,637,639],{"class":38,"line":39},[36,636,50],{"class":49},[36,638,243],{"class":53},[36,640,246],{"class":57},[36,642,643,645,647],{"class":38,"line":46},[36,644,50],{"class":49},[36,646,243],{"class":53},[36,648,649],{"class":57}," http:\u002F\u002Fwww.example.com\n",[276,651],{},"Expected results include:",[304,654,655,660,665],{},[269,656,657],{},[33,658,659],{},"200 OK",[269,661,662],{},[33,663,664],{},"301 Moved Permanently",[269,666,667,670],{},[33,668,669],{},"404 Not Found"," from your app or Nginx",[276,672],{},"Unexpected results include:",[304,675,676,679,682],{},[269,677,678],{},"timeout",[269,680,681],{},"connection refused",[269,683,684],{},"unrelated website response",[269,686,687,690,692,693,720,722,723,726],{},[272,688,689],{},"Open port 80 if DNS resolves but requests fail",[276,691],{},"On Ubuntu with UFW:",[26,694,696],{"className":28,"code":695,"language":30,"meta":31,"style":31},"sudo ufw allow 80\u002Ftcp\nsudo ufw status\n",[33,697,698,711],{"__ignoreMap":31},[36,699,700,702,705,708],{"class":38,"line":39},[36,701,176],{"class":49},[36,703,704],{"class":57}," ufw",[36,706,707],{"class":57}," allow",[36,709,710],{"class":57}," 80\u002Ftcp\n",[36,712,713,715,717],{"class":38,"line":46},[36,714,176],{"class":49},[36,716,704],{"class":57},[36,718,719],{"class":57}," status\n",[276,721],{},"Also confirm your cloud firewall or security group allows inbound TCP ",[33,724,725],{},"80",".",[269,728,729,732,734,735,766,768],{},[272,730,731],{},"Check for conflicting Nginx virtual hosts",[276,733],{},"If multiple sites run on the same server, verify the intended site is enabled:",[26,736,738],{"className":28,"code":737,"language":30,"meta":31,"style":31},"ls -l \u002Fetc\u002Fnginx\u002Fsites-enabled\u002F\nsudo nginx -T | less\n",[33,739,740,750],{"__ignoreMap":31},[36,741,742,745,748],{"class":38,"line":39},[36,743,744],{"class":49},"ls",[36,746,747],{"class":53}," -l",[36,749,539],{"class":57},[36,751,752,754,756,759,763],{"class":38,"line":46},[36,753,176],{"class":49},[36,755,207],{"class":57},[36,757,758],{"class":53}," -T",[36,760,762],{"class":761},"szBVR"," |",[36,764,765],{"class":49}," less\n",[276,767],{},"Remove or disable conflicting default hosts if necessary.",[269,770,771,774,776],{},[272,772,773],{},"Proceed to HTTPS after HTTP works",[276,775],{},"Once DNS resolution and HTTP reachability are confirmed, move to TLS setup.",[18,778,780],{"id":779},"common-causes","Common Causes",[304,782,783,792,815,827,833,846,855,861],{},[269,784,785,788,789,726],{},[272,786,787],{},"Wrong A record"," → The domain points to an old or incorrect IP → Update the record to the current server IP and verify with ",[33,790,791],{},"dig +short",[269,793,794,799,800,802,803,805,806,809,810,812,813,726],{},[272,795,796,797,378],{},"Missing ",[33,798,117],{}," → ",[33,801,310],{}," works but ",[33,804,316],{}," fails → Add a ",[33,807,808],{},"CNAME"," for ",[33,811,117],{}," and include it in Nginx ",[33,814,259],{},[269,816,817,823,824,826],{},[272,818,819,820,822],{},"Nginx ",[33,821,259],{}," mismatch"," → DNS resolves correctly but the wrong site responds → Update ",[33,825,259],{}," and reload Nginx.",[269,828,829,832],{},[272,830,831],{},"DNS propagation delay"," → Some networks still resolve the previous record → Check multiple resolvers and wait for cache expiry.",[269,834,835,838,839,841,842,845],{},[272,836,837],{},"Cloud firewall closed"," → DNS resolves but the browser times out → Open inbound TCP ",[33,840,725],{}," and later ",[33,843,844],{},"443"," in both OS and provider firewall.",[269,847,848,851,852,854],{},[272,849,850],{},"AAAA record misconfigured"," → IPv6 clients fail while IPv4 works → Remove the ",[33,853,369],{}," record or configure IPv6 correctly.",[269,856,857,860],{},[272,858,859],{},"Registrar nameserver mismatch"," → Changes in one DNS panel have no effect → Confirm the domain uses the nameservers for the DNS zone you edited.",[269,862,863,866],{},[272,864,865],{},"Proxy\u002FCDN interference"," → Proxy mode changes origin behavior during setup → Use DNS-only mode while validating origin connectivity.",[18,868,870],{"id":869},"debugging-section","Debugging Section",[14,872,873],{},"Check DNS, Nginx, and network path in this order.",[875,876,878],"h3",{"id":877},"dns-checks","DNS checks",[26,880,882],{"className":28,"code":881,"language":30,"meta":31,"style":31},"dig example.com\ndig @1.1.1.1 example.com\ndig @8.8.8.8 example.com\ndig NS example.com +short\ndig +short example.com A\ndig +short www.example.com\n",[33,883,884,891,900,909,921,931],{"__ignoreMap":31},[36,885,886,888],{"class":38,"line":39},[36,887,140],{"class":49},[36,889,890],{"class":57}," example.com\n",[36,892,893,895,898],{"class":38,"line":46},[36,894,140],{"class":49},[36,896,897],{"class":57}," @1.1.1.1",[36,899,890],{"class":57},[36,901,902,904,907],{"class":38,"line":61},[36,903,140],{"class":49},[36,905,906],{"class":57}," @8.8.8.8",[36,908,890],{"class":57},[36,910,911,913,916,918],{"class":38,"line":68},[36,912,140],{"class":49},[36,914,915],{"class":57}," NS",[36,917,146],{"class":57},[36,919,920],{"class":57}," +short\n",[36,922,923,925,927,929],{"class":38,"line":74},[36,924,140],{"class":49},[36,926,143],{"class":57},[36,928,146],{"class":57},[36,930,149],{"class":57},[36,932,933,935,937],{"class":38,"line":80},[36,934,140],{"class":49},[36,936,143],{"class":57},[36,938,159],{"class":57},[14,940,941],{},"What to look for:",[304,943,944,947,950,955],{},[269,945,946],{},"active nameservers match the provider you edited",[269,948,949],{},"apex resolves to the correct IP or alias target",[269,951,952,954],{},[33,953,117],{}," resolves to the expected canonical host",[269,956,957],{},"public resolvers return the same result after propagation",[875,959,961],{"id":960},"http-reachability-checks","HTTP reachability checks",[26,963,964],{"className":28,"code":630,"language":30,"meta":31,"style":31},[33,965,966,974],{"__ignoreMap":31},[36,967,968,970,972],{"class":38,"line":39},[36,969,50],{"class":49},[36,971,243],{"class":53},[36,973,246],{"class":57},[36,975,976,978,980],{"class":38,"line":46},[36,977,50],{"class":49},[36,979,243],{"class":53},[36,981,649],{"class":57},[14,983,941],{},[304,985,986,989,1003],{},[269,987,988],{},"response from your server, not timeout",[269,990,991,992,995,996,999,1000],{},"status like ",[33,993,994],{},"200",", ",[33,997,998],{},"301",", or app-generated ",[33,1001,1002],{},"404",[269,1004,1005],{},"expected redirect behavior for canonical host",[875,1007,1009],{"id":1008},"nginx-validation","Nginx validation",[26,1011,1013],{"className":28,"code":1012,"language":30,"meta":31,"style":31},"sudo nginx -t\nsudo nginx -T | less\nsudo systemctl reload nginx\n",[33,1014,1015,1023,1035],{"__ignoreMap":31},[36,1016,1017,1019,1021],{"class":38,"line":39},[36,1018,176],{"class":49},[36,1020,207],{"class":57},[36,1022,210],{"class":53},[36,1024,1025,1027,1029,1031,1033],{"class":38,"line":46},[36,1026,176],{"class":49},[36,1028,207],{"class":57},[36,1030,758],{"class":53},[36,1032,762],{"class":761},[36,1034,765],{"class":49},[36,1036,1037,1039,1041,1043],{"class":38,"line":61},[36,1038,176],{"class":49},[36,1040,218],{"class":57},[36,1042,221],{"class":57},[36,1044,224],{"class":57},[14,1046,941],{},[304,1048,1049,1052,1058,1061],{},[269,1050,1051],{},"syntax test passes",[269,1053,1054,1055,1057],{},"correct ",[33,1056,259],{}," entries are loaded",[269,1059,1060],{},"expected site is enabled",[269,1062,1063],{},"no conflicting default server block captures traffic",[875,1065,1067],{"id":1066},"port-and-listener-checks","Port and listener checks",[26,1069,1071],{"className":28,"code":1070,"language":30,"meta":31,"style":31},"sudo ss -tulpn | grep ':80\\|:443'\n",[33,1072,1073],{"__ignoreMap":31},[36,1074,1075,1077,1080,1083,1085,1088],{"class":38,"line":39},[36,1076,176],{"class":49},[36,1078,1079],{"class":57}," ss",[36,1081,1082],{"class":53}," -tulpn",[36,1084,762],{"class":761},[36,1086,1087],{"class":49}," grep",[36,1089,1090],{"class":57}," ':80\\|:443'\n",[14,1092,941],{},[304,1094,1095,1100],{},[269,1096,1097,1098],{},"Nginx is listening on port ",[33,1099,725],{},[269,1101,1102,1103,1105],{},"later, Nginx should also listen on ",[33,1104,844],{}," after TLS setup",[875,1107,1109],{"id":1108},"live-nginx-logs","Live Nginx logs",[26,1111,1113],{"className":28,"code":1112,"language":30,"meta":31,"style":31},"sudo tail -f \u002Fvar\u002Flog\u002Fnginx\u002Faccess.log \u002Fvar\u002Flog\u002Fnginx\u002Ferror.log\n",[33,1114,1115],{"__ignoreMap":31},[36,1116,1117,1119,1122,1125,1128],{"class":38,"line":39},[36,1118,176],{"class":49},[36,1120,1121],{"class":57}," tail",[36,1123,1124],{"class":53}," -f",[36,1126,1127],{"class":57}," \u002Fvar\u002Flog\u002Fnginx\u002Faccess.log",[36,1129,1130],{"class":57}," \u002Fvar\u002Flog\u002Fnginx\u002Ferror.log\n",[14,1132,941],{},[304,1134,1135,1138,1141],{},[269,1136,1137],{},"incoming requests for your domain",[269,1139,1140],{},"host header used by clients",[269,1142,1143],{},"upstream or vhost errors",[18,1145,1147],{"id":1146},"checklist","Checklist",[304,1149,1152,1161,1175,1187,1196,1205,1214,1223,1231,1240],{"className":1150},[1151],"contains-task-list",[269,1153,1156,1160],{"className":1154},[1155],"task-list-item",[1157,1158],"input",{"disabled":64,"type":1159},"checkbox"," Domain uses the expected authoritative nameservers.",[269,1162,1164,1166,1167,1170,1171,1174],{"className":1163},[1155],[1157,1165],{"disabled":64,"type":1159}," Apex domain has a correct ",[33,1168,1169],{},"A"," record to the production IP or an ",[33,1172,1173],{},"ALIAS\u002FANAME"," to the load balancer.",[269,1176,1178,1180,1181,1183,1184,1186],{"className":1177},[1155],[1157,1179],{"disabled":64,"type":1159}," ",[33,1182,117],{}," hostname has a correct ",[33,1185,808],{}," or equivalent record.",[269,1188,1190,1192,1193,1195],{"className":1189},[1155],[1157,1191],{"disabled":64,"type":1159}," No invalid ",[33,1194,369],{}," record exists unless IPv6 is configured and reachable.",[269,1197,1199,1201,1202,1204],{"className":1198},[1155],[1157,1200],{"disabled":64,"type":1159}," Nginx ",[33,1203,259],{}," includes the exact production hostnames.",[269,1206,1208,1210,1211,1213],{"className":1207},[1155],[1157,1209],{"disabled":64,"type":1159}," Nginx config passes ",[33,1212,576],{}," and has been reloaded.",[269,1215,1217,1219,1220,1222],{"className":1216},[1155],[1157,1218],{"disabled":64,"type":1159}," Port ",[33,1221,725],{}," is open in OS firewall and cloud firewall\u002Fsecurity group.",[269,1224,1226,1180,1228,1230],{"className":1225},[1155],[1157,1227],{"disabled":64,"type":1159},[33,1229,791],{}," returns the expected IP or hostname.",[269,1232,1234,1180,1236,1239],{"className":1233},[1155],[1157,1235],{"disabled":64,"type":1159},[33,1237,1238],{},"curl -I http:\u002F\u002Fdomain"," reaches Nginx successfully.",[269,1241,1243,1245],{"className":1242},[1155],[1157,1244],{"disabled":64,"type":1159}," The site is ready for HTTPS setup after HTTP validation.",[18,1247,1249],{"id":1248},"related-guides","Related Guides",[304,1251,1252,1259,1265],{},[269,1253,1254],{},[1255,1256,1258],"a",{"href":1257},"\u002Fdeploy\u002Fdeploy-flask-with-nginx-plus-gunicorn-step-by-step-guide","Deploy Flask with Nginx + Gunicorn (Step-by-Step Guide)",[269,1260,1261],{},[1255,1262,1264],{"href":1263},"\u002Fdeploy\u002Fdeploy-flask-on-ubuntu-vps-step-by-step","Deploy Flask on Ubuntu VPS (Step-by-Step)",[269,1266,1267],{},[1255,1268,1270],{"href":1269},"\u002Fchecklist\u002Fflask-production-checklist-everything-you-must-do","Flask Production Checklist (Everything You Must Do)",[18,1272,1274],{"id":1273},"faq","FAQ",[14,1276,1277,1280,1282],{},[272,1278,1279],{},"Q: Should I point my domain directly to Gunicorn?",[276,1281],{},"\nA: No. Point the domain to Nginx or your load balancer. Nginx should proxy requests to Gunicorn.",[14,1284,1285,1288,1290,1291,1293,1294,1296],{},[272,1286,1287],{},"Q: Should I use A or CNAME for the root domain?",[276,1289],{},"\nA: Use an ",[33,1292,1169],{}," record for a VPS IP. If pointing apex to a provider hostname, use ",[33,1295,1173],{}," if your DNS provider supports it.",[14,1298,1299,1302,1304],{},[272,1300,1301],{},"Q: How long does DNS propagation take?",[276,1303],{},"\nA: Often a few minutes, but cached resolvers may take longer depending on TTL and previous records.",[14,1306,1307,1310,1312,1313,1315],{},[272,1308,1309],{},"Q: Why does the domain resolve but the wrong website loads?",[276,1311],{},"\nA: Nginx is likely matching a different server block. Check ",[33,1314,259],{},", enabled sites, and the default host.",[14,1317,1318,1321,1323],{},[272,1319,1320],{},"Q: Do I need DNS working before HTTPS?",[276,1322],{},"\nA: Yes. Certificate issuance and validation depend on the domain resolving to the correct server or validation endpoint.",[14,1325,1326,1329,1331],{},[272,1327,1328],{},"Q: Should I create an AAAA record?",[276,1330],{},"\nA: Only if your server is configured for IPv6 and reachable over IPv6. Otherwise omit it.",[14,1333,1334,1337,1339],{},[272,1335,1336],{},"Q: Why does DNS look correct on my machine but not for other users?",[276,1338],{},"\nA: Resolver caching and TTL differences can cause temporary mismatches. Check multiple public resolvers.",[14,1341,1342,1345,1347],{},[272,1343,1344],{},"Q: Do I need both apex and www records?",[276,1346],{},"\nA: Only if you want both hostnames to work. If so, configure DNS and an Nginx redirect strategy for one canonical host.",[18,1349,1351],{"id":1350},"final-takeaway","Final Takeaway",[14,1353,1354],{},"Production domain setup is a two-part match: DNS must point to the correct public endpoint, and Nginx must recognize the same hostnames. Validate DNS first, then validate HTTP reachability, and only then move to HTTPS.",[1356,1357,1358],"style",{},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sJ8bj, html code.shiki .sJ8bj{--shiki-default:#6A737D;--shiki-dark:#6A737D}html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .sVt8B, html code.shiki .sVt8B{--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .szBVR, html code.shiki .szBVR{--shiki-default:#D73A49;--shiki-dark:#F97583}",{"title":31,"searchDepth":46,"depth":46,"links":1360},[1361,1362,1363,1364,1365,1372,1373,1374,1375],{"id":20,"depth":46,"text":21},{"id":252,"depth":46,"text":253},{"id":263,"depth":46,"text":264},{"id":779,"depth":46,"text":780},{"id":869,"depth":46,"text":870,"children":1366},[1367,1368,1369,1370,1371],{"id":877,"depth":61,"text":878},{"id":960,"depth":61,"text":961},{"id":1008,"depth":61,"text":1009},{"id":1066,"depth":61,"text":1067},{"id":1108,"depth":61,"text":1109},{"id":1146,"depth":46,"text":1147},{"id":1248,"depth":46,"text":1249},{"id":1273,"depth":46,"text":1274},{"id":1350,"depth":46,"text":1351},"Complete guide on flask domain and dns setup for production for Flask production environments.","md",{"ogTitle":5,"ogDescription":1376,"twitterCard":1379,"robots":1380,"canonical":1381},"summary_large_image","index, follow","https:\u002F\u002Fflask-deployment.com\u002Fdeploy\u002Fflask-domain-and-dns-setup-for-production","\u002Fdeploy\u002Fflask-domain-and-dns-setup-for-production",{"title":5,"description":1376},"deploy\u002Fflask-domain-and-dns-setup-for-production","cHowOgmIwEvjB41BAGY2_SoZs1q_-m21dwlijRxiTUo",1776805766011]