miracles_in_motion/docs/deployment/CUSTOM_DOMAIN_SETUP.md

# 🌐 Custom Domain Setup Guide

**Domain:** `mim4u.org`  
**Static Web App:** `mim-prod-igiay4-web`  
**CNAME Target:** `lemon-water-015cb3010.3.azurestaticapps.net`

---

## 📋 DNS Configuration Steps

### Step 1: Configure DNS Records

You need to add the following DNS records at your domain registrar or DNS provider:

#### For Apex Domain (mim4u.org):
**Option A: Using Azure Static Web App (Recommended)**
1. Add a **TXT record** for validation:
   - **Name:** `@` or `mim4u.org`
   - **Type:** `TXT`
   - **Value:** (Will be provided by Azure when you add the hostname)

**Option B: Using CNAME (if supported by your DNS provider)**
1. Add a **CNAME record**:
   - **Name:** `@` or `mim4u.org`
   - **Type:** `CNAME`
   - **Value:** `lemon-water-015cb3010.3.azurestaticapps.net`

#### For www Subdomain (www.mim4u.org):
1. Add a **CNAME record**:
   - **Name:** `www`
   - **Type:** `CNAME`
   - **Value:** `lemon-water-015cb3010.3.azurestaticapps.net`

---

## 🔧 Azure Configuration

### Step 2: Add Custom Domain to Static Web App

Once DNS records are configured, add the custom domain:

```bash
# For apex domain (requires TXT validation)
az staticwebapp hostname set \
  --name mim-prod-igiay4-web \
  --resource-group rg-miraclesinmotion-prod \
  --hostname "mim4u.org" \
  --validation-method "dns-txt-token"

# For www subdomain (CNAME validation)
az staticwebapp hostname set \
  --name mim-prod-igiay4-web \
  --resource-group rg-miraclesinmotion-prod \
  --hostname "www.mim4u.org"
```

### Step 3: Get Validation Token (for apex domain)

```bash
# Get validation token for TXT record
az staticwebapp hostname show \
  --name mim-prod-igiay4-web \
  --resource-group rg-miraclesinmotion-prod \
  --hostname "mim4u.org" \
  --query "validationToken" -o tsv
```

Add this token as a TXT record in your DNS:
- **Name:** `asuid.mim4u.org` or `_asuid.mim4u.org`
- **Type:** `TXT`
- **Value:** (validation token from above)

---

## ☁️ Cloudflare Configuration

If using Cloudflare:

### Step 1: Add Domain to Cloudflare
1. Log in to Cloudflare Dashboard
2. Add site: `mim4u.org`
3. Update nameservers at your domain registrar

### Step 2: Configure DNS Records in Cloudflare

1. Go to **DNS** → **Records**
2. Add records:

| Type | Name | Content | Proxy Status | TTL |
|------|------|---------|---------------|-----|
| CNAME | www | lemon-water-015cb3010.3.azurestaticapps.net | ✅ Proxied | Auto |
| CNAME | @ | lemon-water-015cb3010.3.azurestaticapps.net | ⚠️ DNS Only (for apex) | Auto |
| TXT | _asuid | (validation token) | - | Auto |

**Note:** For apex domains in Cloudflare, you may need to use:
- **CNAME Flattening** (enabled by default in Cloudflare)
- Or use **A/AAAA records** pointing to Azure IPs (not recommended)

### Step 3: Configure SSL/TLS

1. Go to **SSL/TLS** → **Overview**
2. Set encryption mode to **Full (strict)**
3. Enable **Always Use HTTPS**
4. Enable **Automatic HTTPS Rewrites**

### Step 4: Configure Page Rules

Create rules for:
- Force HTTPS: `*mim4u.org/*`
- Cache static assets: `*mim4u.org/assets/*`

### Step 5: Security Settings

1. Go to **Security** → **Settings**
2. Configure:
   - Security Level: Medium
   - Challenge Passage: 30 minutes
   - Browser Integrity Check: On

---

## ✅ Verification Steps

### 1. Verify DNS Propagation

```bash
# Check DNS resolution
dig mim4u.org
dig www.mim4u.org

# Check CNAME
dig www.mim4u.org CNAME

# Check TXT record (for validation)
dig _asuid.mim4u.org TXT
```

### 2. Verify Domain in Azure

```bash
# List configured hostnames
az staticwebapp hostname list \
  --name mim-prod-igiay4-web \
  --resource-group rg-miraclesinmotion-prod

# Check validation status
az staticwebapp hostname show \
  --name mim-prod-igiay4-web \
  --resource-group rg-miraclesinmotion-prod \
  --hostname "mim4u.org" \
  --query "{hostname:name, validationState:validationState}"
```

### 3. Test HTTPS

```bash
# Test HTTPS connection
curl -I https://mim4u.org
curl -I https://www.mim4u.org

# Check SSL certificate
openssl s_client -connect mim4u.org:443 -servername mim4u.org
```

---

## ⏱️ Timeline

- **DNS Propagation:** 24-48 hours (usually faster)
- **SSL Certificate Provisioning:** 1-24 hours after DNS validation
- **Full Configuration:** 24-48 hours total

---

## 🔍 Troubleshooting

### Issue: Domain validation fails
**Solution:**
- Verify TXT record is correctly added
- Wait for DNS propagation (can take up to 48 hours)
- Check record name format (`_asuid` vs `asuid`)

### Issue: SSL certificate not provisioning
**Solution:**
- Ensure DNS validation is complete
- Wait up to 24 hours for certificate provisioning
- Check Azure Portal for validation errors

### Issue: CNAME conflicts with apex domain
**Solution:**
- Use Cloudflare CNAME flattening
- Or use A/AAAA records (not recommended)
- Or use subdomain only (www.mim4u.org)

---

## 📝 Current Status

- **Static Web App:** ✅ Ready for custom domain
- **CNAME Target:** `lemon-water-015cb3010.3.azurestaticapps.net`
- **DNS Configuration:** ⚠️ Pending (needs to be done at registrar/DNS provider)
- **Azure Configuration:** ⚠️ Pending (waiting for DNS)

---

**Next Steps:**
1. Configure DNS records at your registrar/DNS provider
2. Add custom domain to Azure Static Web App
3. Wait for validation and SSL certificate provisioning
4. Verify HTTPS access