docs: [#28] add ADR-008 staging domain strategy for Hetzner deployment

josecelano · josecelano · commit f6d9b8e4b7ee · 2025-08-07T15:52:14.000+01:00
- Document selection of staging-torrust-demo.com for staging environment
- Analyze HSTS constraints with .dev TLD and domain alternatives
- Provide comprehensive rationale for domain naming strategy
- Include implementation guidance for DNS and environment configuration
- Update ADR index with new architectural decision record

Resolves domain strategy decision for Phase 4 Hetzner infrastructure implementation.
diff --git a/docs/adr/008-staging-domain-strategy-for-hetzner-deployment.md b/docs/adr/008-staging-domain-strategy-for-hetzner-deployment.md
@@ -0,0 +1,240 @@
+# ADR-008: Staging Domain Strategy for Hetzner Cloud Deployment
+
+## Status
+
+Accepted
+
+## Date
+
+2025-08-07
+
+## Context
+
+During the implementation of Hetzner Cloud infrastructure for staging and production
+environments, we needed to decide on a domain naming strategy that would:
+
+1. **Clearly distinguish environments** - Avoid confusion between staging and production
+2. **Enable flexible testing** - Allow testing of various nginx configurations without browser interference
+3. **Maintain production similarity** - Keep staging as close to production as possible
+4. **Avoid HSTS constraints** - Enable HTTP-only testing when needed for configuration validation
+
+### Initial Domain Strategy
+
+Originally, we considered using `torrust-demo.dev` for staging and `torrust-demo.com`
+for production. However, this approach presented several challenges:
+
+#### HSTS Preload Issues with .dev TLD
+
+The `.dev` top-level domain is included in the browser HSTS preload list, which means:
+
+- **Automatic HTTPS enforcement**: Browsers automatically redirect all HTTP requests to HTTPS
+- **Testing limitations**: Cannot test HTTP-only configurations or mixed HTTP/HTTPS scenarios
+- **Certificate dependency**: Requires valid SSL certificates for any testing
+- **Configuration constraints**: Limits flexibility for nginx configuration testing
+
+#### Alternative Domains Considered
+
+1. **`torrust-demo.org`** - Rejected because:
+
+   - Could be confused with an official organization website
+   - Appears more "legitimate" than production domain
+   - May mislead users about project official status
+
+2. **`test-torrust-demo.com`** - Considered but less explicit
+
+3. **`staging-torrust-demo.com`** - Selected for clear environment identification
+
+## Decision
+
+We will use **`staging-torrust-demo.com`** for the staging environment and
+**`torrust-demo.com`** for production.
+
+### Domain Architecture
+
+- **Production**: `torrust-demo.com`
+
+  - `tracker.torrust-demo.com` - Main tracker services
+  - `grafana.torrust-demo.com` - Monitoring dashboard
+
+- **Staging**: `staging-torrust-demo.com`
+  - `tracker.staging-torrust-demo.com` - Staging tracker services
+  - `grafana.staging-torrust-demo.com` - Staging monitoring dashboard
+
+## Rationale
+
+### 1. Clear Environment Identification
+
+The explicit "staging" prefix provides immediate clarity:
+
+- **Unambiguous purpose**: Anyone accessing the domain knows it's a staging environment
+- **Prevents confusion**: No possibility of mistaking staging for production
+- **Team communication**: Clear reference in documentation, tickets, and discussions
+- **Audit trails**: Easy to identify staging vs production in logs and monitoring
+
+### 2. Flexible Configuration Testing
+
+Using a `.com` domain (not `.dev`) enables comprehensive testing scenarios:
+
+- **HTTP-only testing**: Can test nginx configurations without SSL certificates
+- **Mixed HTTP/HTTPS**: Can validate dual server configurations
+- **Redirect testing**: Can test various redirect scenarios without browser interference
+- **Security header testing**: Can validate CSP, HSTS, and other security policies
+
+### 3. Production Similarity
+
+The domain structure closely mirrors production:
+
+- **Same TLD**: Both use `.com` avoiding TLD-specific behaviors
+- **Same subdomain pattern**: Consistent `tracker.` and `grafana.` prefixes
+- **Same DNS behavior**: No special browser treatments or preload lists
+- **Same certificate requirements**: Allows testing Let's Encrypt workflows
+
+### 4. Infrastructure Consistency
+
+The naming convention aligns with our infrastructure patterns:
+
+- **Environment prefixing**: Follows cloud resource naming conventions
+- **DNS management**: Consistent pattern for DNS automation
+- **Certificate management**: Clear separation of staging and production certificates
+- **Monitoring separation**: Distinct monitoring targets for each environment
+
+### 5. Professional Standards
+
+The naming follows industry best practices:
+
+- **Standard convention**: `staging-` prefix is widely recognized
+- **Corporate environments**: Matches enterprise staging environment patterns
+- **DevOps workflows**: Integrates well with CI/CD and deployment automation
+- **Documentation clarity**: Self-documenting domain purpose
+
+## Implementation
+
+### DNS Configuration
+
+Both domains will use the same floating IP infrastructure:
+
+```text
+# Production DNS (torrust-demo.com)
+tracker.torrust-demo.com    A    78.47.140.132
+grafana.torrust-demo.com    A    78.47.140.132
+
+# Staging DNS (staging-torrust-demo.com)
+tracker.staging-torrust-demo.com    A    78.47.140.132
+grafana.staging-torrust-demo.com    A    78.47.140.132
+```
+
+### Environment Configuration
+
+```bash
+# Production environment
+TRACKER_DOMAIN=tracker.torrust-demo.com
+GRAFANA_DOMAIN=grafana.torrust-demo.com
+
+# Staging environment
+TRACKER_DOMAIN=tracker.staging-torrust-demo.com
+GRAFANA_DOMAIN=grafana.staging-torrust-demo.com
+```
+
+### SSL Certificate Strategy
+
+- **Staging**: Can use self-signed, Let's Encrypt staging, or production certificates
+- **Production**: Let's Encrypt production certificates
+- **Testing flexibility**: Staging can test various certificate scenarios
+
+## Benefits
+
+### Development Workflow
+
+- **Clear targeting**: Developers know exactly which environment they're accessing
+- **Safe testing**: No risk of accidentally affecting production
+- **Comprehensive validation**: Can test all nginx configuration scenarios
+- **Browser compatibility**: No TLD-specific browser behaviors
+
+### Operations
+
+- **Monitoring clarity**: Distinct targets for staging and production monitoring
+- **Log separation**: Clear environment identification in logs and alerts
+- **Certificate management**: Separate certificate lifecycles
+- **DNS management**: Clear zone separation
+
+### Security
+
+- **Environment isolation**: Clear separation reduces cross-environment risks
+- **Certificate validation**: Can test certificate workflows safely
+- **Security header testing**: Can validate security configurations
+- **Access control**: Clear identification for access policies
+
+## Consequences
+
+### Positive
+
+- **Eliminates confusion** between staging and production environments
+- **Enables comprehensive testing** of nginx configurations without browser interference
+- **Maintains production similarity** while providing staging flexibility
+- **Follows industry standards** for environment naming
+- **Supports flexible SSL testing** scenarios
+
+### Negative
+
+- **Additional DNS zone required** for `staging-torrust-demo.com` domain
+- **Certificate management complexity** for separate domain (though this enables testing)
+- **Longer domain names** may be less convenient for manual access
+
+### Neutral
+
+- **Domain registration cost** for staging domain (minimal operational expense)
+- **DNS propagation** timing same as any new domain setup
+- **Documentation updates** required for new domain references
+
+## Alternatives Considered
+
+### Alternative 1: torrust-demo.dev (Rejected)
+
+**Pros**: Shorter domain, clear development purpose
+**Cons**: HSTS preload list forces HTTPS, limits testing flexibility
+
+### Alternative 2: torrust-demo.org (Rejected)
+
+**Pros**: No HSTS constraints, flexible testing
+**Cons**: Could be confused with official organization, appears more "official" than production
+
+### Alternative 3: test-torrust-demo.com (Considered)
+
+**Pros**: Clear testing purpose, no HSTS constraints
+**Cons**: Less explicit than "staging", could be confused with unit testing
+
+## Related Decisions
+
+- [ADR-006: SSL Certificate Generation Strategy](006-ssl-certificate-generation-strategy.md) -
+  SSL certificate management approach
+- [ADR-007: Two-Level Environment Variable Structure](007-two-level-environment-variable-structure.md)
+  - Environment configuration separation
+
+## References
+
+- [HSTS Preload List](https://hstspreload.org/) - Browser HSTS enforcement documentation
+- [Hetzner Cloud Documentation](https://docs.hetzner.cloud/) - DNS and floating IP management
+- [nginx Configuration Documentation](../infrastructure/config/templates/application/nginx/README.md)
+  - HTTP/HTTPS redirect policies
+
+## Future Considerations
+
+- **Multi-region staging**: Domain pattern can extend to regional staging environments
+- **Feature branch environments**: Pattern supports feature-specific staging domains
+- **Load testing environments**: Can create performance testing specific domains
+- **Customer demo environments**: Pattern supports customer-specific demo instances
+
+## Validation
+
+This decision enables the complete nginx configuration testing scenarios:
+
+- ✅ HTTP-only access (no browser HTTPS redirect)
+- ✅ HTTPS-only access with proper certificates
+- ✅ Dual HTTP/HTTPS server configuration
+- ✅ Manual redirect enablement testing
+- ✅ Security header validation
+- ✅ Let's Encrypt ACME challenge testing
+- ✅ Certificate renewal automation testing
+
+The staging domain provides the flexibility needed for comprehensive configuration
+validation while maintaining clear environment separation and production similarity.
diff --git a/docs/adr/README.md b/docs/adr/README.md
@@ -135,10 +135,16 @@ These are separate infrastructure concerns and should be documented separately:
 - [ADR-006: SSL Certificate Generation Strategy]
   (006-ssl-certificate-generation-strategy.md) -
   Generate certificates per deployment vs reusing certificates
+- [ADR-007: Two-Level Environment Variable Structure]
+  (007-two-level-environment-variable-structure.md) -
+  Security-focused separation of infrastructure and container variables
+- [ADR-008: Staging Domain Strategy for Hetzner Deployment]
+  (008-staging-domain-strategy-for-hetzner-deployment.md) -
+  Selection of staging-torrust-demo.com for staging environment
 
 ### 📊 ADR Statistics
 
-- **Total ADRs**: 6
+- **Total ADRs**: 8
 - **Status**: All Accepted
 - **Coverage**: Infrastructure (3), Application (2), Development Workflow (1)
 
