Deploying Domain Locker

Introduction

Domain Locker is a self-hosted domain portfolio management platform that gives you complete visibility over all your domain names in one central location. Built with Angular, Analog, and Nitro, it automatically fetches SSL certificates, DNS records, registrar information, and monitors domain health. Deploying Domain Locker on Klutch.sh with a Dockerfile provides reproducible builds, managed secrets, and persistent storage for your domain data—all accessible from klutch.sh/app.

This guide walks through repository setup, production-ready Dockerfile configuration, database options, environment variables, deployment steps, and production best practices.

Why Deploy Domain Locker on Klutch.sh?

Domain Locker on Klutch.sh offers several advantages for managing your domain portfolio:

Complete Visibility — Track all domains, expiration dates, SSL certificates, and DNS records in one dashboard
Automated Monitoring — Continuous domain health checks with configurable webhook notifications
Persistent Data — Attach volumes for reliable storage of domain records and configuration
Flexible Database — Connect to PostgreSQL or Supabase for data persistence
Secure Deployment — Environment variable management keeps credentials safe
Always-On Access — Monitor your domains 24/7 from anywhere
Docker-Based — Consistent deployment with Dockerfile auto-detection
No Lock-In — Self-hosted solution with full data ownership

Prerequisites

Before deploying Domain Locker, ensure you have:

A Klutch.sh account (sign up here)
A GitHub repository for your Domain Locker deployment (GitHub is the only supported git source)
A PostgreSQL database or Supabase instance for storing domain data
Basic understanding of environment variables and database connections

For platform onboarding, refer to the Quick Start Guide.

Architecture Overview

Domain Locker consists of three main components:

Application Layer

Angular frontend with Analog+Nitro framework
PrimeNG components for UI
Tailwind CSS for styling
Built-in API endpoints for domain operations

Server Layer

Deno-based API endpoints
TypeScript functions for domain analysis
Cron service for periodic domain updates
Webhook support for notifications

Database Layer

PostgreSQL or Supabase for data storage
Domain records, SSL certificates, DNS data
User preferences and alert configurations
Historical tracking of domain changes

Port Configuration

Domain Locker serves HTTP on internal port 3000
Select HTTP traffic when deploying on Klutch.sh
The platform automatically routes to your app’s public URL

Repository Preparation

Step 1: Create Repository Structure

Set up your repository with the following layout:

domain-locker/
├── Dockerfile              # Must be at repo root for auto-detection
├── .dockerignore          # Exclude unnecessary files
├── .env.example           # Template for environment variables
└── README.md              # Documentation

Step 2: Create the Dockerfile

Create a production-ready Dockerfile at your repository root. Klutch.sh automatically detects and uses this file:

# Domain Locker Production Dockerfile
FROM node:20-alpine AS builder

# Set working directory
WORKDIR /app

# Install dependencies for building
RUN apk add --no-cache git python3 make g++

# Clone Domain Locker repository
RUN git clone https://github.com/Lissy93/domain-locker.git .

# Install dependencies
RUN npm install --legacy-peer-deps

# Build the application
RUN npm run build

# Production stage
FROM node:20-alpine

# Install Deno for API endpoints
RUN apk add --no-cache curl && \
    curl -fsSL https://deno.land/install.sh | sh && \
    mv /root/.deno/bin/deno /usr/local/bin/

# Set working directory
WORKDIR /app

# Copy built application from builder
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./
COPY --from=builder /app/vite.config.ts ./

# Create directory for data persistence
RUN mkdir -p /app/data

# Expose application port
ENV PORT=3000
EXPOSE 3000

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
  CMD node -e "require('http').get('http://localhost:3000/api/health', (r) => r.statusCode === 200 ? process.exit(0) : process.exit(1))"

# Start the application
CMD ["npm", "start"]

Step 3: Create .dockerignore

Optimize build performance by excluding unnecessary files:

node_modules
.git
.github
.env
.env.*
!.env.example
*.log
npm-debug.log*
.DS_Store
dist
coverage
.vscode
.idea

Step 4: Create .env.example

Provide a template for required environment variables:

# Application Configuration
NODE_ENV=production
PORT=3000
APP_URL=https://example-app.klutch.sh

# Database Configuration (Choose one)

# Option 1: Supabase
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=your-supabase-anon-key
SUPABASE_SERVICE_KEY=your-supabase-service-key

# Option 2: PostgreSQL
DL_PG_HOST=your-postgres-host
DL_PG_PORT=5432
DL_PG_USER=domain_locker
DL_PG_PASSWORD=your-secure-password
DL_PG_NAME=domain_locker

# Authentication (if using Supabase)
JWT_SECRET=your-jwt-secret-key-min-32-chars

# Notification Configuration (Optional)
WEBHOOK_URL=https://your-webhook-endpoint.com
NOTIFICATION_EMAIL=alerts@yourdomain.com

# Domain Analysis API Keys (Optional)
WHOIS_API_KEY=your-whois-api-key
SSL_LABS_API_KEY=your-ssl-labs-key

# Cron Configuration
CRON_SCHEDULE=0 */6 * * *
ENABLE_AUTO_REFRESH=true

# Security
SESSION_SECRET=your-session-secret-min-32-chars
ALLOWED_ORIGINS=https://example-app.klutch.sh

Step 5: Create README.md

Document your deployment:

# Domain Locker on Klutch.sh

Self-hosted domain portfolio management platform.

## Features

- Complete domain portfolio visibility
- Automated SSL certificate monitoring
- DNS record tracking and history
- Registrar and hosting information
- Expiration alerts and notifications
- Performance and security insights
- Multi-domain analytics

## Deployment

This repository is configured for deployment on Klutch.sh with automatic Dockerfile detection.

### Environment Variables

Copy `.env.example` and configure with your database credentials before deploying.

### Database Setup

Domain Locker supports two database options:

#### PostgreSQL
```sql
CREATE DATABASE domain_locker;
CREATE USER domain_locker WITH PASSWORD 'your-secure-password';
GRANT ALL PRIVILEGES ON DATABASE domain_locker TO domain_locker;

Then apply the schema from: https://github.com/Lissy93/domain-locker/blob/main/db/schema.sql

Supabase

Follow the self-hosting docs at https://supabase.com/docs/guides/self-hosting Then use https://github.com/lissy93/dl-sb-iac to import schema and configure.

Local Development

docker build -t domain-locker .
docker run -p 3000:3000 --env-file .env domain-locker

Access at http://localhost:3000

Documentation

Full documentation available at: https://domain-locker.com/docs

---

## Database Configuration

Domain Locker requires a database for storing domain information. You have two options:

### Option 1: PostgreSQL (Recommended for Self-Hosting)

**Step 1: Create PostgreSQL Database**

Connect to your PostgreSQL instance and create the database:

```sql
CREATE DATABASE domain_locker;
CREATE USER domain_locker WITH PASSWORD 'your-secure-password';
GRANT ALL PRIVILEGES ON DATABASE domain_locker TO domain_locker;
ALTER DATABASE domain_locker OWNER TO domain_locker;

Step 2: Apply Database Schema

Download and apply the schema from the Domain Locker repository:

# Download schema
curl -o schema.sql https://raw.githubusercontent.com/Lissy93/domain-locker/main/db/schema.sql

# Apply to existing database
psql -h YOUR_PG_HOST -U domain_locker -d domain_locker -f schema.sql

Step 3: Configure Environment Variables

Set these in Klutch.sh:

DL_PG_HOST=your-postgres-host.com
DL_PG_PORT=5432
DL_PG_USER=domain_locker
DL_PG_PASSWORD=your-secure-password
DL_PG_NAME=domain_locker

Option 2: Supabase

Step 1: Create Supabase Project

Sign up at Supabase or deploy self-hosted following Supabase docs
Create a new project and note your project URL

Step 2: Import Domain Locker Schema

Use the Domain Locker Supabase IaC repository:

git clone https://github.com/lissy93/dl-sb-iac.git
cd dl-sb-iac
# Follow instructions to import schema and configure auth

Step 3: Configure Environment Variables

Set these in Klutch.sh:

SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=your-supabase-anon-key
SUPABASE_SERVICE_KEY=your-supabase-service-key
JWT_SECRET=your-jwt-secret-key

Deploy Domain Locker on Klutch.sh

Step 1: Push Repository to GitHub

Commit and push your repository with the Dockerfile to GitHub:

git init
git add .
git commit -m "Initial Domain Locker deployment"
git remote add origin https://github.com/YOUR_USERNAME/domain-locker.git
git push -u origin main

Step 2: Create Project on Klutch.sh

Navigate to klutch.sh/app
Click New Project and give it a descriptive name (e.g., "Domain Portfolio")
Click Add App within your project

Step 3: Configure App Settings

Select Repository: Choose your GitHub repository containing the Dockerfile
Traffic Type: Select HTTP
Internal Port: Set to 3000
Branch: Select main or your deployment branch

Step 4: Configure Environment Variables

Add all required environment variables from your .env.example file. Choose either PostgreSQL or Supabase configuration:

For PostgreSQL:

NODE_ENV=production
PORT=3000
APP_URL=https://YOUR-APP-NAME.klutch.sh
DL_PG_HOST=your-postgres-host
DL_PG_PORT=5432
DL_PG_USER=domain_locker
DL_PG_PASSWORD=your-secure-password
DL_PG_NAME=domain_locker
SESSION_SECRET=your-session-secret-32-chars

For Supabase:

NODE_ENV=production
PORT=3000
APP_URL=https://YOUR-APP-NAME.klutch.sh
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_KEY=your-service-key
JWT_SECRET=your-jwt-secret-32-chars
SESSION_SECRET=your-session-secret-32-chars

Optional Configuration:

WEBHOOK_URL=https://your-webhook.com
CRON_SCHEDULE=0 */6 * * *
ENABLE_AUTO_REFRESH=true
WHOIS_API_KEY=your-api-key
ALLOWED_ORIGINS=https://YOUR-APP-NAME.klutch.sh

Step 5: Attach Persistent Storage

Domain Locker needs persistent storage for domain data and application state:

In your app settings, navigate to Storage
Click Add Volume
Configure the volume:
- Mount Path: /app/data
- Size: 5GB (adjust based on portfolio size)

Step 6: Deploy

Review all settings and environment variables
Click Deploy
Klutch.sh will automatically detect the Dockerfile and build your application
Monitor the build logs for any issues
Once deployed, your app will be available at https://YOUR-APP-NAME.klutch.sh

Step 7: Initial Setup

Visit your deployed app at https://YOUR-APP-NAME.klutch.sh
If using Supabase authentication, create your first user account
If using PostgreSQL, configure authentication based on your setup
Once logged in, add your first domain to start tracking

Post-Deployment Configuration

Adding Domains

After deployment, configure Domain Locker to track your domains:

Step 1: Access the Dashboard

Navigate to https://YOUR-APP-NAME.klutch.sh and log in with your credentials.

Step 2: Add Domain

Click the Add Domain button
Enter your domain name (e.g., example.com)
Optionally add:
- Purchase date and price
- Renewal date
- Registrar information
- Categories or tags
- Related resources

Step 3: Configure Monitoring

For each domain, set up monitoring preferences:

SSL Certificate Monitoring — Track certificate expiration and validity
DNS Record Tracking — Monitor DNS changes and configuration
Performance Checks — Website health and response times
Security Scanning — Identify potential vulnerabilities
Expiration Alerts — Get notified before domains expire

Step 4: Set Up Notifications

Configure how you want to receive alerts:

Navigate to Settings → Notifications
Choose notification methods:
- Email alerts
- Webhook notifications (Slack, Discord, etc.)
- In-app notifications
Set alert thresholds:
- Days before expiration to notify (default: 30, 7, 1 days)
- SSL certificate expiration warnings
- DNS change notifications
- Performance degradation alerts

Bulk Import

If you have many domains, use the bulk import feature:

CSV Import:

Prepare a CSV file with columns: domain,registrar,purchase_date,purchase_price,renewal_date,notes
Navigate to Domains → Import
Upload your CSV file
Review and confirm the import

API Import:

Use the Domain Locker API to programmatically add domains:

curl -X POST "https://YOUR-APP-NAME.klutch.sh/api/domains" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -d '{
    "domain": "example.com",
    "registrar": "Namecheap",
    "purchase_date": "2023-01-15",
    "purchase_price": 12.99,
    "notes": "Primary business domain"
  }'

Domain Analysis Features

Domain Locker automatically fetches and analyzes comprehensive data for each domain:

SSL Certificate Information

Certificate issuer and validity period
Expiration dates with countdown timers
Certificate chain verification
Protocol support (TLS versions)
Cipher suite analysis

DNS Records

A records (IPv4 addresses)
AAAA records (IPv6 addresses)
MX records (mail servers)
TXT records (verification, SPF, DKIM)
NS records (nameservers)
CNAME records (aliases)
Change history tracking

WHOIS Information

Domain registrar
Registration date
Expiration date
Registrant information (if public)
Name servers
Domain status codes

Performance Metrics

Page load times
Time to first byte (TTFB)
Server response times
Uptime monitoring
Historical performance trends

Security Checks

SSL/TLS configuration analysis
HTTP security headers
Known vulnerabilities
Blacklist status
Security score and recommendations

API Usage Examples

Domain Locker provides a comprehensive API for programmatic access:

Authentication

Obtain a JWT token for API access:

curl -X POST "https://YOUR-APP-NAME.klutch.sh/api/auth/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "your-email@example.com",
    "password": "your-password"
  }'

List All Domains

Retrieve all domains in your portfolio:

curl -X GET "https://YOUR-APP-NAME.klutch.sh/api/domains" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Get Domain Details

Fetch comprehensive information about a specific domain:

curl -X GET "https://YOUR-APP-NAME.klutch.sh/api/domains/example.com" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Update Domain

Modify domain information:

curl -X PATCH "https://YOUR-APP-NAME.klutch.sh/api/domains/example.com" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -d '{
    "renewal_date": "2026-01-15",
    "notes": "Renewed for 1 year"
  }'

Trigger Domain Refresh

Manually refresh domain data:

curl -X POST "https://YOUR-APP-NAME.klutch.sh/api/domains/example.com/refresh" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Export Portfolio

Export all domain data as JSON:

curl -X GET "https://YOUR-APP-NAME.klutch.sh/api/domains/export" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Accept: application/json" \
  > domains-backup.json

Webhook Configuration

Configure webhook notifications:

curl -X POST "https://YOUR-APP-NAME.klutch.sh/api/webhooks" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -d '{
    "url": "https://hooks.slack.com/services/YOUR/WEBHOOK/URL",
    "events": ["expiration_warning", "ssl_expiring", "dns_changed"],
    "enabled": true
  }'

Monitoring and Alerts

Domain Locker includes built-in monitoring and alerting capabilities:

Expiration Monitoring

Automatically track domain expiration dates and receive alerts:

30-day warning — Plan for renewal
7-day warning — Urgent renewal needed
1-day warning — Critical action required
Expired domains — Take immediate action

Configure expiration alerts in Settings → Alerts → Expiration.

SSL Certificate Monitoring

Monitor SSL certificate health:

Certificate expiration tracking
Protocol vulnerability detection
Weak cipher identification
Certificate chain validation
Automatic renewal reminders

Set SSL alert preferences in Settings → Alerts → SSL.

DNS Change Detection

Track DNS configuration changes:

Record additions or removals
IP address changes
Nameserver modifications
MX record updates
TXT record changes

Enable DNS monitoring in Settings → Monitoring → DNS.

Performance Degradation

Monitor domain performance:

Response time thresholds
Uptime percentage
Server errors (5xx responses)
Client errors (4xx responses)
Historical trend analysis

Configure performance alerts in Settings → Alerts → Performance.

Cron Jobs and Automation

Domain Locker uses cron jobs for automated tasks. Configure the schedule via environment variables:

Default Cron Schedule

# Refresh domain data every 6 hours
CRON_SCHEDULE=0 */6 * * *

Custom Schedules

Adjust the cron schedule based on your needs:

# Every 12 hours
CRON_SCHEDULE=0 */12 * * *

# Daily at 3 AM
CRON_SCHEDULE=0 3 * * *

# Twice daily (6 AM and 6 PM)
CRON_SCHEDULE=0 6,18 * * *

Automated Tasks

The cron service performs these operations:

Domain Data Refresh — Updates WHOIS, DNS, and SSL information
Health Checks — Monitors domain availability and performance
Alert Processing — Checks expiration dates and triggers notifications
Security Scans — Runs security checks on configured domains
Data Backup — Creates snapshots of domain data
Cleanup — Removes old logs and temporary data

Manual Refresh

Disable automatic refresh and trigger manually:

ENABLE_AUTO_REFRESH=false

Then use the API to refresh specific domains:

curl -X POST "https://YOUR-APP-NAME.klutch.sh/api/domains/refresh-all" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Security Best Practices

Protect your Domain Locker deployment with these security measures:

Environment Variables

Never commit secrets — Keep credentials out of Git
Use strong passwords — Minimum 32 characters for secrets
Rotate regularly — Update database passwords and JWT secrets quarterly
Principle of least privilege — Grant minimal database permissions needed

Database Security

PostgreSQL:

-- Revoke public access
REVOKE ALL ON DATABASE domain_locker FROM PUBLIC;

-- Grant specific permissions
GRANT CONNECT ON DATABASE domain_locker TO domain_locker;
GRANT USAGE ON SCHEMA public TO domain_locker;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO domain_locker;

Supabase:

Enable Row Level Security (RLS) on all tables
Configure proper authentication policies
Restrict service key usage to server-side only
Enable audit logging

Network Security

Use HTTPS only — Klutch.sh provides automatic SSL
Configure CORS — Restrict allowed origins
API rate limiting — Prevent abuse (configured in app)
IP whitelisting — If accessing from fixed locations

ALLOWED_ORIGINS=https://YOUR-APP-NAME.klutch.sh,https://yourdomain.com

Authentication

Enable 2FA — If using Supabase authentication
Strong password policy — Enforce minimum requirements
Session timeout — Configure appropriate session lengths
JWT expiration — Set reasonable token lifetimes

JWT_SECRET=your-super-secure-jwt-secret-min-32-chars
SESSION_SECRET=your-super-secure-session-secret-min-32-chars

Access Control

Role-based access — Implement user roles if sharing access
API key rotation — Regularly update external API keys
Audit logging — Track domain changes and access
Backup access — Secure backup storage locations

Backup and Recovery

Implement a robust backup strategy for your domain data:

Database Backups

PostgreSQL:

Create automated backups using pg_dump:

#!/bin/bash
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR="/backups/domain-locker"
mkdir -p $BACKUP_DIR

pg_dump -h $DL_PG_HOST -U $DL_PG_USER $DL_PG_NAME \
  > $BACKUP_DIR/domain_locker_$TIMESTAMP.sql

# Compress the backup
gzip $BACKUP_DIR/domain_locker_$TIMESTAMP.sql

# Remove backups older than 30 days
find $BACKUP_DIR -name "*.sql.gz" -mtime +30 -delete

Supabase:

Use Supabase’s built-in backup features or export data:

# Export via API
curl -X GET "https://YOUR-PROJECT.supabase.co/rest/v1/domains?select=*" \
  -H "apikey: YOUR_ANON_KEY" \
  -H "Authorization: Bearer YOUR_SERVICE_KEY" \
  > backup_$(date +%Y%m%d).json

Volume Backups

Backup persistent volume data regularly:

Navigate to your app in Klutch.sh
Go to Storage → Volumes
Create manual snapshots or configure automatic backups
Download backups to secure off-site storage

Configuration Backups

Document and backup your environment variables:

# Export current configuration (without secrets)
cat > domain-locker-config-backup.txt <<EOF
NODE_ENV=production
PORT=3000
DL_PG_HOST=your-postgres-host
DL_PG_PORT=5432
DL_PG_USER=domain_locker
DL_PG_NAME=domain_locker
CRON_SCHEDULE=0 */6 * * *
ENABLE_AUTO_REFRESH=true
EOF

Disaster Recovery

Test your recovery procedures regularly:

Step 1: Restore Database

# Uncompress backup
gunzip domain_locker_20231215_120000.sql.gz

# Restore to database
psql -h $DL_PG_HOST -U $DL_PG_USER $DL_PG_NAME \
  < domain_locker_20231215_120000.sql

Step 2: Restore Volume Data

Deploy a new Domain Locker instance on Klutch.sh
Attach a new volume with the same mount path
Restore data from backup to the volume

Step 3: Verify Data Integrity

Log in to the restored instance
Verify domain count matches backup
Check recent domain updates are present
Test domain refresh functionality

Troubleshooting

Common issues and solutions when deploying Domain Locker:

Build Failures

Issue: Docker build fails during npm install

Solution:

Ensure --legacy-peer-deps flag is used
Check Node version is 20 or higher
Verify sufficient build resources

Issue: Git clone fails in Dockerfile

Solution:

Check internet connectivity during build
Verify GitHub repository is accessible
Try shallow clone: git clone --depth 1 https://github.com/Lissy93/domain-locker.git

Database Connection Issues

Issue: Cannot connect to PostgreSQL

Solution:

Verify DL_PG_* environment variables are correct
Check database allows connections from Klutch.sh
Ensure PostgreSQL is running and accessible
Test connection with psql client:

psql -h $DL_PG_HOST -U $DL_PG_USER -d $DL_PG_NAME

Issue: Supabase authentication fails

Solution:

Verify SUPABASE_URL and keys are correct
Check Supabase project is active
Ensure API keys haven’t been regenerated
Test connection via Supabase dashboard

Application Startup Failures

Issue: Container exits immediately after start

Solution:

Check logs in Klutch.sh dashboard
Verify PORT environment variable is set to 3000
Ensure database schema is applied
Check all required environment variables are present

Issue: Health check failing

Solution:

Verify port 3000 is exposed and accessible
Check application logs for startup errors
Ensure database connection is successful
Increase health check timeout if needed

Domain Refresh Issues

Issue: Domains not updating automatically

Solution:

Verify ENABLE_AUTO_REFRESH=true is set
Check CRON_SCHEDULE is configured correctly
Review cron logs for errors
Test manual refresh via API

Issue: WHOIS data not fetching

Solution:

Some domains may have privacy protection
Check rate limiting on WHOIS services
Verify domain is properly registered
Try manual refresh for specific domain

Performance Issues

Issue: Slow domain analysis

Solution:

Increase volume size if disk I/O is bottleneck
Optimize cron schedule to reduce concurrent checks
Consider upgrading Klutch.sh plan for more resources
Implement domain analysis queue

Issue: High memory usage

Solution:

Reduce concurrent domain checks
Optimize database queries
Clear old logs and temporary data
Monitor resource usage in Klutch.sh dashboard

Notification Problems

Issue: Webhook notifications not sending

Solution:

Verify WEBHOOK_URL is correct and accessible
Check webhook endpoint accepts POST requests
Review webhook logs for error messages
Test webhook manually:

curl -X POST "YOUR_WEBHOOK_URL" \
  -H "Content-Type: application/json" \
  -d '{"test": "message"}'

Issue: Email alerts not received

Solution:

Verify email configuration in Supabase/database
Check spam/junk folders
Ensure email service is configured (if using PostgreSQL)
Test email functionality from app settings

Upgrading Domain Locker

Keep your Domain Locker instance up-to-date with the latest features and security patches:

Check for Updates

Monitor the Domain Locker repository for new releases:

Domain Locker Releases

Upgrade Process

Step 1: Backup Current Deployment

Before upgrading, create complete backups:

Backup database (see Backup and Recovery section)
Export domain data via API
Save current environment configuration
Create volume snapshot in Klutch.sh

Step 2: Update Dockerfile

If the new version requires changes:

Review release notes for breaking changes
Update Dockerfile if necessary
Update environment variables if new ones are added
Test locally before deploying

Step 3: Deploy New Version

For standard updates without Dockerfile changes:

The Dockerfile clones the latest version automatically
Trigger a new deployment in Klutch.sh
Monitor build logs for any issues
Verify application starts successfully

For manual version pinning:

# Pin to specific version
RUN git clone --branch v0.1.2 https://github.com/Lissy93/domain-locker.git .

Step 4: Verify Upgrade

After deployment:

Log in and verify all domains are present
Check domain data is accurate
Test domain refresh functionality
Verify notifications are working
Review application logs for errors

Rollback Procedure

If the upgrade fails:

Redeploy previous working version
Restore database from backup if needed
Restore volume data from snapshot
Verify application functionality

Performance Optimization

Optimize Domain Locker for large domain portfolios:

Database Optimization

Index Creation:

-- Add indexes for frequently queried columns
CREATE INDEX idx_domains_expiration ON domains(expiration_date);
CREATE INDEX idx_domains_registrar ON domains(registrar);
CREATE INDEX idx_domains_updated ON domains(last_updated);
CREATE INDEX idx_ssl_expiration ON ssl_certificates(expiration_date);

Query Optimization:

-- Analyze query performance
EXPLAIN ANALYZE SELECT * FROM domains WHERE expiration_date < NOW() + INTERVAL '30 days';

-- Update statistics
ANALYZE domains;
ANALYZE ssl_certificates;
ANALYZE dns_records;

Caching Strategy

Implement caching to reduce database load:

Environment Configuration:

# Enable caching
ENABLE_CACHE=true
CACHE_TTL=3600

# Redis for caching (optional)
REDIS_URL=redis://your-redis-host:6379

Resource Allocation

For large portfolios (100+ domains):

Increase volume size to 10GB+
Consider upgrading Klutch.sh plan
Optimize cron schedule:

# Stagger domain checks
CRON_SCHEDULE=0 */12 * * *
BATCH_SIZE=10
BATCH_DELAY=60

Domain Check Optimization

Prioritize critical domains:

Tag high-priority domains
Check critical domains more frequently
Reduce checks for archived/parked domains
Implement smart scheduling based on expiration dates

Integration Examples

Integrate Domain Locker with other services:

Slack Notifications

Configure Slack webhook for domain alerts:

WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL

Test Slack integration:

curl -X POST "YOUR_WEBHOOK_URL" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "Test notification from Domain Locker",
    "attachments": [{
      "color": "warning",
      "title": "Domain Expiring Soon",
      "text": "example.com expires in 7 days",
      "fields": [
        {"title": "Domain", "value": "example.com", "short": true},
        {"title": "Days Remaining", "value": "7", "short": true}
      ]
    }]
  }'

Discord Notifications

Use Discord webhook for alerts:

WEBHOOK_URL=https://discord.com/api/webhooks/YOUR/WEBHOOK/TOKEN

Custom Monitoring

Integrate with monitoring tools via API:

// Node.js example - Check domains expiring soon
const axios = require('axios');

async function checkExpiringDomains() {
  const response = await axios.get(
    'https://YOUR-APP-NAME.klutch.sh/api/domains/expiring',
    {
      headers: { 'Authorization': `Bearer ${process.env.JWT_TOKEN}` },
      params: { days: 30 }
    }
  );

  if (response.data.length > 0) {
    // Send to monitoring system
    console.log(`${response.data.length} domains expiring in 30 days`);
  }
}

setInterval(checkExpiringDomains, 86400000); // Daily check

Automation Scripts

Automate domain management tasks:

#!/bin/bash
# auto-renew-check.sh - Alert for domains needing renewal

API_URL="https://YOUR-APP-NAME.klutch.sh"
TOKEN="YOUR_JWT_TOKEN"

# Get domains expiring in 7 days
EXPIRING=$(curl -s -H "Authorization: Bearer $TOKEN" \
  "$API_URL/api/domains/expiring?days=7")

# Parse and send alerts
echo "$EXPIRING" | jq -r '.[] | .domain' | while read domain; do
  echo "Action required: $domain expires soon"
  # Send email, SMS, or other notification
done

Production Deployment Checklist

Before going live with Domain Locker, verify:

Pre-Deployment

Database is created and schema applied
All environment variables are configured
Secrets are stored securely (not in Git)
Persistent volume is attached
Backup strategy is implemented
Health checks are configured
CORS origins are properly set

Security

Strong passwords for all credentials
JWT and session secrets are 32+ characters
Database access is restricted
HTTPS is enforced (automatic on Klutch.sh)
Rate limiting is considered
API authentication is tested
Webhook URLs are verified

Monitoring

Domain refresh is working automatically
Expiration alerts are configured
SSL monitoring is enabled
DNS change detection is active
Performance monitoring is set up
Notification webhooks are tested

Operations

Backup automation is configured
Recovery procedure is documented
Upgrade process is understood
Support contacts are identified
Documentation is accessible
Team members are trained

Testing

Advanced Configuration

Custom Domain Analysis

Configure additional domain checks:

# Security scanning
SECURITY_SCAN_ENABLED=true
SECURITY_SCAN_SCHEDULE=0 2 * * 0  # Weekly

# Performance monitoring
PERFORMANCE_CHECK_ENABLED=true
PERFORMANCE_CHECK_INTERVAL=3600  # Hourly

# Advanced WHOIS
WHOIS_PROVIDER=custom
WHOIS_API_ENDPOINT=https://your-whois-api.com

Multi-User Setup

If sharing Domain Locker with a team:

Database Configuration:

-- Create roles table
CREATE TABLE user_roles (
  user_id UUID PRIMARY KEY,
  role VARCHAR(50) NOT NULL,
  permissions JSONB,
  created_at TIMESTAMP DEFAULT NOW()
);

-- Create team domains table
CREATE TABLE team_domains (
  team_id UUID,
  domain_id UUID,
  access_level VARCHAR(20),
  PRIMARY KEY (team_id, domain_id)
);

Environment Variables:

MULTI_USER_ENABLED=true
TEAM_FEATURES_ENABLED=true
USER_REGISTRATION_ENABLED=false  # Invite-only

Custom Notifications

Create custom notification rules:

// Custom notification logic
{
  "rules": [
    {
      "name": "Critical Domain Expiring",
      "condition": "days_until_expiry <= 7 AND category = 'critical'",
      "actions": ["email", "webhook", "sms"]
    },
    {
      "name": "SSL Certificate Expiring",
      "condition": "ssl_days_remaining <= 30",
      "actions": ["email", "webhook"]
    },
    {
      "name": "DNS Changed",
      "condition": "dns_record_changed = true",
      "actions": ["webhook", "in_app"]
    }
  ]
}

Cost Optimization

Optimize running costs for large deployments:

Resource Planning

Small Portfolio (1-50 domains):

Volume: 5GB
Cron: Every 12 hours
Basic Klutch.sh plan

Medium Portfolio (51-200 domains):

Volume: 10GB
Cron: Every 6 hours
Standard Klutch.sh plan

Large Portfolio (200+ domains):

Volume: 20GB+
Cron: Staggered batches
Premium Klutch.sh plan
Consider external caching

Database Optimization

Reduce database size:

-- Archive old DNS records
DELETE FROM dns_records WHERE created_at < NOW() - INTERVAL '90 days';

-- Clean up old logs
DELETE FROM activity_logs WHERE created_at < NOW() - INTERVAL '30 days';

-- Vacuum database
VACUUM FULL;

Efficient Monitoring

Optimize domain checks:

# Adjust check frequency based on domain criticality
CRITICAL_DOMAIN_INTERVAL=3600      # 1 hour
STANDARD_DOMAIN_INTERVAL=21600     # 6 hours
ARCHIVED_DOMAIN_INTERVAL=604800    # 1 week

Additional Resources

Official Documentation

Domain Locker Website
GitHub Repository
Live Demo (Username: demo@domain-locker.com, Password: domainlocker)

Database Resources

Community

Conclusion

Domain Locker on Klutch.sh provides a powerful, self-hosted solution for managing your domain portfolio. With automatic Dockerfile detection, persistent storage, flexible database options, and comprehensive monitoring capabilities, you can track all your domains in one central location. The platform’s automated refresh system, configurable alerts, and robust API make it easy to stay on top of domain expirations, SSL certificates, and DNS changes.

By following this guide, you’ve learned how to:

✅ Set up a production-ready Domain Locker deployment
✅ Configure PostgreSQL or Supabase for data persistence
✅ Implement automated domain monitoring and alerts
✅ Use the API for programmatic domain management
✅ Optimize performance for large portfolios
✅ Secure your deployment with best practices
✅ Integrate with external services and webhooks

Your Domain Locker instance is now ready to track domain expirations, monitor SSL certificates, analyze DNS records, and provide complete visibility over your entire domain portfolio—all from your self-hosted platform on Klutch.sh.