Networking: Custom Domain & HTTPS
Once the machine is up, two skills let the agent put the WebUI behind a real domain name with a trusted
certificate instead of the bare <ec2-public-ip>:8099 self-signed URL.
Set the JOYAI_VL_INTERACTION_UI_DOMAIN environment variable to the domain that should serve the WebUI, e.g.:
export JOYAI_VL_INTERACTION_UI_DOMAIN=joyai.mydomain.com
Then run the two skills in order:
1. Point the Domain's DNS at the Instance
Configure Squarespace DNS for the WebUI domain
This invokes the squarespace-dns-setup skill.
:::info Prerequisites
A Squarespace account with the target domain under Domains, the JOYAI_VL_INTERACTION_UI_DOMAIN env var, and the
instance's current public IP.
:::
Squarespace exposes no public API for DNS records, so this is a manual walkthrough — it works out the correct A
record host/value, and if the domain's zone turns out to be delegated elsewhere (e.g. Google Cloud DNS instead of
Squarespace's own nameservers), it points out where the record actually needs to be added instead.
2. Enable HTTPS on the Domain
Once dig +short $JOYAI_VL_INTERACTION_UI_DOMAIN resolves to the instance's public IP:
Set up HTTPS for the WebUI domain
This invokes the https-ssl-setup skill.
:::info Prerequisites
SSH access to the instance, the domain's DNS A record already resolving to the instance (step 1 above), AWS
credentials with permission to open TCP 80/443 on the JoyAI VL Interaction security group, and the WebUI already
running self-signed on port 8099.
:::
It opens TCP 80/443 on the security group, installs nginx as a reverse proxy in front of the existing self-signed
WebUI backend on port 8099, and issues a real Let's Encrypt certificate via certbot --nginx, with auto-renewal
already configured.
Result
After both steps, the WebUI is reachable at https://$JOYAI_VL_INTERACTION_UI_DOMAIN (standard port 443, no
browser security warning). Direct access via https://<ec2-public-ip>:8099 still uses the self-signed certificate
as before.