Skip to main content

Networking: Custom Domain & HTTPS

Once the machine is up, two skills let the agent put the WebUI behind a real domain name with a trusted certificate instead of the bare <ec2-public-ip>:8099 self-signed URL.

Set the JOYAI_VL_INTERACTION_UI_DOMAIN environment variable to the domain that should serve the WebUI, e.g.:

export JOYAI_VL_INTERACTION_UI_DOMAIN=joyai.mydomain.com

Then run the two skills in order:

1. Point the Domain's DNS at the Instance

Configure Squarespace DNS for the WebUI domain

This invokes the squarespace-dns-setup skill.

:::info Prerequisites A Squarespace account with the target domain under Domains, the JOYAI_VL_INTERACTION_UI_DOMAIN env var, and the instance's current public IP. :::

Squarespace exposes no public API for DNS records, so this is a manual walkthrough — it works out the correct A record host/value, and if the domain's zone turns out to be delegated elsewhere (e.g. Google Cloud DNS instead of Squarespace's own nameservers), it points out where the record actually needs to be added instead.

2. Enable HTTPS on the Domain

Once dig +short $JOYAI_VL_INTERACTION_UI_DOMAIN resolves to the instance's public IP:

Set up HTTPS for the WebUI domain

This invokes the https-ssl-setup skill.

:::info Prerequisites SSH access to the instance, the domain's DNS A record already resolving to the instance (step 1 above), AWS credentials with permission to open TCP 80/443 on the JoyAI VL Interaction security group, and the WebUI already running self-signed on port 8099. :::

It opens TCP 80/443 on the security group, installs nginx as a reverse proxy in front of the existing self-signed WebUI backend on port 8099, and issues a real Let's Encrypt certificate via certbot --nginx, with auto-renewal already configured.

Result

After both steps, the WebUI is reachable at https://$JOYAI_VL_INTERACTION_UI_DOMAIN (standard port 443, no browser security warning). Direct access via https://<ec2-public-ip>:8099 still uses the self-signed certificate as before.