KW Knowledge base

DNS and hostname management

Vistralio exposes two independent public hostnames:

Mitch Wigham
Updated 24 June 2026 · 6 views

DNS and hostname management

Vistralio exposes two independent public hostnames:

Hostname Purpose
Web UI (e.g. saas.vistralio.co.uk) Browser access, login, live view
API / Connect (e.g. connect.vistralio.co.uk) External integrations, edge router enrollment, API Explorer

Both are managed from Settings → DNS.

Active endpoints panel

The top of the DNS settings page always shows your current active endpoints — even if they were never explicitly staged through the dry-run flow. The web URL is inferred from the request's Host header if no promoted hostname is stored.

The edge router WebSocket URL (wss://connect.../api/edge/ws) is also shown here so you can copy it when enrolling bridge devices.

Changing the API / Connect hostname

The API hostname is a simple setting. Enter the new hostname and click Set. Changes take effect immediately:

  • The full install command in Admin → Setup → Edge Routers uses the new hostname
  • The API Explorer link updates
  • External integrations that read GET /api/dns see the new value

No nginx reload is needed. The connect. nginx block is permanent. If you need to use a completely different domain, add an nginx server block and TLS certificate for it manually, then update this setting.

Changing the Web UI hostname (staged dry-run)

Changing the web UI hostname requires updating nginx and re-issuing a TLS certificate. Vistralio uses a two-stage flow with server-side verification before anything changes in nginx.

Flow

  1. Stage the new hostname.
  2. Open it in a new tab — the server verifies DNS actually resolves here.
  3. Push to live once verified.
  4. Run apply-dns.sh on the server.

Step by step

1. Stage

Enter the new hostname in the Web UI hostname (staged change) section and click Stage. The current site keeps working.

2. Verify

Create the DNS A record at your registrar (or Cloudflare) pointing the new hostname to the server IP. Wait for propagation.

Click Open new hostname (verify) — this opens https://newhost/api/dns/probe in a new tab. The endpoint compares the inbound Host header against the staged value. If they match, the staging record flips to verified ✓.

If they don't match, the page shows what host it actually received — usually this means DNS hasn't propagated yet.

3. Push to live

Once verified ✓ appears, click Push to live. This moves staging → current in the database and sets a dns.pending_apply flag. Both the old and new hostnames still work at this point.

4. Apply

Run on the server:

sudo /opt/vistralio/scripts/apply-dns.sh

This script:

  • Reads the new hostname from the database
  • Rewrites server_name in /etc/nginx/sites-available/vistralio
  • Runs certbot --nginx -d <newhost> if Let's Encrypt was selected
  • Reloads nginx
  • Clears the dns.pending_apply flag

After this completes, the old hostname stops working. The system is now exclusively on the new web hostname.

Recovery

The previous nginx config is preserved in *.bak files. Failing that:

sudo nano /etc/nginx/sites-available/vistralio
# (restore server_name to the last working host)
sudo nginx -t && sudo systemctl reload nginx

Application data is untouched — only the public hostname and certificate change.

DNS setup for a new installation

All four hostnames must have A records pointing to the server IP before running the installer so Let's Encrypt can issue certificates:

Hostname Purpose
saas.vistralio.co.uk Web UI + API
connect.vistralio.co.uk API / Connect (external + edge routers)
updates.vistralio.co.uk Update distribution
license-server.vistralio.co.uk License server

If using Cloudflare, set proxy to DNS-only (grey cloud) during initial certificate issuance. The orange cloud proxy can be enabled later, but note that it adds latency to the edge WebSocket and media streams.

API reference

# Status — shows web hostname, API hostname, edge WebSocket URL, staging state
GET /api/dns

# Set the API / Connect hostname
POST /api/dns/set-api-hostname
{"hostname": "connect.example.com"}

# Stage a new web hostname
POST /api/dns/stage
{"hostname": "cctv.newdomain.com", "use_letsencrypt": true}

# Probe (public, no auth — verifies DNS from inbound Host header)
GET https://cctv.newdomain.com/api/dns/probe

# Push staged → live (must be verified first)
POST /api/dns/promote

Permissions

dns.edit is required for all write operations. The probe endpoint is public.

Still need help?

Log a support ticket and the team will pick it up from this page.