feat: separate Public IP for DNS records from Server IP, improve settings help texts

- Add public_ip field to Settings for DNS A records (proxy/load balancer IP)
- DNS records now use public_ip, falling back to server_ip if empty
- Server IP renamed to "Server IP (Docker Host)" for clarity
- Public IP labeled "Public IP (DNS Target)"
- Updated help texts for domain, server IP, public IP, and Docker network
- DB migration + schema for public_ip column

internal/api/dns.go

@@ -12,6 +12,15 @@ import (
 	"github.com/go-chi/chi/v5"
 )
 
+// dnsTargetIP returns the IP to use for DNS A records.
+// Prefers PublicIP (the proxy/NPM host), falls back to ServerIP.
+func dnsTargetIP(settings store.Settings) string {
+	if settings.PublicIP != "" {
+		return settings.PublicIP
+	}
+	return dnsTargetIP(settings)
+}
+
 // dnsRecordView is the response format for DNS records with consumer context.
 type dnsRecordView struct {
 	FQDN         string `json:"fqdn"`
@@ -56,7 +65,7 @@ func (s *Server) listDNSRecords(w http.ResponseWriter, r *http.Request) {
 			views = append(views, dnsRecordView{
 				FQDN:         fqdn,
 				Type:         "A",
-				Content:      settings.ServerIP,
+				Content:      dnsTargetIP(settings),
 				ConsumerType: consumerType,
 				ConsumerName: name,
 				ConsumerID:   consumerID,
@@ -107,7 +116,7 @@ func (s *Server) listDNSRecords(w http.ResponseWriter, r *http.Request) {
 	// Process local records: check if they exist in provider.
 	for _, local := range localRecords {
 		status := "missing"
-		content := settings.ServerIP
+		content := dnsTargetIP(settings)
 		if pRec, ok := providerByFQDN[local.FQDN]; ok {
 			status = "synced"
 			content = pRec.Content
@@ -292,7 +301,7 @@ func (s *Server) syncDNSRecords(w http.ResponseWriter, r *http.Request) {
 			continue
 		}
 
-		recordID, err := provider.EnsureRecord(r.Context(), fqdn, settings.ServerIP)
+		recordID, err := provider.EnsureRecord(r.Context(), fqdn, dnsTargetIP(settings))
 		if err != nil {
 			slog.Warn("dns sync: failed to create record", "fqdn", fqdn, "error", err)
 			continue

internal/api/settings.go

@@ -21,6 +21,7 @@ import (
 type settingsRequest struct {
 	Domain           string `json:"domain"`
 	ServerIP         string `json:"server_ip"`
+	PublicIP         string `json:"public_ip"`
 	Network          string `json:"network"`
 	SubdomainPattern string `json:"subdomain_pattern"`
 	NotificationURL  string `json:"notification_url"`
@@ -59,6 +60,7 @@ func (s *Server) getSettings(w http.ResponseWriter, r *http.Request) {
 	respondJSON(w, http.StatusOK, map[string]any{
 		"domain":                    settings.Domain,
 		"server_ip":                 settings.ServerIP,
+		"public_ip":                 settings.PublicIP,
 		"network":                   settings.Network,
 		"subdomain_pattern":         settings.SubdomainPattern,
 		"notification_url":          settings.NotificationURL,
@@ -107,6 +109,9 @@ func (s *Server) updateSettings(w http.ResponseWriter, r *http.Request) {
 	if req.ServerIP != "" {
 		updated.ServerIP = req.ServerIP
 	}
+	if req.PublicIP != "" {
+		updated.PublicIP = req.PublicIP
+	}
 	if req.Network != "" {
 		updated.Network = req.Network
 	}

internal/store/models.go

@@ -49,7 +49,8 @@ type Registry struct {
 // Settings holds global application configuration (single-row pattern).
 type Settings struct {
 	Domain           string `json:"domain"`
-	ServerIP         string `json:"server_ip"`
+	ServerIP         string `json:"server_ip"`  // Docker host IP (for NPM remote forwarding)
+	PublicIP         string `json:"public_ip"`  // Public-facing IP for DNS A records (e.g., NPM/proxy host)
 	Network          string `json:"network"`
 	SubdomainPattern string `json:"subdomain_pattern"`
 	NotificationURL  string `json:"notification_url"`

internal/store/settings.go

@@ -9,7 +9,7 @@ func (s *Store) GetSettings() (Settings, error) {
 	var st Settings
 	var wildcardDNS, npmRemote, backupEnabled int
 	err := s.db.QueryRow(
-		`SELECT domain, server_ip, network, subdomain_pattern, notification_url,
+		`SELECT domain, server_ip, public_ip, network, subdomain_pattern, notification_url,
 		        npm_url, npm_email, npm_password, webhook_secret, polling_interval,
 		        base_volume_path, ssl_certificate_id, stale_threshold_days,
 		        allowed_volume_paths, wildcard_dns, dns_provider,
@@ -19,7 +19,7 @@ func (s *Store) GetSettings() (Settings, error) {
 		        backup_enabled, backup_interval_hours, backup_retention_count,
 		        updated_at
 		 FROM settings WHERE id = 1`,
-	).Scan(&st.Domain, &st.ServerIP, &st.Network, &st.SubdomainPattern, &st.NotificationURL,
+	).Scan(&st.Domain, &st.ServerIP, &st.PublicIP, &st.Network, &st.SubdomainPattern, &st.NotificationURL,
 		&st.NpmURL, &st.NpmEmail, &st.NpmPassword, &st.WebhookSecret, &st.PollingInterval,
 		&st.BaseVolumePath, &st.SSLCertificateID, &st.StaleThresholdDays,
 		&st.AllowedVolumePaths, &wildcardDNS, &st.DNSProvider,
@@ -54,7 +54,7 @@ func (s *Store) UpdateSettings(st Settings) error {
 	}
 	_, err := s.db.Exec(
 		`UPDATE settings SET
-			domain=?, server_ip=?, network=?, subdomain_pattern=?, notification_url=?,
+			domain=?, server_ip=?, public_ip=?, network=?, subdomain_pattern=?, notification_url=?,
 			npm_url=?, npm_email=?, npm_password=?, webhook_secret=?, polling_interval=?,
 			base_volume_path=?, ssl_certificate_id=?, stale_threshold_days=?,
 			allowed_volume_paths=?, wildcard_dns=?, dns_provider=?,
@@ -64,7 +64,7 @@ func (s *Store) UpdateSettings(st Settings) error {
 			backup_enabled=?, backup_interval_hours=?, backup_retention_count=?,
 			updated_at=?
 		 WHERE id = 1`,
-		st.Domain, st.ServerIP, st.Network, st.SubdomainPattern, st.NotificationURL,
+		st.Domain, st.ServerIP, st.PublicIP, st.Network, st.SubdomainPattern, st.NotificationURL,
 		st.NpmURL, st.NpmEmail, st.NpmPassword, st.WebhookSecret, st.PollingInterval,
 		st.BaseVolumePath, st.SSLCertificateID, st.StaleThresholdDays,
 		st.AllowedVolumePaths, wildcardDNS, st.DNSProvider,

internal/store/store.go

@@ -119,6 +119,8 @@ func (s *Store) runMigrations() error {
 		// NPM access list support (global default + per-project override).
 		`ALTER TABLE settings ADD COLUMN npm_access_list_id INTEGER NOT NULL DEFAULT 0`,
 		`ALTER TABLE projects ADD COLUMN npm_access_list_id INTEGER NOT NULL DEFAULT 0`,
+		// Separate public IP for DNS A records.
+		`ALTER TABLE settings ADD COLUMN public_ip TEXT NOT NULL DEFAULT ''`,
 	}
 
 	for _, m := range migrations {
@@ -211,6 +213,7 @@ CREATE TABLE IF NOT EXISTS settings (
 	id                  INTEGER PRIMARY KEY CHECK (id = 1),
 	domain              TEXT NOT NULL DEFAULT '',
 	server_ip           TEXT NOT NULL DEFAULT '',
+	public_ip           TEXT NOT NULL DEFAULT '',
 	network             TEXT NOT NULL DEFAULT 'docker-watcher',
 	subdomain_pattern   TEXT NOT NULL DEFAULT 'stage-{stage}-{project}',
 	notification_url    TEXT NOT NULL DEFAULT '',

web/src/lib/i18n/en.json

@@ -287,11 +287,13 @@
     "title": "General Settings",
     "globalConfig": "Global Configuration",
     "domain": "Domain",
-    "domainHelp": "Base domain for subdomain routing",
+    "domainHelp": "Base domain for subdomain routing (e.g., example.com → stage-dev-app.example.com)",
-    "serverIp": "Server IP",
+    "serverIp": "Server IP (Docker Host)",
-    "serverIpHelp": "Public IP address of the server",
+    "serverIpHelp": "IP of the machine running Docker. Used for NPM remote forwarding.",
+    "publicIp": "Public IP (DNS Target)",
+    "publicIpHelp": "IP for DNS A records — typically your proxy/load balancer. Falls back to Server IP if empty.",
     "dockerNetwork": "Docker Network",
-    "dockerNetworkHelp": "Docker network for deployed containers",
+    "dockerNetworkHelp": "Docker network that containers and proxy share. Must match your NPM/Traefik network.",
     "subdomainPattern": "Subdomain Pattern",
     "subdomainPatternHelp": "Pattern for auto-generated subdomains",
     "subdomainVarsTitle": "Available variables",

web/src/lib/i18n/ru.json

@@ -287,11 +287,13 @@
     "title": "Общие настройки",
     "globalConfig": "Глобальная конфигурация",
     "domain": "Домен",
-    "domainHelp": "Базовый домен для маршрутизации поддоменов",
+    "domainHelp": "Базовый домен для маршрутизации (напр., example.com → stage-dev-app.example.com)",
-    "serverIp": "IP сервера",
+    "serverIp": "IP сервера (Docker Host)",
-    "serverIpHelp": "Публичный IP-адрес сервера",
+    "serverIpHelp": "IP машины с Docker. Используется для удалённого NPM.",
+    "publicIp": "Публичный IP (для DNS)",
+    "publicIpHelp": "IP для DNS A-записей — обычно адрес прокси/балансировщика. Если пусто, используется IP сервера.",
     "dockerNetwork": "Docker-сеть",
-    "dockerNetworkHelp": "Docker-сеть для развёрнутых контейнеров",
+    "dockerNetworkHelp": "Docker-сеть, общая для контейнеров и прокси. Должна совпадать с сетью NPM/Traefik.",
     "subdomainPattern": "Шаблон поддомена",
     "subdomainPatternHelp": "Шаблон для автоматически генерируемых поддоменов",
     "subdomainVarsTitle": "Доступные переменные",

web/src/lib/types.ts

@@ -100,6 +100,7 @@ export interface RegistryImage {
 export interface Settings {
 	domain: string;
 	server_ip: string;
+	public_ip: string;
 	network: string;
 	subdomain_pattern: string;
 	notification_url: string;

web/src/routes/settings/+page.svelte

@@ -15,6 +15,7 @@
 
 	let domain = $state('');
 	let serverIp = $state('');
+	let publicIp = $state('');
 	let network = $state('');
 	let subdomainPattern = $state('');
 	let pollingInterval = $state('');
@@ -118,6 +119,7 @@
 			const settings = await getSettings();
 			domain = settings.domain ?? '';
 			serverIp = settings.server_ip ?? '';
+			publicIp = settings.public_ip ?? '';
 			network = settings.network ?? '';
 			subdomainPattern = settings.subdomain_pattern ?? '';
 			pollingInterval = parseDurationToSeconds(settings.polling_interval ?? '60');
@@ -148,7 +150,7 @@
 		saving = true;
 		try {
 			const payload: Record<string, unknown> = {
-				domain: domain.trim(), server_ip: serverIp.trim(), network: network.trim(),
+				domain: domain.trim(), server_ip: serverIp.trim(), public_ip: publicIp.trim(), network: network.trim(),
 				subdomain_pattern: subdomainPattern.trim(), polling_interval: secondsToDuration(pollingInterval),
 				base_volume_path: baseVolumePath.trim(), notification_url: notificationUrl.trim(),
 				proxy_provider: proxyProvider,
@@ -271,7 +273,8 @@
 			<h2 class="mb-4 text-lg font-semibold text-[var(--text-primary)]">{$t('settingsGeneral.globalConfig')}</h2>
 			<div class="grid grid-cols-1 gap-4 md:grid-cols-2">
 				<FormField label={$t('settingsGeneral.domain')} name="domain" bind:value={domain} placeholder="example.com" error={errors.domain ?? ''} helpText={$t('settingsGeneral.domainHelp')} />
-				<FormField label={$t('settingsGeneral.serverIp')} name="serverIp" bind:value={serverIp} placeholder="93.84.96.191" error={errors.serverIp ?? ''} helpText={$t('settingsGeneral.serverIpHelp')} />
+				<FormField label={$t('settingsGeneral.serverIp')} name="serverIp" bind:value={serverIp} placeholder="192.168.1.100" error={errors.serverIp ?? ''} helpText={$t('settingsGeneral.serverIpHelp')} />
+				<FormField label={$t('settingsGeneral.publicIp')} name="publicIp" bind:value={publicIp} placeholder="93.84.96.191" helpText={$t('settingsGeneral.publicIpHelp')} />
 				<FormField label={$t('settingsGeneral.dockerNetwork')} name="network" bind:value={network} placeholder="staging-net" helpText={$t('settingsGeneral.dockerNetworkHelp')} />
 				<div>
 					<div class="flex items-center gap-1.5">