Stats
Actions
Tags
From godmode
Guides DNS discovery/configuration, SSL/TLS certbot management, CDN cache strategies, load balancers (ALB/Nginx/HAProxy), VPC/SG security, and diagnostics for 502s/cert expiry.
How this skill is triggered — by the user, by Claude, or both
Slash command
/godmode:networkThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- `/godmode:network`, "configure DNS", "SSL certificate"
/godmode:network, "configure DNS", "SSL certificate"dig +short <domain> A
dig +short <domain> CNAME
dig +short <domain> MX
dig +short <domain> TXT
nslookup <domain>
| Component | Provider | Status |
| DNS | <provider> | configured/missing |
| SSL/TLS | <issuer> | valid/expired/none |
| CDN | <provider> | active/none |
| LB | <type> | healthy/degraded |
| VPC | <provider> | configured/none |
| Record | Type | Value | TTL | Proxy |
| @ | A | <LB IP> | 300 | Yes |
| www | CNAME | @ | 300 | Yes |
| api | A | <API LB> | 60 | Yes |
| mail | MX | <server> | 3600 | N/A |
| @ | TXT | v=spf1.. | 3600 | N/A |
# Check propagation
dig @8.8.8.8 <domain> A +short
dig @1.1.1.1 <domain> A +short
IF domain not resolving: check NS records first. IF email not delivered: verify MX + SPF + DKIM + DMARC.
sudo certbot certonly --webroot \
-w /var/www/html -d <domain> -d www.<domain>
# Wildcard (DNS challenge)
sudo certbot certonly --dns-<provider> \
-d <domain> -d *.<domain>
Auto-renewal: ENABLED (certbot or cert-manager)
Alert: 14 days before expiry
TLS: min 1.2, prefer 1.3
HSTS: enabled with preload
IF cert expires < 30 days: renew immediately. IF TLS < 1.2: upgrade, disable SSLv3/TLS1.0/1.1.
Cache strategy:
| Asset | Cache-Control | CDN TTL |
| HTML | no-cache | 0 |
| JS/CSS (hashed) | immutable, max-age=31536000 | 1yr |
| Images | max-age=604800 | 7 days |
| Fonts | max-age=31536000 | 1 year |
| API | private, no-store | 0 |
ALB: internet-facing, 2+ AZs, TLS termination
Health check: /healthz every 5s, rise 2, fall 3
Target groups by service, port-based routing
Nginx: least_conn, keepalive 32
Primary servers weighted, backup for failover
HAProxy: leastconn backend, 5s health interval
Max 1000 connections/server, 5s queue timeout
IF 502/503: check target health, SGs, port, path. IF high latency: check backend connections, keepalive.
VPC: 10.0.0.0/16
Public: 10.0.1.0/24, 10.0.2.0/24 (ALB, NAT)
Private: 10.0.10.0/24, 10.0.11.0/24 (app)
Isolated: 10.0.20.0/24, 10.0.21.0/24 (DB)
SG: alb-sg (443 from 0.0.0.0/0)
app-sg (<port> from alb-sg only)
db-sg (5432 from app-sg only)
Defense in depth: WAF -> NACL -> SG -> NetworkPolicy
# Network diagnostics
curl -w "@curl-format.txt" -o /dev/null -s http://localhost:8080/health
dig +stats example.com
Append .godmode/network-results.tsv:
timestamp resource_type count tls_status status
KEEP if: validation passes AND connectivity confirmed
AND no security regressions.
DISCARD if: validation fails OR connectivity broken.
Validate: dig, openssl, curl, traceroute.
STOP when FIRST of:
- All components configured and validated
- curl -sI https://{domain} returns 200 + HSTS
- User requests stop
On failure: git reset --hard HEAD~1. Never pause.
| Failure | Action |
|---|---|
| TLS expires | Auto-renewal + alert at 30/14/7d |
| LB 502/503 | Target health, SGs, port, path |
| DNS wrong IP | Check A/AAAA, CDN proxy, TTL |
npx claudepluginhub arbazkhan971/godmodeProvides expert guidance on cloud networking (AWS, Azure, GCP), load balancing, DNS, and SSL/TLS. Use for multi-cloud, hybrid, or secure network architecture design.
Design and build networking infrastructure — VPCs, subnets, DNS, load balancers, firewall rules. Use when asked to "set up networking", "VPC design", "configure DNS", "load balancer setup", "network architecture", or "firewall rules".
Designs and builds networking infrastructure: VPCs, subnets, DNS, load balancers, firewall rules. For cloud IaC projects using Terraform/Pulumi; activates on networking setup, VPC design, DNS config requests.