Verified every page against the live admin panel on whp01 (read-only).
Five existing articles rewritten; one new article added; customer-facing
backups article updated to match server reality.
Article changes
- overview: super admin = the root user only (no UI to add another);
WHMCS portal route doesn't apply for admin; accurate sidebar map of
every admin-only section; customer backups don't cover server config
(multiple locations, not just /etc — full-server backup is the right
safety net).
- server-settings: walked all six tabs (System / Services / Mail / DNS
/ Network & SSL / Security); clarified that host Apache + PHP-FPM
serve the WHP control panel, not customer sites; that MySQL runs as
a container so host MySQL config is client-facing; that custom
container needs are met by publishing a custom Docker image (linked
to repo.anhonesthost.net/cloud-hosting-platform/ for examples).
- coraza-waf: real Firing rules / CRS catalog / Activity tabs; global
WAF mode pill (off/detect/enforce); per-rule + per-host overrides;
Ask AI link; security.db source-of-truth + SIGHUP reload note.
- site-monitoring: split into the three actual admin pages — AI Monitor
dashboard, Issues, Ignore Rules — with stat tiles + health-check
timeline + ignore-rule AND-semantics.
- user-management: account types corrected to full / domain_dns /
mail_dns (verified in web-files/pages/user-management.php:26);
system users are protected against deletion (verified is_protected_user
in web-files/libs/usermgmt.php:697); delegated users are admin-editable
(not read-only); suspension page is served by haproxy's 503 errorfile
(verified in haproxy-manager-base/haproxy_tarpit_config.txt:31) so
troubleshooting points at haproxy reload / container logs.
- new admin/backups: customer-data backups vs full-server backups;
auto-backups only run with a default target; how to add global vs
per-customer targets; how to fire on-demand backups for any user;
troubleshooting around missing targets / failed test / disk pressure.
- how-to/backups (customer): aside about default-target requirement;
new section explaining what full-server backups cover vs customer
backups (managed plans + VDS covered by AnHonestHost; elsewhere is
the server operator's responsibility).
New components / tooling
- admin-signin partial: 'sign in directly at :8443 as root'.
- Head.astro override + medium-zoom: click-to-zoom lightbox on every
article image; auto-reattaches after Starlight client navigation.
- capture-admin.ts: read-only Playwright capture for admin docs with
multi-pass redaction (server hostnames, mail server, customer
domains, customer usernames in table cells, IPs except RFC1918 and
public resolvers, password/key/token/secret/api input values, plus
LiteLLM URLs, model names, JWT/sk-prefix API keys, root → admin).
Adds /whp/site-builder/ with overview, getting-started, blocks-and-pages,
styling, and publishing. Wired as a 'Site Builder' sidebar group with a
Beta badge.
- Captured real screenshots via the demo account through a redaction
step (server names, domain, demo-user all swapped for placeholders)
- New beta-callout partial shared across all 5 articles
- capture-site-builder.ts is local-only (uses tools/screenshots/.env
for demo creds, never runs in CI)
Discovery against the demo account on whp01 surfaced several inaccuracies:
- Cache is Valkey (Redis wire-compatible), not Redis or Memcached.
No Memcached is offered as a separate service.
- Site Monitoring is the sidebar label (not 'AI Monitor').
- 'Add a domain' has no Primary/Add-on distinction.
- Sites form: 'Container Type' (not 'Site type'), Number of Containers
(1-10 for horizontal scaling), CPU per Container (default 0.25),
Memory per Container (default 256MB), SSL inline on the same form.
- Backups: default retention 5 days / 10 backups; on-demand + scheduled;
S3 backup targets are visible and configurable.
- Email: per-domain settings live behind 'Setup Instructions' on the
Email page; mail server hostname is on the Dashboard (per-server,
e.g. mail01.cloud-hosting.io), not per-domain.
Also reworked the screenshot pipeline:
- New shots.config.ts targets the real index.php?page=... URLs
- Added redactSensitive() step that runs before each screenshot to swap
server names, IPs, mail hostnames, and demo-user-isms with neutral
placeholders. This keeps docs portable across the fleet.
- Hides .brand-full and .navbar-text (top-bar server identifier and
Welcome greeting).
- Captured 9 real WHP screenshots; removed stale placeholders.
