Verified every page against the live admin panel on whp01 (read-only).
Five existing articles rewritten; one new article added; customer-facing
backups article updated to match server reality.
Article changes
- overview: super admin = the root user only (no UI to add another);
WHMCS portal route doesn't apply for admin; accurate sidebar map of
every admin-only section; customer backups don't cover server config
(multiple locations, not just /etc — full-server backup is the right
safety net).
- server-settings: walked all six tabs (System / Services / Mail / DNS
/ Network & SSL / Security); clarified that host Apache + PHP-FPM
serve the WHP control panel, not customer sites; that MySQL runs as
a container so host MySQL config is client-facing; that custom
container needs are met by publishing a custom Docker image (linked
to repo.anhonesthost.net/cloud-hosting-platform/ for examples).
- coraza-waf: real Firing rules / CRS catalog / Activity tabs; global
WAF mode pill (off/detect/enforce); per-rule + per-host overrides;
Ask AI link; security.db source-of-truth + SIGHUP reload note.
- site-monitoring: split into the three actual admin pages — AI Monitor
dashboard, Issues, Ignore Rules — with stat tiles + health-check
timeline + ignore-rule AND-semantics.
- user-management: account types corrected to full / domain_dns /
mail_dns (verified in web-files/pages/user-management.php:26);
system users are protected against deletion (verified is_protected_user
in web-files/libs/usermgmt.php:697); delegated users are admin-editable
(not read-only); suspension page is served by haproxy's 503 errorfile
(verified in haproxy-manager-base/haproxy_tarpit_config.txt:31) so
troubleshooting points at haproxy reload / container logs.
- new admin/backups: customer-data backups vs full-server backups;
auto-backups only run with a default target; how to add global vs
per-customer targets; how to fire on-demand backups for any user;
troubleshooting around missing targets / failed test / disk pressure.
- how-to/backups (customer): aside about default-target requirement;
new section explaining what full-server backups cover vs customer
backups (managed plans + VDS covered by AnHonestHost; elsewhere is
the server operator's responsibility).
New components / tooling
- admin-signin partial: 'sign in directly at :8443 as root'.
- Head.astro override + medium-zoom: click-to-zoom lightbox on every
article image; auto-reattaches after Starlight client navigation.
- capture-admin.ts: read-only Playwright capture for admin docs with
multi-pass redaction (server hostnames, mail server, customer
domains, customer usernames in table cells, IPs except RFC1918 and
public resolvers, password/key/token/secret/api input values, plus
LiteLLM URLs, model names, JWT/sk-prefix API keys, root → admin).
