Commit Graph

38 Commits

Author SHA1 Message Date
jknapp 3a526783cb Merge pull request 'docs(email): update Create an email account for the tabbed layout' (#4) from docs/email-tabs into main
Build and deploy / deploy (push) Successful in 25s
Reviewed-on: #4
2026-06-23 21:56:46 +00:00
shadowdao 1769d5dc0b docs(email): show the create-account form in the Email Accounts screenshot
Bumped the demo account's email-account allowance so the page renders the
"Create Email Account" button + usage bar instead of the limit-reached state.
Updated steps to match the button → modal flow (Create Email Account opens the
form; the modal's submit button is "Create Account").

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 14:54:29 -07:00
shadowdao f1159867df docs(email): update Create an email account for the new tabbed layout
The Email page is now organized into tabs (Email Accounts / Forwarders /
Email Domains (DNS)) with a top button strip (Webmail / Admin Panel /
Setup Instructions). Reworked the how-to to match:
- orient readers to the tabs + top buttons; create on the Email Accounts tab
- autodiscovery records now live in Email Domains (DNS) → Autodiscovery
  Records (DNS) (was "Mail Client Setup")
- DKIM is in the DKIM Management section on the Email Domains (DNS) tab
- Webmail / Setup Instructions are the top-strip buttons

Recaptured whp-email.png (Email Accounts tab) and whp-email-autodiscovery.png
(DNS tab) via the rewritten capture-email.ts (clicks the DNS tab; fleet
hostnames/IPs redacted, brand demo domain kept).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 14:49:33 -07:00
jknapp a6269d18fd Merge pull request 'docs(screenshots): document section capture scripts' (#3) from docs/dns-page-rework into main
Build and deploy / deploy (push) Successful in 22s
Reviewed-on: #3
2026-06-22 15:43:02 +00:00
shadowdao 8f42adc799 docs(screenshots): list capture-email.ts in the section-scripts table
Completes the section-capture docs after merging main — capture-email.ts
(Email page "Mail Client Setup") now appears alongside the other scripts.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 08:41:06 -07:00
shadowdao 7f63f064c9 Merge branch 'main' into docs/dns-page-rework 2026-06-22 08:40:31 -07:00
jknapp c9a08313ca Merge pull request 'docs(email): mail-client autodiscovery + external-DNS records' (#2) from docs/mail-autodiscovery into main
Build and deploy / deploy (push) Successful in 29s
Reviewed-on: #2
2026-06-22 15:36:31 +00:00
shadowdao 0b53569821 docs(email): document mail-client autodiscovery + external-DNS records
Reflects the new customer "Mail Client Setup" section on the Email page.

- create-an-email-account.mdx: new "Auto-configure your mail app" section —
  explains clients self-configure from DNS, that domains on our nameservers
  are already set, and the records to add when DNS is hosted elsewhere
  (Cloudflare/GoDaddy/etc.) with the full RFC 6186 record table + screenshot.
  Reframe "Set up your email client" as the manual fallback.
- manage-dns-records.mdx: cross-link "Mail autodiscovery records" subsection.
- New capture-email.ts + whp-email-autodiscovery.png (fleet-redacted: mail
  host shown as <mail-server>.cloud-hosting.io; demo domain kept visible).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 08:11:44 -07:00
shadowdao 23cc5a887b docs(screenshots): document section capture scripts + refresh workflow
The README only covered the shots.config.ts/run.ts path. Add a Section
capture scripts table (capture-admin/site-builder/dns) and a refresh
note distinguishing static pages (npm run screenshots) from interactive
states (npx tsx capture-<section>.ts), since reworked sections need the
latter.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 15:00:14 -07:00
jknapp 03aa273100 Merge pull request 'docs(whp): rework DNS page for new Domains & DNS UI' (#1) from docs/dns-page-rework into main
Build and deploy / deploy (push) Successful in 23s
Reviewed-on: #1
2026-06-11 21:52:34 +00:00
shadowdao da24dc8c67 docs(whp): rework DNS page for new Domains & DNS UI
The WHP DNS area was reworked from the old Domains page (left-side add
form + right-side DNS Management dropdown) into a searchable Domains &
DNS list plus a dedicated per-domain DNS records editor.

- Recapture whp-domains.png against the new list layout
- Add screenshots for the Add Domain modal, records editor, inline
  Add Record row, and bulk-action toolbar
- Add capture-dns.ts (fleet-redacted, viewport-only) following the
  existing capture-admin.ts pattern
- Rewrite add-a-domain.mdx Add Domain steps for the modal flow and
  point at the new records editor
- Add manage-dns-records.mdx how-to (add/edit/delete, type filter,
  bulk actions, verification, troubleshooting); renumber sidebar order

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 14:50:21 -07:00
shadowdao 08adca6955 docs(whp): add backend-switching how-to + Optimized Webserver (OLS) add-on page
Build and deploy / deploy (push) Successful in 25s
- how-to/switching-site-backend: change a site's container type between standard
  PHP/FPM and the premium LiteSpeed/OLS backend; required steps to move off
  premium before cancelling the add-on (panel blocks the disable otherwise).
- add-ons/optimized-webserver: what the OLS/LSCache add-on is, advantages, when
  NOT to use it, how to enable/use, and cancellation requirements.
- add-ons/overview: list the new add-on.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 06:52:11 -07:00
shadowdao 6ee2cf13b0 kb(whp/admin): document panel HSTS + VM-rebuild lockout recovery
Build and deploy / deploy (push) Successful in 23s
The WHP panel sends Strict-Transport-Security max-age=31536000
includeSubDomains on every response (correct for prod). When a server
is rebuilt, the regenerated self-signed cert no longer matches what
the admin's browser cached as HSTS-valid, and there is no clickable
'proceed unsafely' escape — the admin is locked out of their own
panel by hostname.

Add a Caution Aside under Network & SSL describing the symptom, the
two-browser HSTS confirmation pattern, and the three recovery paths
(IP-direct + LE issuance, browser HSTS clear, real cert preserved
across rebuilds). Frames LE issuance as a first-day operation, not an
incident response.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-29 09:21:08 -07:00
shadowdao 33d1da92ca docs(admin): add Data-drive encryption (LUKS) article
Build and deploy / deploy (push) Successful in 25s
Covers the opt-in LUKS2 encryption of /docker available on new server
installs. Reboot UX (web unlock at :8444, SSH fallback), threat model
in plain English, what LUKS does and doesn't protect against, header
backup handling, passphrase rotation outline, and the "do not enable
this if you need unattended reboots" caveat.

Sidebar order 7 (after Backups in the admin section).
Linked from the admin overview "What's in this section" list and from
the VDS comparison section of "What is containerized hosting?".

No cost / pricing language by design — operational positioning is
still being decided.
2026-05-23 08:59:16 -07:00
shadowdao 69439afe4a docs(local-dev): add 'Local development' section + PHP 8.5 support
Build and deploy / deploy (push) Successful in 23s
Adds /whp/local-dev/ with three articles documenting the public cloud
container images on repo.anhonesthost.net/cloud-hosting-platform/:

- overview: dev/prod parity pitch, prerequisites, table of images,
  link to the Gitea org, and a note that this is for customers
  comfortable with Docker (the hosted side needs none of this).
- php-apache: cloud-apache-container (cac). PHP 7.4 through 8.5 side
  by side, default 8.3, AlmaLinux 9 + Apache mod_ssl. Documents
  image tags, local-dev.sh flags, manual docker command, bind-mount
  layout, WordPress install, helper scripts (instance_start /
  instance_stop / instance_logs / instance_db_info), and cleanup.
- node: cloud-node-container (cnoc). Node 18/20/22, default 20,
  AlmaLinux 9 + Nginx (SSL + HTTP→HTTPS redirect) + PM2 +
  Memcached. Same shape: tags, flags, manual docker, where code
  goes (user/app/), logs layout, helpers, cleanup.

Sidebar gains a 'Local development' group between Site Builder and
Reference. Section redirect /whp/local-dev/ -> overview added to
the section-landing redirect set.
2026-05-18 12:01:49 -07:00
shadowdao aeb033bae5 feat(routing): redirect section landings + harden 404 / no directory listings
Build and deploy / deploy (push) Successful in 23s
- astro.config.mjs: section-only URLs now redirect to the first article in
  that section. /whp/admin/ used to render Apache's directory listing
  because no index.html existed; now it serves a meta-refresh to
  /whp/admin/overview/. Same for /whp/, /whp/getting-started/,
  /whp/how-to/, /whp/site-builder/, /whp/reference/, /whp/add-ons/.
- public/.htaccess: ships in dist, disables Options Indexes + MultiViews
  (defense in depth so any future section without a redirect doesn't
  leak a listing), and routes 404/403 to /404.html.
- src/content/docs/404.md: replaces the bare 'check the URL' tagline
  with two explicit actions — 'Go to the knowledge base home' and
  'WHP getting started'.
2026-05-18 11:18:35 -07:00
shadowdao 119d376029 docs(admin): rewrite + extend WHP super-admin section from real UI
Build and deploy / deploy (push) Successful in 24s
Verified every page against the live admin panel on whp01 (read-only).
Five existing articles rewritten; one new article added; customer-facing
backups article updated to match server reality.

Article changes
- overview: super admin = the root user only (no UI to add another);
  WHMCS portal route doesn't apply for admin; accurate sidebar map of
  every admin-only section; customer backups don't cover server config
  (multiple locations, not just /etc — full-server backup is the right
  safety net).
- server-settings: walked all six tabs (System / Services / Mail / DNS
  / Network & SSL / Security); clarified that host Apache + PHP-FPM
  serve the WHP control panel, not customer sites; that MySQL runs as
  a container so host MySQL config is client-facing; that custom
  container needs are met by publishing a custom Docker image (linked
  to repo.anhonesthost.net/cloud-hosting-platform/ for examples).
- coraza-waf: real Firing rules / CRS catalog / Activity tabs; global
  WAF mode pill (off/detect/enforce); per-rule + per-host overrides;
  Ask AI link; security.db source-of-truth + SIGHUP reload note.
- site-monitoring: split into the three actual admin pages — AI Monitor
  dashboard, Issues, Ignore Rules — with stat tiles + health-check
  timeline + ignore-rule AND-semantics.
- user-management: account types corrected to full / domain_dns /
  mail_dns (verified in web-files/pages/user-management.php:26);
  system users are protected against deletion (verified is_protected_user
  in web-files/libs/usermgmt.php:697); delegated users are admin-editable
  (not read-only); suspension page is served by haproxy's 503 errorfile
  (verified in haproxy-manager-base/haproxy_tarpit_config.txt:31) so
  troubleshooting points at haproxy reload / container logs.
- new admin/backups: customer-data backups vs full-server backups;
  auto-backups only run with a default target; how to add global vs
  per-customer targets; how to fire on-demand backups for any user;
  troubleshooting around missing targets / failed test / disk pressure.
- how-to/backups (customer): aside about default-target requirement;
  new section explaining what full-server backups cover vs customer
  backups (managed plans + VDS covered by AnHonestHost; elsewhere is
  the server operator's responsibility).

New components / tooling
- admin-signin partial: 'sign in directly at :8443 as root'.
- Head.astro override + medium-zoom: click-to-zoom lightbox on every
  article image; auto-reattaches after Starlight client navigation.
- capture-admin.ts: read-only Playwright capture for admin docs with
  multi-pass redaction (server hostnames, mail server, customer
  domains, customer usernames in table cells, IPs except RFC1918 and
  public resolvers, password/key/token/secret/api input values, plus
  LiteLLM URLs, model names, JWT/sk-prefix API keys, root → admin).
2026-05-18 10:49:43 -07:00
shadowdao 8c965f76d2 fix(a11y): broken support/signin links + WCAG AA contrast in light mode
Build and deploy / deploy (push) Successful in 29s
Caught by Lighthouse on prod:

1. CRITICAL: support-link.mdx and signing-in.mdx used the MDX expression
   `{URLS.x}` inside Markdown-link parens, which MDX doesn't evaluate —
   the resulting href was URL-encoded '%7BURLS.whmcsTicket%7D' on every
   page with a Support partial. Replaced with HTML anchors so the
   expression evaluates.
2. Light-mode --sl-color-text-accent was the brand teal (#00d4aa) on a
   cream background = 1.73:1 contrast. Introduced --anhh-accent-on-light
   (#047857) at ~6:1 for inline accent text/links. Brand graphics keep
   the original teal.
3. Bumped light-mode --anhh-text-secondary and --anhh-text-muted to
   #334155 / #475569 so muted UI text clears AA.
4. Hub brand link aria-label now includes 'Knowledge Base' so the
   accessible name covers the visible text.
v1.0
2026-05-17 21:04:10 -07:00
shadowdao 6a0a461c26 docs(site-builder): add 5-article Site Builder section (Beta)
Build and deploy / deploy (push) Successful in 23s
Adds /whp/site-builder/ with overview, getting-started, blocks-and-pages,
styling, and publishing. Wired as a 'Site Builder' sidebar group with a
Beta badge.

- Captured real screenshots via the demo account through a redaction
  step (server names, domain, demo-user all swapped for placeholders)
- New beta-callout partial shared across all 5 articles
- capture-site-builder.ts is local-only (uses tools/screenshots/.env
  for demo creds, never runs in CI)
2026-05-17 18:40:47 -07:00
shadowdao ebbb75d7f5 ci: bump runner Node to 22 (Astro 6 requires >=22.12)
Build and deploy / deploy (push) Successful in 38s
2026-05-17 18:21:36 -07:00
shadowdao 7f81240d22 ci: Gitea Actions build + lftp SFTP deploy
Build and deploy / deploy (push) Failing after 13s
Triggers on push to main and manual workflow_dispatch. Builds with
Node 20, runs astro check, builds the static site, then mirrors
./dist via SFTP using the SFTP_* secrets configured on the repo.

Password-based SFTP for now (matches the credentials we have). Swap to
key-based by adding SFTP_KEY as a secret and tweaking the lftp call
when the production site user is created.
2026-05-17 18:06:41 -07:00
shadowdao fef98357c7 docs(admin): add WHP super-admin section (5 draft articles)
Adds /whp/admin/ with: overview, server-settings, coraza-waf,
site-monitoring, user-management. Articles are product-neutral
(no VDS in titles or required framing) since super admin may be
offered as a separate service later. They're marked Draft via:

- 'Draft' sidebar badge on the group + each article
- A draft callout partial at the top of every page noting WIP

The super-admin-callout partial (renamed from vds-only-callout)
mentions VDS as today's most common way to get super admin without
locking the docs to that single product.
2026-05-17 18:04:01 -07:00
shadowdao 5d829c44ba docs(explainer): switch analogy to apartment vs townhome in a gated community
The apartment-vs-townhome framing maps more cleanly onto containers:
- An apartment shares walls, plumbing, air — neighbour noise/smells leak in.
  That's the experience on shared hosting.
- A townhome in a gated community keeps the shared upside (security, gates,
  community centre = the server/host) but isolates each unit. That's the
  containerized story.
2026-05-17 17:44:43 -07:00
shadowdao 2cd10bc56d feat(nav): rename Hosting link to 'Get a Plan'
More CTA-flavoured; differentiates from the WHP product mentioned
inside the docs.
2026-05-17 17:24:41 -07:00
shadowdao ccfe8bb649 feat(nav): top-bar Hosting + Client Portal links
Adds external links to anhonesthost.com (Hosting) and
secure.anhonesthost.com (Client Portal) in both the Starlight header
(via the SiteTitle override) and the custom hub page header. Hidden
on narrow viewports so the search box, hamburger, and theme toggle
keep room.
2026-05-17 17:17:57 -07:00
shadowdao c602b8f8f3 docs: verify against real WHP + capture real screenshots
Discovery against the demo account on whp01 surfaced several inaccuracies:

- Cache is Valkey (Redis wire-compatible), not Redis or Memcached.
  No Memcached is offered as a separate service.
- Site Monitoring is the sidebar label (not 'AI Monitor').
- 'Add a domain' has no Primary/Add-on distinction.
- Sites form: 'Container Type' (not 'Site type'), Number of Containers
  (1-10 for horizontal scaling), CPU per Container (default 0.25),
  Memory per Container (default 256MB), SSL inline on the same form.
- Backups: default retention 5 days / 10 backups; on-demand + scheduled;
  S3 backup targets are visible and configurable.
- Email: per-domain settings live behind 'Setup Instructions' on the
  Email page; mail server hostname is on the Dashboard (per-server,
  e.g. mail01.cloud-hosting.io), not per-domain.

Also reworked the screenshot pipeline:
- New shots.config.ts targets the real index.php?page=... URLs
- Added redactSensitive() step that runs before each screenshot to swap
  server names, IPs, mail hostnames, and demo-user-isms with neutral
  placeholders. This keeps docs portable across the fleet.
- Hides .brand-full and .navbar-text (top-bar server identifier and
  Welcome greeting).
- Captured 9 real WHP screenshots; removed stale placeholders.
2026-05-17 17:00:13 -07:00
shadowdao 53bc37fd0d docs: fix mail server + drop SSH tunneling
- Remove smtp.anhonesthost.com row from service-hostnames partial — we
  don't operate a single shared SMTP gateway; mail server hostnames are
  per-domain and listed on the WHP Dashboard
- Drop SSH tunneling section from service-hostnames reference (not a
  supported access path)
- Point email-client setup at the Dashboard for the per-domain host
  rather than assuming a 'mail.<yourdomain>' pattern
2026-05-17 16:38:36 -07:00
shadowdao af94b72777 feat(brand): use real AnHonestHost wordmark + chevron logo
- Pulled the real inline SVG from anhonesthost.com (chevrons + wordmark
  with 'Host' in teal #00d4aa)
- Override Starlight's SiteTitle component so the SVG is inlined rather
  than loaded as <img>, letting currentColor follow the active theme
- Hub page header uses the same wordmark
- 'Knowledge Base' label sits to the right of the brand mark, hidden on
  narrow viewports
2026-05-17 16:36:46 -07:00
shadowdao 16e14019b7 fix(a11y): active sidebar item contrast (WCAG AA)
Starlight's default uses --sl-color-text-accent (our teal #00d4aa) as
the active-item background, which gives ~3:1 contrast vs the dark
inverted text — under WCAG AA (4.5:1). Override with primary blue
+ white text for ~9:1.

Note: customCss loads before Starlight's component CSS, so the rule
needs (0,2,1) specificity to win against Starlight's scoped (0,2,0).
2026-05-17 10:46:45 -07:00
shadowdao e3b113cc2f feat(screenshots): Playwright capture pipeline (local-only, viewport-only) 2026-05-17 10:36:32 -07:00
shadowdao 748fcfeb6f docs(whp): add reference + 5 add-on articles, env.d.ts for font CSS imports 2026-05-17 10:34:43 -07:00
shadowdao 231aa583a0 docs(whp): add how-to articles (domain, site, email, backups) + placeholder screenshots
Placeholders are 1440x900 'Screenshot pending' PNGs that will be
overwritten by real captures via 'npm run screenshots' once a demo
user is provisioned.
2026-05-17 10:32:23 -07:00
shadowdao e782234f65 docs(whp): add welcome + containerized hosting explainer 2026-05-17 10:29:57 -07:00
shadowdao 8c23b835d6 feat(content): add reusable partials and how-to template 2026-05-17 10:28:52 -07:00
shadowdao 84e1318b33 feat(hub): landing page with product cards (hides empty products) 2026-05-17 10:27:50 -07:00
shadowdao d4970ef408 feat(brand): wire anhh-* tokens, fonts, ~/ vite alias, WHP sidebar 2026-05-17 10:26:59 -07:00
shadowdao 351f1e1431 docs: add README, CONTRIBUTING, LICENSE (CC BY 4.0) 2026-05-17 10:25:30 -07:00
shadowdao d552e6ca57 chore: scaffold Astro Starlight project
- Astro 6.3 + Starlight 0.39
- TypeScript strict
- Sitemap integration
- Inter + JetBrains Mono variable fonts
- Custom .gitignore (no AI artifacts; no .env)
- .editorconfig
2026-05-17 10:24:47 -07:00