Adds /whp/local-dev/ with three articles documenting the public cloud
container images on repo.anhonesthost.net/cloud-hosting-platform/:
- overview: dev/prod parity pitch, prerequisites, table of images,
link to the Gitea org, and a note that this is for customers
comfortable with Docker (the hosted side needs none of this).
- php-apache: cloud-apache-container (cac). PHP 7.4 through 8.5 side
by side, default 8.3, AlmaLinux 9 + Apache mod_ssl. Documents
image tags, local-dev.sh flags, manual docker command, bind-mount
layout, WordPress install, helper scripts (instance_start /
instance_stop / instance_logs / instance_db_info), and cleanup.
- node: cloud-node-container (cnoc). Node 18/20/22, default 20,
AlmaLinux 9 + Nginx (SSL + HTTP→HTTPS redirect) + PM2 +
Memcached. Same shape: tags, flags, manual docker, where code
goes (user/app/), logs layout, helpers, cleanup.
Sidebar gains a 'Local development' group between Site Builder and
Reference. Section redirect /whp/local-dev/ -> overview added to
the section-landing redirect set.
- astro.config.mjs: section-only URLs now redirect to the first article in
that section. /whp/admin/ used to render Apache's directory listing
because no index.html existed; now it serves a meta-refresh to
/whp/admin/overview/. Same for /whp/, /whp/getting-started/,
/whp/how-to/, /whp/site-builder/, /whp/reference/, /whp/add-ons/.
- public/.htaccess: ships in dist, disables Options Indexes + MultiViews
(defense in depth so any future section without a redirect doesn't
leak a listing), and routes 404/403 to /404.html.
- src/content/docs/404.md: replaces the bare 'check the URL' tagline
with two explicit actions — 'Go to the knowledge base home' and
'WHP getting started'.
Verified every page against the live admin panel on whp01 (read-only).
Five existing articles rewritten; one new article added; customer-facing
backups article updated to match server reality.
Article changes
- overview: super admin = the root user only (no UI to add another);
WHMCS portal route doesn't apply for admin; accurate sidebar map of
every admin-only section; customer backups don't cover server config
(multiple locations, not just /etc — full-server backup is the right
safety net).
- server-settings: walked all six tabs (System / Services / Mail / DNS
/ Network & SSL / Security); clarified that host Apache + PHP-FPM
serve the WHP control panel, not customer sites; that MySQL runs as
a container so host MySQL config is client-facing; that custom
container needs are met by publishing a custom Docker image (linked
to repo.anhonesthost.net/cloud-hosting-platform/ for examples).
- coraza-waf: real Firing rules / CRS catalog / Activity tabs; global
WAF mode pill (off/detect/enforce); per-rule + per-host overrides;
Ask AI link; security.db source-of-truth + SIGHUP reload note.
- site-monitoring: split into the three actual admin pages — AI Monitor
dashboard, Issues, Ignore Rules — with stat tiles + health-check
timeline + ignore-rule AND-semantics.
- user-management: account types corrected to full / domain_dns /
mail_dns (verified in web-files/pages/user-management.php:26);
system users are protected against deletion (verified is_protected_user
in web-files/libs/usermgmt.php:697); delegated users are admin-editable
(not read-only); suspension page is served by haproxy's 503 errorfile
(verified in haproxy-manager-base/haproxy_tarpit_config.txt:31) so
troubleshooting points at haproxy reload / container logs.
- new admin/backups: customer-data backups vs full-server backups;
auto-backups only run with a default target; how to add global vs
per-customer targets; how to fire on-demand backups for any user;
troubleshooting around missing targets / failed test / disk pressure.
- how-to/backups (customer): aside about default-target requirement;
new section explaining what full-server backups cover vs customer
backups (managed plans + VDS covered by AnHonestHost; elsewhere is
the server operator's responsibility).
New components / tooling
- admin-signin partial: 'sign in directly at :8443 as root'.
- Head.astro override + medium-zoom: click-to-zoom lightbox on every
article image; auto-reattaches after Starlight client navigation.
- capture-admin.ts: read-only Playwright capture for admin docs with
multi-pass redaction (server hostnames, mail server, customer
domains, customer usernames in table cells, IPs except RFC1918 and
public resolvers, password/key/token/secret/api input values, plus
LiteLLM URLs, model names, JWT/sk-prefix API keys, root → admin).
Caught by Lighthouse on prod:
1. CRITICAL: support-link.mdx and signing-in.mdx used the MDX expression
`{URLS.x}` inside Markdown-link parens, which MDX doesn't evaluate —
the resulting href was URL-encoded '%7BURLS.whmcsTicket%7D' on every
page with a Support partial. Replaced with HTML anchors so the
expression evaluates.
2. Light-mode --sl-color-text-accent was the brand teal (#00d4aa) on a
cream background = 1.73:1 contrast. Introduced --anhh-accent-on-light
(#047857) at ~6:1 for inline accent text/links. Brand graphics keep
the original teal.
3. Bumped light-mode --anhh-text-secondary and --anhh-text-muted to
#334155 / #475569 so muted UI text clears AA.
4. Hub brand link aria-label now includes 'Knowledge Base' so the
accessible name covers the visible text.
Adds /whp/site-builder/ with overview, getting-started, blocks-and-pages,
styling, and publishing. Wired as a 'Site Builder' sidebar group with a
Beta badge.
- Captured real screenshots via the demo account through a redaction
step (server names, domain, demo-user all swapped for placeholders)
- New beta-callout partial shared across all 5 articles
- capture-site-builder.ts is local-only (uses tools/screenshots/.env
for demo creds, never runs in CI)
Adds /whp/admin/ with: overview, server-settings, coraza-waf,
site-monitoring, user-management. Articles are product-neutral
(no VDS in titles or required framing) since super admin may be
offered as a separate service later. They're marked Draft via:
- 'Draft' sidebar badge on the group + each article
- A draft callout partial at the top of every page noting WIP
The super-admin-callout partial (renamed from vds-only-callout)
mentions VDS as today's most common way to get super admin without
locking the docs to that single product.
The apartment-vs-townhome framing maps more cleanly onto containers:
- An apartment shares walls, plumbing, air — neighbour noise/smells leak in.
That's the experience on shared hosting.
- A townhome in a gated community keeps the shared upside (security, gates,
community centre = the server/host) but isolates each unit. That's the
containerized story.
Discovery against the demo account on whp01 surfaced several inaccuracies:
- Cache is Valkey (Redis wire-compatible), not Redis or Memcached.
No Memcached is offered as a separate service.
- Site Monitoring is the sidebar label (not 'AI Monitor').
- 'Add a domain' has no Primary/Add-on distinction.
- Sites form: 'Container Type' (not 'Site type'), Number of Containers
(1-10 for horizontal scaling), CPU per Container (default 0.25),
Memory per Container (default 256MB), SSL inline on the same form.
- Backups: default retention 5 days / 10 backups; on-demand + scheduled;
S3 backup targets are visible and configurable.
- Email: per-domain settings live behind 'Setup Instructions' on the
Email page; mail server hostname is on the Dashboard (per-server,
e.g. mail01.cloud-hosting.io), not per-domain.
Also reworked the screenshot pipeline:
- New shots.config.ts targets the real index.php?page=... URLs
- Added redactSensitive() step that runs before each screenshot to swap
server names, IPs, mail hostnames, and demo-user-isms with neutral
placeholders. This keeps docs portable across the fleet.
- Hides .brand-full and .navbar-text (top-bar server identifier and
Welcome greeting).
- Captured 9 real WHP screenshots; removed stale placeholders.
- Remove smtp.anhonesthost.com row from service-hostnames partial — we
don't operate a single shared SMTP gateway; mail server hostnames are
per-domain and listed on the WHP Dashboard
- Drop SSH tunneling section from service-hostnames reference (not a
supported access path)
- Point email-client setup at the Dashboard for the per-domain host
rather than assuming a 'mail.<yourdomain>' pattern
Placeholders are 1440x900 'Screenshot pending' PNGs that will be
overwritten by real captures via 'npm run screenshots' once a demo
user is provisioned.