================================================================
       PANDUAN DEPLOY TUNNEL SaaS v2 KE cPANEL
       (Updated: support cross-platform path, system check)
================================================================

Panduan langkah demi langkah deploy SaaS server + admin panel
ke hosting cPanel (Niagahoster, Hostinger, IDCloudHost, dll).


----------------------------------------------------------------
RINGKASAN ARSITEKTUR
----------------------------------------------------------------

Yang akan di-deploy:

   1. SERVER PUSAT  -> 1 lokasi (folder server/)
   2. ADMIN PANEL  -> 1 lokasi (folder admin/)
   3. CLIENT FILES -> per domain client (generate dari admin)

Struktur ideal di cPanel:

   /home/USER/public_html/
   ├── api/              <- isi folder server/   (subdomain api.dom.com)
   │   ├── render.php
   │   ├── saas_config.php
   │   ├── index.php (engine)
   │   ├── ... semua file engine
   │   ├── amp/
   │   └── cache/        (auto-create, 755)
   │
   └── manage/           <- isi folder admin/    (subdomain manage.dom.com
       ├── index.php                              ATAU /manage/ subfolder)
       ├── .htaccess
       └── data/         (sensitive! di-deny via .htaccess)
           ├── keys.json
           ├── blacklist.txt
           ├── research_results.json
           └── clients/


----------------------------------------------------------------
A. PERSIAPAN HOSTING (5 menit)
----------------------------------------------------------------

[1] Login cPanel hosting Anda

[2] Buat 2 SUBDOMAIN
    cPanel > Domains > Subdomains

    Subdomain 1:
       Name        : api
       Domain      : mydomain.com
       Document Root: public_html/api
       Klik Create

    Subdomain 2 (opsional, bisa juga subfolder):
       Name        : manage  (atau admin)
       Domain      : mydomain.com
       Document Root: public_html/manage
       Klik Create

[3] AKTIFKAN EKSTENSI PHP
    cPanel > Select PHP Version (atau MultiPHP Manager)
    Pilih PHP 7.4 atau 8.x
    Centang ekstensi:
       [x] gd          (untuk banner image)
       [x] curl        (untuk client proxy + keyword)
       [x] mbstring    (untuk Unicode)
       [x] json
       [x] zip         (untuk generate file download)
    Klik "Save"

[4] CEK PHP OPTIONS
    cPanel > Select PHP Options
    Pastikan:
       allow_url_fopen      = On
       max_execution_time   = 600
       memory_limit         = 256M
       upload_max_filesize  = 16M


----------------------------------------------------------------
B. DEPLOY SERVER PUSAT (10 menit)
----------------------------------------------------------------

[1] ZIP folder server/ di komputer Anda
    Klik kanan folder tunnel-saas/server/
    > Send to > Compressed (zipped) folder
    Hasil: server.zip

[2] Upload ke public_html/api/
    cPanel > File Manager
    Navigasi ke: public_html/api/
    Klik "Upload"
    Pilih server.zip
    Klik "Upload Files"

[3] Extract di server
    Setelah upload selesai, kembali ke File Manager
    Klik kanan server.zip > Extract
    Pastikan struktur jadi:
       public_html/api/render.php
       public_html/api/saas_config.php
       public_html/api/index.php
       public_html/api/...

    Kalau ada folder "server" di dalam api/, pindahkan
    isinya ke api/ langsung (jangan nested).

    Hapus server.zip.

[4] Set Permission Folder Cache
    Klik kanan public_html/api/cache > Permissions > 755
    (Atau folder cache akan auto-create dengan 755 saat
     request pertama, kalau parent folder writable)

[5] Test Endpoint
    Buka browser: https://api.mydomain.com/render.php
    Expected: "Invalid API key"
    Itu artinya endpoint hidup. Klik next step.


----------------------------------------------------------------
C. DEPLOY ADMIN PANEL (5 menit)
----------------------------------------------------------------

[1] ZIP folder admin/ di komputer Anda

[2] Upload ke public_html/manage/ (atau public_html/admin/)
    cPanel > File Manager > Upload > admin.zip

[3] Extract di server
    Struktur jadi:
       public_html/manage/index.php
       public_html/manage/.htaccess
       public_html/manage/data/...

[4] Set Permission Data Folder
    Klik kanan public_html/manage/data > Permissions > 755
    Pastikan PHP bisa write di sana.

[5] GANTI PASSWORD ADMIN!
    File Manager > Edit public_html/manage/index.php
    Cari baris 13: $ADMIN_PASSWORD = 'admin123';
    GANTI ke password kuat, mis:
       $ADMIN_PASSWORD = 'k7Hn4qP9mZ2vXyR3wBcD8jL5fN1a';
    Save.

[6] Test Admin
    Buka: https://manage.mydomain.com/
    Muncul login screen ungu.
    Login pakai password yg baru di-set.
    Dashboard muncul. ✓


----------------------------------------------------------------
D. VERIFIKASI VIA SYSTEM CHECK (Penting!)
----------------------------------------------------------------

[1] Login admin
[2] Klik menu sidebar: 🩺 System Check
[3] Cek semua 20 item:
       ✓ PHP Version
       ✓ Ekstensi gd, curl, mbstring, json
       ✓ allow_url_fopen
       ✓ max_execution_time
       ✓ Folder writable (cache, data, clients)
       ✓ Required files (render.php, saas_config.php, ...)
       ✓ Server endpoint test

[4] Kalau ada FAIL:
    Lihat kolom "Fix" untuk panduan perbaikan.
    Biasanya tinggal aktifkan ekstensi PHP via cPanel.


----------------------------------------------------------------
E. TAMBAH CLIENT PERTAMA (3 menit)
----------------------------------------------------------------

[1] Admin > 🔑 API Keys & Client
[2] Form Tambah Client:
       Nama : Client Test
       Host : client-test.com
       [x] Clone master template
       Klik "Generate Key + Buat Folder"
[3] Key 40 karakter muncul -> COPY

[4] Admin > 📦 Download Client Files
[5] Server URL: https://api.mydomain.com/render.php
[6] Pilih client "Client Test"
[7] Klik "📥 Download ZIP Lengkap"
    Hasil: tunnel-client-client-test.com.zip


----------------------------------------------------------------
F. OWNER CLIENT PASANG DI DOMAINNYA (5 menit)
----------------------------------------------------------------

Kirim ZIP ke owner client. Mereka:

[1] Login cPanel hosting mereka
[2] File Manager > public_html/
[3] Upload tunnel-client-XXX.zip
[4] Extract
[5] Pindah isi folder main-domain/ ke public_html/
    (main-domain/index.php → public_html/index.php
     main-domain/.htaccess → public_html/.htaccess)
[6] Cek cPanel > Select PHP Version > centang cURL

[7] Buka https://domain-client.com di browser
    Halaman langsung tampil dari server pusat. ✓

KALAU AMP DI DOMAIN TERPISAH:
[8] Buat subdomain amp.domain-client.com di cPanel mereka
[9] Upload amp-domain/index.php + .htaccess ke folder subdomain
[10] Buka https://amp.domain-client.com → versi AMP tampil


----------------------------------------------------------------
G. POST-DEPLOY CHECKLIST
----------------------------------------------------------------

Setelah selesai, pastikan:

   [ ] Admin password BUKAN 'admin123' (sudah diganti)
   [ ] saas_config.php > 'allow_any' = false (production)
   [ ] Test browser dari incognito (cek tanpa cookie)
   [ ] System Check semua hijau
   [ ] Backup saas_config.php + admin/data/ (DOWNLOAD ke lokal)
   [ ] Submit sitemap ke Google Search Console
       URL sitemap: https://CLIENT-DOMAIN.com/sitemap.xml
   [ ] Set Cloudflare di depan server pusat (opsional)
   [ ] Pasang Auto-SSL di subdomain api.* dan manage.*


----------------------------------------------------------------
H. TROUBLESHOOTING UMUM cPANEL
----------------------------------------------------------------

Q: render.php muncul source code (raw PHP)
A: PHP belum aktif. cPanel > MultiPHP Manager > pilih versi
   untuk domain itu > Apply.

Q: 500 Internal Server Error
A: Permission .htaccess salah. CHMOD 644.
   Atau cek error_log di cPanel.

Q: Admin login muter terus
A: Folder session PHP tidak writable. Atau cookie diblock.
   Cek cPanel > PHP Options > session.save_path.

Q: "Failed to fetch from ip-api"
A: allow_url_fopen Off. Aktifkan di PHP Options.

Q: Banner image broken (404)
A: GD library belum aktif. cPanel > Select PHP Version >
   centang gd > Save.

Q: Folder cache/ tidak terbuat otomatis
A: Parent folder (api/) tidak writable. CHMOD 755.
   Atau buat manual via File Manager + CHMOD 755.

Q: Admin > System Check semua FAIL
A: Path antara admin/ dan server/ tidak sebagai sibling.
   Cek saas_config.php > 'admin_data_path' isi manual:
   'admin_data_path' => '/home/USER/public_html/manage/data',


----------------------------------------------------------------
I. SECURITY HARDENING
----------------------------------------------------------------

[1] Password Admin
    Minimal 20 karakter random.
    Generate via: bin2hex(random_bytes(15))

[2] HTTP Auth tambahan di /manage/
    cPanel > Directory Privacy > public_html/manage/
    Set username + password.
    Owner butuh DUA login (HTTP Basic + form admin).

[3] IP Whitelist (opsional)
    cPanel > IP Blocker
    Atau di .htaccess /manage/:
       Require ip 1.2.3.4

[4] Disable testkey123
    Edit saas_config.php
    Hapus baris 'testkey123' => '*'
    Hanya pakai keys dari admin panel.

[5] HTTPS only
    .htaccess (di api/ dan manage/):
       RewriteCond %{HTTPS} off
       RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


----------------------------------------------------------------
J. BACKUP & MAINTENANCE
----------------------------------------------------------------

Backup harian (wajib):
   - public_html/manage/data/         (semua per-client data)
   - public_html/api/saas_config.php  (config api keys)

Backup mingguan:
   - public_html/api/                 (semua file engine)
   - Setting cPanel

Tools backup:
   - cPanel > Backups > Generate
   - JetBackup (kalau hosting menyediakan)
   - Script cron rsync ke external storage

Log monitoring:
   - public_html/api/saas_access.log
   - Cek size berkala, archive kalau > 50MB


----------------------------------------------------------------
K. UPGRADE / UPDATE TEMPLATE
----------------------------------------------------------------

Untuk update template (CSS, struktur HTML, dll):

[1] Edit file di public_html/api/ langsung via File Manager
[2] Atau upload file baru replace lama
[3] Tidak perlu touch file di client domain mana pun
[4] Semua client otomatis dapat update

JANGAN ganti file di public_html/api/ ini saat update:
   - saas_config.php (configurasi & API keys)
   - list.txt        (kalau master template ingin tetap)
   - cache/          (akan di-regenerate)


================================================================
                 Semoga sukses jualan SaaS!
================================================================
