================================================================
        TUNNEL SAAS SERVER - Setup di Server Pusat
================================================================

Server pusat adalah tempat semua file project Tunnel utama
dijalankan. Client (banyak domain) cuma proxy ke sini.

----------------------------------------------------------------
1. LOKASI INSTALASI
----------------------------------------------------------------

Letakkan folder 'server/' ini di lokasi web-accessible.

Contoh skenario:

A) Server pusat di subdomain terpisah
   - Pasang di: tunnel-master.com/render/
   - URL endpoint: https://tunnel-master.com/render/render.php

B) Server pusat di subfolder root domain
   - Pasang di: domain-utama.com/saas/
   - URL endpoint: https://domain-utama.com/saas/render.php

C) Server pusat di root domain dedicated
   - Pasang di: api.contoh.com/
   - URL endpoint: https://api.contoh.com/render.php


----------------------------------------------------------------
2. FILE YANG ADA
----------------------------------------------------------------

   render.php          (endpoint utama yang client panggil)
   saas_config.php     (konfigurasi - WAJIB DIEDIT)
   .htaccess           (proteksi file internal)
   README-SERVER.txt   (file ini)
   saas_access.log     (otomatis dibuat - log akses)


----------------------------------------------------------------
3. SETUP (3 LANGKAH)
----------------------------------------------------------------

[1] Edit saas_config.php

    a) Set tunnel_path:

       'tunnel_path' => 'C:/laragon/www/tunnel',
       atau
       'tunnel_path' => '/var/www/tunnel-master',

    Ini adalah PATH ABSOLUT ke folder project Tunnel utama
    (tempat index.php, list.txt, config.php, img.php, dst.
     berada). Server akan render dari sana.

    b) Generate API key untuk tiap client. Di terminal:

       php -r "echo bin2hex(random_bytes(20));"

    Contoh output: a1b2c3d4e5f6...

    c) Daftarkan key + domain client di api_keys:

       'api_keys' => [
           'a1b2c3d4e5f6...' => 'situs-client1.com',
           '9z8y7x6w5v4u...' => 'situs-client2.com',
       ],


[2] Set permission

    - File saas_config.php boleh 644
    - File saas_access.log perlu writable (chmod 666 atau 664
      dengan owner sama dengan web server)


[3] Test endpoint

    Buka URL ini di browser (ganti URL sesuai server Anda):

       https://tunnel-master.com/render/render.php

    Harus muncul: "Invalid API key"
    Itu artinya endpoint hidup. Sekarang client bisa pakai.


----------------------------------------------------------------
4. SERVER MEMBUTUHKAN
----------------------------------------------------------------

   - PHP 7.4+
   - Ekstensi: gd, curl (sama dengan project utama)
   - File project Tunnel utama (lengkap) sudah ada di tunnel_path


----------------------------------------------------------------
5. BAGAIMANA RENDER BEKERJA
----------------------------------------------------------------

Saat render.php menerima request dari client:

   1. Validasi API key dan host
   2. Set $_SERVER['HTTP_HOST'] = host client
   3. Set $_SERVER['REQUEST_URI'] = path client
   4. Set $_SERVER['REMOTE_ADDR'] = IP visitor asli
   5. chdir() ke tunnel_path agar list.txt dst terbaca
   6. include file yang tepat (index.php, about.php, dst.)

Hasilnya: render menggunakan SEMUA logika project Tunnel utama
(SEO, banner, AMP, geo, audit-block, dst.) tapi URL & canonical
otomatis pakai domain client.


----------------------------------------------------------------
6. SHARING LIST.TXT ANTAR-CLIENT
----------------------------------------------------------------

Default: semua client melihat brand yang sama dari list.txt
yang ada di tunnel_path. Berguna kalau Anda mau semua client
punya direktori brand identik.

KALAU MAU PER-CLIENT BEDA LIST:
   - Edit render.php
   - Tambah switch berdasarkan $vHost untuk pilih file list
     berbeda (mis. list_client1.txt, list_client2.txt)
   - Set $_SERVER atau env variable agar index.php baca file
     yang benar


----------------------------------------------------------------
7. PERFORMA & SCALE
----------------------------------------------------------------

Server menerima beban dari SEMUA client. Pertimbangkan:

   - Pasang PHP OPcache (default Laragon: aktif)
   - Cache di sisi client (CACHE_ENABLED di index.php client)
   - Pasang Cloudflare/CDN di depan server pusat
   - Naikkan worker PHP/Apache kalau traffic besar

Image generator (img.php) sudah cache 30 hari di server. Jadi
tiap brand cuma di-generate 1x.


----------------------------------------------------------------
8. CARA TAMBAH CLIENT BARU
----------------------------------------------------------------

   1. Owner client minta API_KEY ke owner server.
   2. Owner server jalankan:
      php -r "echo bin2hex(random_bytes(20));"
   3. Owner server tambahkan ke saas_config.php:
      'KEY-NYA' => 'domain-client.com',
   4. Kirim KEY + URL endpoint ke owner client.
   5. Owner client upload 2 file (index.php + .htaccess) ke
      domain mereka, edit 2 baris di index.php.
   6. Selesai. Halaman langsung tampil di domain client.


----------------------------------------------------------------
9. MONITORING
----------------------------------------------------------------

Cek log akses:

   Linux : tail -f /path/to/saas_access.log
   Windows: Get-Content saas_access.log -Wait -Tail 20

Log berisi: timestamp, host, path, IP visitor, user-agent.


----------------------------------------------------------------
10. ROTATE API KEY
----------------------------------------------------------------

Jika ada key bocor:

   1. Edit saas_config.php, hapus/ganti key tersebut.
   2. Generate key baru.
   3. Kirim key baru ke owner client (dengan cara aman).
   4. Owner client update di index.php mereka.

Sampai client update, request mereka dapat 403 Invalid API key.

================================================================
