README.md

# cameleer-website

Marketing site for [cameleer.io](https://www.cameleer.io) — zero-code observability for Apache Camel.

This is a **static** Astro 5 site. Hosted on Hetzner Webhosting L, fronted by Cloudflare, deployed via Gitea Actions.

## Development

```bash
npm ci
npm run dev       # http://localhost:4321
npm run test      # vitest — auth config + middleware header tests
npm run build     # produces dist/
npm run preview   # serves dist/
```

## Quality gates (run in CI)

```bash
npm run lint:html     # html-validate on dist/
npm run lint:links    # linkinator on dist/
npm run lh            # Lighthouse CI (>=0.95 on all 4 categories)
```

## Environment variables

See `.env.example`. All are `PUBLIC_*` (build-time, embedded in HTML).

| Var | Purpose |
|-----|---------|
| `PUBLIC_AUTH_SIGNIN_URL` | Logto sign-in URL (redirected to by "Sign in" buttons) |
| `PUBLIC_AUTH_SIGNUP_URL` | Logto sign-up URL (redirected to by "Start free trial") |
| `PUBLIC_SALES_EMAIL` | Sales email (`mailto:` target for "Talk to sales") |

## Deployment

**Manual trigger only.** Merging to `main` does NOT auto-deploy. To ship: Gitea → **Actions → deploy → Run workflow** on `main`. The workflow runs tests, builds, then `rsync`s `dist/` to Hetzner over SSH (ed25519 key on port 222, host-key-pinned), and post-deploy curls the live site to verify security headers.

Rollback: trigger the deploy workflow on the previous `main` commit (Actions UI lets you pick a ref).

### Placeholder mode

To put the site into "back shortly" mode, trigger Gitea → **Actions → deploy-placeholder → Run workflow**. To bring the real site back, trigger **Actions → deploy → Run workflow** on the desired `main` commit. Both workflows share the `deploy-production` concurrency group, so they can never run simultaneously.

The placeholder is hand-authored static HTML in `placeholder/` and does NOT depend on `npm`/`astro build` — it is deliberately decoupled from the main build so it can ship even when that build is broken.

**Scope note.** The placeholder serves HTTP 200 (not 503), so Cloudflare's edge will cache it normally. This is fine for short planned maintenance windows. For longer outages or incident fallback, purge Cloudflare's cache (or set a short-TTL Cache Rule for the maintenance window) before triggering recovery via `deploy.yml`, otherwise the edge may serve the placeholder past recovery until TTL expires.

**Security headers** (HSTS, CSP, X-Frame-Options, etc.) are owned by **Cloudflare Transform Rules**, not by anything in this repo. Hetzner Webhosting L ignores file-based `.htaccess` (`AllowOverride None`), so origin-side header config is impossible from code. See `OPERATOR-CHECKLIST.md` §2.

See [`OPERATOR-CHECKLIST.md`](./OPERATOR-CHECKLIST.md) for the one-time Hetzner + Cloudflare setup.

## Design & plan

- `docs/superpowers/specs/2026-04-24-cameleer-website-design.md` — the approved spec.
- `docs/superpowers/plans/2026-04-24-cameleer-website.md` — the implementation plan that built this repo.
Add README and operator checklist for Hetzner + Cloudflare + Gitea setup 2026-04-24 17:25:53 +02:00			`# cameleer-website`

			`Marketing site for [cameleer.io](https://www.cameleer.io) — zero-code observability for Apache Camel.`

			`This is a static Astro 5 site. Hosted on Hetzner Webhosting L, fronted by Cloudflare, deployed via Gitea Actions.`

			`## Development`

			```bash
			`npm ci`
			`npm run dev # http://localhost:4321`
			`npm run test # vitest — auth config + middleware header tests`
			`npm run build # produces dist/`
			`npm run preview # serves dist/`
			```

			`## Quality gates (run in CI)`

			```bash
			`npm run lint:html # html-validate on dist/`
			`npm run lint:links # linkinator on dist/`
			`npm run lh # Lighthouse CI (>=0.95 on all 4 categories)`
			```

			`## Environment variables`

			See `.env.example`. All are `PUBLIC_*` (build-time, embedded in HTML).

			`\| Var \| Purpose \|`
			`\|-----\|---------\|`
			\| `PUBLIC_AUTH_SIGNIN_URL` \| Logto sign-in URL (redirected to by "Sign in" buttons) \|
			\| `PUBLIC_AUTH_SIGNUP_URL` \| Logto sign-up URL (redirected to by "Start free trial") \|
			\| `PUBLIC_SALES_EMAIL` \| Sales email (`mailto:` target for "Talk to sales") \|

			`## Deployment`

docs+ci: own security headers at Cloudflare, drop dead .htaccess path Hetzner Webhosting L runs Apache with AllowOverride None on the user docroot, so file-based .htaccess is silently ignored — directives in public/.htaccess never applied. Confirmed via direct-origin tests: neither Header, Rewrite, nor FilesMatch fired regardless of the file being present and readable. The only origin-side override path on this tier is konsoleH's per- directory Serverkonfiguration UI, which writes to a separate Apache config file outside the user's filesystem (and thus outside any deploy pipeline). Make the architecture honest: - Delete public/.htaccess (dead code Apache never reads). - Remove the "Copy .htaccess into dist" CI step (now a no-op). - Update deploy.yml header comment to point at Cloudflare for headers. - Update OPERATOR-CHECKLIST.md §1 with the three Webhosting-L gotchas: port 222 for SSH, SFTP_PATH must match the actual vhost docroot (default is bare public_html/), and AllowOverride None. - Update §5 to reflect manual workflow_dispatch (no auto-deploy on push) and 5-header expectation. - Update README.md deploy section likewise. Headers (HSTS, CSP, XFO, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) are now owned by Cloudflare Transform Rules, documented in OPERATOR-CHECKLIST.md §2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 23:04:09 +02:00			Manual trigger only. Merging to `main` does NOT auto-deploy. To ship: Gitea → Actions → deploy → Run workflow on `main`. The workflow runs tests, builds, then `rsync`s `dist/` to Hetzner over SSH (ed25519 key on port 222, host-key-pinned), and post-deploy curls the live site to verify security headers.

			Rollback: trigger the deploy workflow on the previous `main` commit (Actions UI lets you pick a ref).

docs(readme): add placeholder mode section Documents the deploy-placeholder workflow trigger and the recovery path back to the real site via deploy.yml. 2026-04-25 18:25:30 +02:00			`### Placeholder mode`

			To put the site into "back shortly" mode, trigger Gitea → Actions → deploy-placeholder → Run workflow. To bring the real site back, trigger Actions → deploy → Run workflow on the desired `main` commit. Both workflows share the `deploy-production` concurrency group, so they can never run simultaneously.

			The placeholder is hand-authored static HTML in `placeholder/` and does NOT depend on `npm`/`astro build` — it is deliberately decoupled from the main build so it can ship even when that build is broken.

docs(readme): note Cloudflare cache caveat for placeholder mode The placeholder serves HTTP 200, so Cloudflare's edge will cache it normally. Document the operator action (purge cache or set a short-TTL Cache Rule) needed before recovery for longer outages, so the edge doesn't keep serving the placeholder past recovery. Surfaced by final code review of the feature branch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-25 18:29:02 +02:00			Scope note. The placeholder serves HTTP 200 (not 503), so Cloudflare's edge will cache it normally. This is fine for short planned maintenance windows. For longer outages or incident fallback, purge Cloudflare's cache (or set a short-TTL Cache Rule for the maintenance window) before triggering recovery via `deploy.yml`, otherwise the edge may serve the placeholder past recovery until TTL expires.

docs+ci: own security headers at Cloudflare, drop dead .htaccess path Hetzner Webhosting L runs Apache with AllowOverride None on the user docroot, so file-based .htaccess is silently ignored — directives in public/.htaccess never applied. Confirmed via direct-origin tests: neither Header, Rewrite, nor FilesMatch fired regardless of the file being present and readable. The only origin-side override path on this tier is konsoleH's per- directory Serverkonfiguration UI, which writes to a separate Apache config file outside the user's filesystem (and thus outside any deploy pipeline). Make the architecture honest: - Delete public/.htaccess (dead code Apache never reads). - Remove the "Copy .htaccess into dist" CI step (now a no-op). - Update deploy.yml header comment to point at Cloudflare for headers. - Update OPERATOR-CHECKLIST.md §1 with the three Webhosting-L gotchas: port 222 for SSH, SFTP_PATH must match the actual vhost docroot (default is bare public_html/), and AllowOverride None. - Update §5 to reflect manual workflow_dispatch (no auto-deploy on push) and 5-header expectation. - Update README.md deploy section likewise. Headers (HSTS, CSP, XFO, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) are now owned by Cloudflare Transform Rules, documented in OPERATOR-CHECKLIST.md §2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 23:04:09 +02:00			Security headers (HSTS, CSP, X-Frame-Options, etc.) are owned by Cloudflare Transform Rules, not by anything in this repo. Hetzner Webhosting L ignores file-based `.htaccess` (`AllowOverride None`), so origin-side header config is impossible from code. See `OPERATOR-CHECKLIST.md` §2.
Add README and operator checklist for Hetzner + Cloudflare + Gitea setup 2026-04-24 17:25:53 +02:00
			See [`OPERATOR-CHECKLIST.md`](./OPERATOR-CHECKLIST.md) for the one-time Hetzner + Cloudflare setup.

			`## Design & plan`

			- `docs/superpowers/specs/2026-04-24-cameleer-website-design.md` — the approved spec.
			- `docs/superpowers/plans/2026-04-24-cameleer-website.md` — the implementation plan that built this repo.