bext Cloud Platform
The bext cloud platform at cloud.bext.dev provides a web dashboard and API for managing your bext servers, sites, domains, SSL certificates, and deployments.
Key Features
- Agency/client model — Organize sites by client for web agencies
- WordPress management — PHP version, FPM pool status, per-site config
- SSL monitoring — Certificate expiry tracking, auto-renewal status
- Server health — Live CPU, memory, disk, service status
- Multi-provider deploys — Deploy to bext instances, DigitalOcean, Hetzner, Fly.io, and more
- Team collaboration — Invite members with role-based access
- GitHub auto-deploy — Webhook integration for push-to-deploy
Getting Started
1. Authenticate the CLI
bext login
This opens your browser for OAuth authentication via WorkOS. After login, credentials are stored in ~/.bext/credentials.json.
2. Sync your server
If migrating from nginx:
sudo bext nginx sync-cloud
This registers all your sites in the cloud dashboard with full metadata:
- Domain names and SSL certificate expiry dates
- PHP-FPM socket paths and PHP versions
- Document roots and proxy upstream targets
- Framework detection (WordPress, Laravel, Symfony, Node.js)
3. View your dashboard
Visit cloud.bext.dev/dashboard to see all your sites, grouped by client.
Agency / Client Model
bext cloud is designed for web agencies that manage multiple client websites.
Agency (billing entity)
├── Client A
│ ├── site-a.com (WordPress 8.4)
│ └── site-b.com (WordPress 8.4)
├── Client B
│ ├── app.client-b.com (Next.js proxy)
│ └── api.client-b.com (Hono proxy)
└── Client C
└── client-c.fr (WordPress 8.1)
Roles
| Role | Description |
|---|---|
| Agency owner | Full access to all clients and sites, billing management |
| Agency member | Access to assigned clients and sites |
| Super admin | Platform-wide access (bext team only) |
Managing clients
# Via API
curl -H "Authorization: Bearer $TOKEN" \
https://cloud.bext.dev/api/agency/clients
# Create a new client
curl -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "New Client", "email": "client@example.com"}' \
https://cloud.bext.dev/api/agency/clients
Or use the dashboard at /dashboard/clients/{id} for a visual overview.
API Reference
All API endpoints accept Authorization: Bearer <token> headers. Tokens are obtained via bext login or created at /api/auth/tokens.
Authentication
| Endpoint | Method | Description |
|---|---|---|
/api/auth/whoami |
GET | Verify token, get user info |
/api/auth/tokens |
GET | List CLI tokens |
/api/auth/tokens |
POST | Create new token |
/api/auth/tokens/:id |
DELETE | Revoke token |
Projects
| Endpoint | Method | Description |
|---|---|---|
/api/projects |
GET | List all projects |
/api/projects |
POST | Create project |
/api/projects/:id |
GET | Project details |
/api/projects/:id |
DELETE | Delete project |
/api/projects/:id/domains |
GET | List domains |
/api/projects/:id/domains |
POST | Add domain |
/api/projects/:id/domains/:did |
DELETE | Remove domain |
/api/projects/:id/php-pool |
GET | PHP-FPM pool info |
/api/projects/:id/ssl |
GET | SSL certificates |
/api/projects/:id/logs |
GET | Recent logs |
/api/projects/:id/metrics |
GET | Metrics |
/api/projects/:id/members |
GET/POST | Team members |
/api/projects/:id/deploys |
GET/POST | Deployments |
/api/projects/:id/deploys/:did/rollback |
POST | Rollback deploy |
/api/projects/:id/deploys/:did/cancel |
POST | Cancel deploy |
/api/projects/:id/webhook |
GET/POST | GitHub webhook config |
Agency
| Endpoint | Method | Description |
|---|---|---|
/api/agency |
GET | Agency info + stats + clients |
/api/agency |
POST | Create agency |
/api/agency/clients |
GET | List clients |
/api/agency/clients |
POST | Create client |
/api/agency/clients/:id |
GET/PUT/DELETE | Client CRUD |
Billing
| Endpoint | Method | Description |
|---|---|---|
/api/billing |
GET | Subscription + usage |
/api/billing/subscription |
POST | Update tier |
nginx Import
| Endpoint | Method | Description |
|---|---|---|
/api/import/nginx |
POST | Batch import from nginx config |
/api/import/nginx/snapshot |
GET | Current project snapshot |
/api/import/nginx/remove |
POST | Remove imported projects |
Admin (super admin only)
| Endpoint | Method | Description |
|---|---|---|
/api/admin/stats/extended |
GET | Platform stats (WP count, SSL expiring, etc.) |
/api/admin/projects |
GET | All projects |
/api/admin/domains |
GET | All domains with SSL status |
/api/admin/ssl/expiring |
GET | Expiring SSL certs |
/api/admin/users |
GET | All users |
Server Health Monitoring
bext masquerade mode exposes health endpoints on the server itself (localhost only):
| Endpoint | Description |
|---|---|
/__bext/health |
Basic health: vhost count, requests, connections |
/__bext/api/health/detailed |
CPU load, memory %, disk usage |
/__bext/api/services |
systemd service status (nginx, PHP-FPM, MySQL, Redis) |
/__bext/api/ssl/certs |
All Let's Encrypt certificates with expiry |
/__bext/api/vhosts |
Active virtual host listing |
/__bext/api/php-fpm/status |
PHP-FPM pool sockets |
The cloud admin dashboard at /admin/server displays this data in a visual dashboard.