Preflight Dashboard
The preflight dashboard is a web UI that shows everything bext detected from your nginx config. It runs locally and helps you verify the migration before making any changes.
Launch
sudo bext nginx-takeover [--port 9999] [--nginx-config /etc/nginx/nginx.conf]
If no config path is provided, bext auto-detects the nginx installation. The dashboard starts on 127.0.0.1 (loopback only, for security) and prints a terminal banner:
╔══════════════════════════════════════════╗
║ bext nginx Preflight ║
╠══════════════════════════════════════════╣
║ Config: /etc/nginx/nginx.conf ║
║ Vhosts: 12 ║
║ SSL Certs: 8 ║
║ Upstreams: 3 ║
║ Warnings: 2 ║
║ Checks: 7 pass / 1 warn / 0 fail ║
╠══════════════════════════════════════════╣
║ Dashboard: http://127.0.0.1:9999 ║
╚══════════════════════════════════════════╝
Dashboard Sections
Stats Grid
At-a-glance counts: virtual hosts, SSL certificates, upstreams, and conversion warnings.
Preflight Checks
Eight automated checks with pass/warn/fail status:
| Check | Critical | Description |
|---|---|---|
| Config Parsed | Yes | nginx.conf parsed without errors |
| SSL Certs Accessible | Yes | All referenced certificate files are readable |
| nginx Running | No | Whether nginx is currently active |
| Port Availability | Yes | Ports 80/443 will be available after nginx stops |
| Root Directories | No | All document roots exist on disk |
| Upstream Backends | No | Backend servers are reachable |
| Process Permissions | Yes | Running as root (needed for ports < 1024) |
| systemd Available | Yes | systemd is present for service management |
Critical checks must pass before takeover is allowed.
Virtual Hosts
Collapsible list of every detected virtual host showing:
- Server names with tags (exact, wildcard, regex, default)
- Listen ports with SSL/HTTP2 badges
- Document root path
- Location blocks table (pattern, match type, action)
- TLS certificate paths
- Rewrite rules and conditionals
- Error pages
Upstreams
Table of upstream blocks with:
- Upstream name
- Load balancing strategy
- Server list with weights, backup/down status
Conversion Warnings
List of unsupported or partially supported directives with file path and line number.
Action Bar
- Take Over button — disabled if any critical check fails. Requires confirmation dialog.
- Rollback button — hidden until takeover is active. Also requires confirmation.
- Refresh — re-runs all checks and reloads the dashboard.
API Endpoints
The dashboard also exposes a JSON API:
| Endpoint | Method | Description |
|---|---|---|
/ |
GET | Dashboard HTML page |
/api/preflight |
GET | Full config + checks as JSON |
/api/status |
GET | Current phase, uptime, errors |
/api/takeover |
POST | Execute the migration |
/api/rollback |
POST | Restore nginx |
/api/refresh-checks |
POST | Re-run all preflight checks |
Example: Preflight JSON
curl http://127.0.0.1:9999/api/preflight | jq
{
"phase": "preflight",
"can_takeover": true,
"checks": [
{ "id": "config_parsed", "name": "Config Parsed", "status": "pass", "details": "12 vhosts, 3 upstreams", "critical": true },
{ "id": "ssl_certs", "name": "SSL Certs Accessible", "status": "pass", "details": "8 certs loaded", "critical": true }
],
"vhosts": [...],
"upstreams": [...],
"warnings": [...]
}
Security
- The dashboard binds to 127.0.0.1 only — not accessible from the network
- All POST actions require confirmation
- The takeover API checks for critical failures before proceeding
- Rollback is always available after takeover