← Back to Work Case Study · Cloud Infrastructure

Hybrid HostGator-to-Azure Migration

Planned and partially executed migration from shared cPanel hosting to a security-hardened, VNet-segmented Azure environment — with AI agent compute, WordPress hosting, and multi-provider opencode pipelines.

Repoazure-hostgator
StackAzure, nginx, PHP 8.3, MariaDB, Cloudflare, Fail2Ban
StatusActive — hybrid live
Azure cloud infrastructure

Back Story

Five live domains, all sharing one HostGator cPanel account. That works — until it doesn't. Shared hosting means shared resources, no SSH access (limited to cPanel's terminal), no custom server configuration, and no ability to run persistent agent processes like opencode for autonomous build pipelines.

The migration plan was to move selectively — keep some domains on HostGator (especially those with established traffic), move others to Azure VMs (where full server control and AI agent compute are needed), and manage DNS uniformly through Cloudflare so the transition is invisible to visitors.

The Build

  • Provisioned VM1 (Standard_DC2s_v3, 2 vCPU, 16GB RAM) in Germany West Central — the primary web + agent host running nginx, PHP 8.3-FPM, MariaDB 11.4, HestiaCP, and Fail2Ban.
  • Provisioned VM2 — worker1 (Standard_DC1s_v3, 1 vCPU, 8GB RAM) — a private (no public IP) background compute node reachable only from VM1 over internal VNet. Dual-provider opencode config: EpsilonCode + Synterolink (text + image models).
  • Deployed nay-na.com as the pilot migration — WordPress with Kadence theme, Let's Encrypt SSL, and opencode v1.17.9 with Epsiloncode (claude-opus-4-8) for autonomous build tasks.
  • Hardened NSG rules: SSH restricted to the home IP range (88.97.176.0/24), web ports (80, 443) and HestiaCP (8083) open globally.
  • Established a global config pattern (AGENTS.md) and oh-my-openagent for consistent agent behaviour across VM1 and VM2.
  • Installed opencode-supermemory plugin — a persistent cross-session memory layer that retains context between agent sessions, reducing re-orientation overhead.

Headline Tasks

  • VM provisioning with VNet segmentation — VM2 has no public IP, reducing attack surface.
  • HestiaCP admin panel for web hosting management (equivalent to cPanel but self-hosted).
  • WordPress + SSL deployed on VM1 for nay-na.com pilot.
  • Dual-provider opencode config on both VMs — epsilon + synterolink + synterolink-images + notokenlimit + naga.
  • Global AGENTS.md deployed — consistent agent instructions across all sessions and workspaces.
  • Cloudflare DNS management for all 5 domains — API token with OAuth permissions (DNS edit token needed for zone changes).

Future Scope

Complete the selective migration: recruit2recruit.net and myrecruiter.co.uk moved to Azure VMs for unified infrastructure management. Budget cap enforcement ($2,200/year, alerted at $180/month). Auto-shutdown schedules for non-production hours. IP-restricted SSH (remove the default-allow-ssh NSG rule). Azure Application Gateway and Key Vault for production-grade traffic management and secrets storage. Worker1 remaining tasks: Synterolink API key validation and Phase B orthodox build-out.