Hybrid HostGator-to-Azure Migration
Planned and partially executed migration from shared cPanel hosting to a security-hardened, VNet-segmented Azure environment — with AI agent compute, WordPress hosting, and multi-provider opencode pipelines.
Back Story
Five live domains, all sharing one HostGator cPanel account. That works — until it doesn't. Shared hosting means shared resources, no SSH access (limited to cPanel's terminal), no custom server configuration, and no ability to run persistent agent processes like opencode for autonomous build pipelines.
The migration plan was to move selectively — keep some domains on HostGator (especially those with established traffic), move others to Azure VMs (where full server control and AI agent compute are needed), and manage DNS uniformly through Cloudflare so the transition is invisible to visitors.
The Build
- Provisioned VM1 (Standard_DC2s_v3, 2 vCPU, 16GB RAM) in Germany West Central — the primary web + agent host running nginx, PHP 8.3-FPM, MariaDB 11.4, HestiaCP, and Fail2Ban.
- Provisioned VM2 — worker1 (Standard_DC1s_v3, 1 vCPU, 8GB RAM) — a private (no public IP) background compute node reachable only from VM1 over internal VNet. Dual-provider opencode config: EpsilonCode + Synterolink (text + image models).
- Deployed nay-na.com as the pilot migration — WordPress with Kadence theme, Let's Encrypt SSL, and opencode v1.17.9 with Epsiloncode (claude-opus-4-8) for autonomous build tasks.
- Hardened NSG rules: SSH restricted to the home IP range (88.97.176.0/24), web ports (80, 443) and HestiaCP (8083) open globally.
- Established a global config pattern (AGENTS.md) and oh-my-openagent for consistent agent behaviour across VM1 and VM2.
- Installed opencode-supermemory plugin — a persistent cross-session memory layer that retains context between agent sessions, reducing re-orientation overhead.
Headline Tasks
- VM provisioning with VNet segmentation — VM2 has no public IP, reducing attack surface.
- HestiaCP admin panel for web hosting management (equivalent to cPanel but self-hosted).
- WordPress + SSL deployed on VM1 for nay-na.com pilot.
- Dual-provider opencode config on both VMs — epsilon + synterolink + synterolink-images + notokenlimit + naga.
- Global AGENTS.md deployed — consistent agent instructions across all sessions and workspaces.
- Cloudflare DNS management for all 5 domains — API token with OAuth permissions (DNS edit token needed for zone changes).
