WoneCloud

Built for every stack

Five stack patterns. One platform. Automatic provisioning, security, and monitoring for every runtime.

Stack Patterns

PHP-LEMP

The workhorse of the web. nginx + PHP-FPM pools (8.1–8.4 selectable) + MariaDB + Redis. Composer + WP-CLI included. RASP hooks intercept mysqli_query, PDO::exec, and eval().

  • PHP 8.1 / 8.2 / 8.3 / 8.4
  • Per-site FPM pool (ondemand)
  • MariaDB + Redis
  • Composer + WP-CLI

Node.js

nginx reverse proxy to localhost port. PM2 or systemd managed. PostgreSQL, MariaDB, MongoDB, or Redis. npm/yarn/pnpm + build step. WebSocket support via nginx upgrade.

  • Node 18 / 20 / 22
  • PM2 process management
  • WebSocket proxy
  • npm / yarn / pnpm

Python

Gunicorn or Uvicorn via Unix socket. Python venv + pip/poetry. PostgreSQL, MariaDB, or Redis. ASGI for WebSockets. RASP hooks intercept os.system() and SQLAlchemy execute.

  • Gunicorn / Uvicorn
  • venv + pip / poetry
  • ASGI WebSockets
  • PostgreSQL / MariaDB

Static & JAMstack

nginx static file server. Build pipeline for Hugo, Jekyll, Eleventy, or Vite. Cache headers + gzip/brotli. Optional edge functions (QuickJS runtime). No DB required.

  • Hugo / Jekyll / Vite
  • Cache headers + brotli
  • Edge functions
  • Zero DB overhead

Universal Container

Custom Dockerfile or Docker Compose. Isolated Docker network. Volume mounts from /home/{site}. Any language, any stack. Warden still filters at eBPF level.

  • Docker + Compose
  • Isolated network
  • Any language/stack
  • eBPF filtering persists

Infrastructure

Warden Security Engine

Rust eBPF/XDP security daemon on every managed server. Blocks known-bad IPs before TCP handshake. Behavioral scoring, global threat mesh, honeypot layer, and RASP hooks.

  • XDP drop at NIC
  • 6 threat intel feeds
  • JA3 + timing analysis
  • Honeypot endpoints

Per-Site Isolation

One Linux user per site. One cgroup per site. One PHP-FPM pool per site. One MariaDB DB + user per site. One nginx vhost per site. Warden eBPF per site.

  • Linux user + cgroup
  • Per-site FPM pool
  • Isolated DB user
  • Per-site eBPF

Full Email Stack

Postfix MTA + Dovecot MDA + Rust Email Controller. ML spam engine (transformer-based). React webmail client with real-time WebSocket. PGP support. Auto DKIM/SPF/DMARC.

  • Postfix + Dovecot
  • ML spam classification
  • React webmail
  • Auto DKIM rotation

Database Management

MariaDB, PostgreSQL, MongoDB, and Redis. One instance per managed server, many isolated databases. Web-based DB manager. Slow query monitoring. Remote access toggle.

  • MariaDB + PostgreSQL
  • MongoDB + Redis
  • Web-based manager
  • Performance stats

Monitoring & Alerting

Agent collects metrics every 10s. Hub aggregates. Customer dashboard shows usage vs plan limits. Alert on CPU, RAM, disk, and downtime thresholds.

  • 10s metric collection
  • Usage vs plan limits
  • Threshold alerts
  • Historical graphs

Backups & Recovery

BorgBackup + MinIO. Encrypted, deduplicated, compressed. Every 6 hours (full), every hour (DB). 30-day retention. Cross-server replication. One-click restore.

  • BorgBackup + MinIO
  • Encrypted + deduplicated
  • 30-day retention
  • One-click restore

Ready to forget about infrastructure?

Join the hosting platform that protects your sites before attacks happen. Deploy your first site in under 60 seconds.