CMS Dashboard Installation
& Setup Guide
Complete walkthrough to host your serverless visual AI writer dashboard on Cloudflare Workers. Publish directly to GitHub and manage media seamlessly.
Prerequisites
Ensure you have generated the following keys, accounts, and runtime tools before deploying the CMS:
| Requirement | Source Link | Purpose |
|---|---|---|
| Node.js (v22.12.0+) | nodejs.org | Local compilation environment |
| Cloudflare Account | dash.cloudflare.com | Hosts Worker API, Cache, KV, and R2 assets |
| Google Gemini API Key | aistudio.google.com | Powers AI-assistant writing generation |
| GitHub Account | github.com | Stores blog markdown source files |
| CMS License Key | License Portal | Commercial activation for production environment |
Project Setup
- 1Extract the downloaded
DashboardTemplate.zipfolder to your desired workspace (e.g.,D:\MyBlogDashboard). - 2Open this folder inside **VS Code** (File → Open Folder...).
- 3Open the VS Code Terminal and run the install command to download dependencies:Terminal
$ npm install
Get Cloudflare Account ID
- 1Log in to your Cloudflare Dashboard.
- 2Look at the right sidebar of the homepage under the "Account ID" box (or look inside the address bar URL right after `dash.cloudflare.com/` e.g., `dash.cloudflare.com/d8f76e73...`).
- 3Copy this Account ID string and keep it ready. You will paste it in the `.env` file later.
Set Up KV, R2 & D1 Databases
The dashboard runs serverless on Cloudflare and requires Key-Value storage (KV) for user logins/caches, an S3-compatible bucket (R2) for media files, and a SQL database (D1) for push alert subscriptions.
4.1 KV Namespace Setup (Login Sessions & API Cache)
- In Cloudflare, go to Workers & Pages → KV.
- Click "Create namespace". Name it
dashboard-cacheand click Add. Copy its Namespace ID. - Click "Create namespace" again. Name it
dashboard-sessionsand click Add. Copy its Namespace ID.
4.2 R2 Bucket Setup (Post Banner Uploads)
- In Cloudflare, go to R2 Object Storage → Create bucket.
- Name it (e.g.,
blog-images) and click Create. - Go to your new bucket settings page, scroll down to Public Access, click Connect Domain, and map a subdomain (e.g.,
cdn.yourdomain.com). This will serve as your image CDN URL.
4.3 D1 SQL Database Setup (Subscribers List)
- In Cloudflare, go to Workers & Pages → D1 → Create database.
- Name it
push-dband click Create. - Copy its Database ID (a long UUID string).
Update Wrangler Configurations
Open wrangler.deploy.json in your project. We must bind the databases we created in Step 4 to this configuration file.
{
"name": "my-cms-dashboard",
"kv_namespaces": [
{ "binding": "CACHE_KV", "id": "PASTE_CACHE_KV_ID" },
{ "binding": "SESSION", "id": "PASTE_SESSIONS_KV_ID" }
],
"r2_buckets": [
{ "binding": "BUCKET", "bucket_name": "blog-images" }
],
"d1_databases": [
{
"binding": "DB",
"database_name": "push-db",
"database_id": "PASTE_D1_DATABASE_ID"
}
],
"vars": {
"IMAGE_PUBLIC_BASE_URL": "https://cdn.yourdomain.com",
"BLOG_BASE_URL": "https://www.yourdomain.com",
"CF_ZONE_TAG": "your-cloudflare-zone-id", // Domain Overview -> Zone ID
"BING_INDEXNOW_KEY": ""
}
}Create GitHub PAT Token
Since the CMS writes directly to your blog repository as Markdown files, you must generate a GitHub Personal Access Token (PAT) with repository read/write access.
- Open browser and navigate to github.com/settings/tokens.
- Click "Generate new token" → choose Generate new token (classic).
- Give it a description (e.g.,
blog-cms-token) and check the main `repo` checkbox scope (gives complete control of private repositories). - Scroll down, click "Generate token", and copy the token string immediately.
Attention: GitHub displays classic PAT tokens only once. If you reload or leave the page, you cannot recover it. Copy it to a safe notepad!
Configure Sites Config
Open src/config/sitesConfig.ts in VS Code and link it to your GitHub username and repository name (which holds your Astro static blog):
export const sitesConfig = {
mysite: {
id: "mysite",
name: "My Blog Name",
url: "https://www.yourdomain.com",
gscProperty: "sc-domain:yourdomain.com", // Used for Google Search Console API
githubOwner: "your-github-username",
githubRepo: "your-blog-repo-name", // AstroBlog repository name
branch: "main",
contentPath: "src/content/blog", // Path to markdown posts in blog repo
}
};Configure .env File
Copy `.env.example` in the root folder, rename it to exactly `.env`, and fill in the active keys:
LICENSE_KEY="ASTRO-XXXX-XXXX" // Your CMS commercial license key
GITHUB_PAT="ghp_XXXXXXXXXXXXXXXXXXXX" // Classic PAT token from Step 6
GEMINI_API_KEY="AIzaSyXXXXXXXXXXXXXXXXXX" // Google Gemini AI Studio API key
IMAGE_PUBLIC_BASE_URL="https://cdn.yourdomain.com" // Cloudflare R2 Public URL
CF_ACCOUNT_ID="your-cloudflare-id" // Cloudflare Account ID
# Optional integration keys
PEXELS_API_KEY=""
PIXABAY_API_KEY=""
UNSPLASH_API_KEY=""
GNEWS_API_KEY=""User Login & Password Setup
To protect your CMS backend from unauthorized access, password entries are hashed using the industry-standard **PBKDF2-SHA256** algorithm. The system does not store plain text passwords. Instead, you generate a secure salt-hashed string and register it inside a JSON array configuration called `USERS_JSON`.
How Hashing Works in this CMS:
The local hashing script uses the built-in Node.js crypto module to perform 100,000 PBKDF2 iterations with a key length of 32 bytes and a randomly generated cryptographically strong 16-byte salt. At login, the server retrieves the salt, re-hashes the incoming request password, and compares it in constant-time to avoid timing attacks.
Step 9.1: Generate Your Secure Password Hash
In your VS Code terminal, run the password-hashing command (replace MySecurePassWord123 with your actual desired password):
$ node scripts/hash-password.mjs "MySecurePassWord123"This command outputs a string formatted as salt_in_hex:hash_in_hex (e.g., a7b3c2...:9d8e1f...). Copy this entire line.
Step 9.2: Formulate the USERS_JSON Array & Configure Local Login
The system reads user accounts from a JSON array string. You can declare a single user or multiple users by adding objects with keys email, hash, and role.
[{"email":"admin@yourdomain.com","hash":"PASTE_YOUR_GENERATED_HASH_HERE","role":"admin"}][
{"email":"admin@yourdomain.com","hash":"hash_1","role":"admin"},
{"email":"editor@yourdomain.com","hash":"hash_2","role":"editor"}
]Open your local `.env` file and paste the single-line representation of this JSON array under `USERS_JSON`:
USERS_JSON='[{"email":"admin@yourdomain.com","hash":"a7b3c2...:9d8e1f...","role":"admin"}]'Step 9.3: Set Up Cloudflare Production Secret
To secure production credentials, environment files are not loaded directly on the server. You must set this JSON configuration as an encrypted Worker secret in Cloudflare by executing the command below in your dashboard root directory:
$ npx wrangler secret put USERS_JSON -c wrangler.deploy.jsonWhen prompted, paste the entire JSON string (e.g., [{"email":"admin@yourdomain.com","hash":"a7b3c2...:9d8e1f...","role":"admin"}]) and press Enter.
Google OAuth & GSC Setup (Optional)
To inspect article indexing state or request immediate indexing directly from the CMS using the Google Search Console API, follow these setup steps:
10.1: Create OAuth Credentials
- Go to the Google Cloud Console.
- Enable the "Google Search Console API".
- Go to **Credentials** → **Create Credentials** → **OAuth Client ID**.
- Set application type to **Web application**.
- Under **Authorized redirect URIs**, add exactly:
http://localhost:4321/oauth2callback. - Click Create, then copy your **Client ID** and **Client Secret** and add them to your local `.env`.
10.2: Get Google Refresh Token
Run the OAuth callback helper script in your local dashboard terminal:
$ npm run get-refresh-tokenThis spins up a temporary server and prints a URL link. Open the link, sign in to your Google Account containing the GSC property, grant permissions, and the callback script will automatically write the `GOOGLE_REFRESH_TOKEN` key directly into your `.env` file!
10.3: Save Secrets to Cloudflare
Upload the OAuth client details as secure secrets to Cloudflare Workers for the live dashboard:
$ npx wrangler secret put GOOGLE_CLIENT_ID -c wrangler.deploy.json
$ npx wrangler secret put GOOGLE_CLIENT_SECRET -c wrangler.deploy.json
$ npx wrangler secret put GOOGLE_REFRESH_TOKEN -c wrangler.deploy.jsonAdditional APIs (Optional)
11.1 Bing Indexing Checks & IndexNow Pings
This integration enables the CMS to fetch search impressions data from Bing and submit newly generated articles directly using the instant IndexNow indexing protocol.
- Log in to Bing Webmaster Tools.
- Go to Settings (Gear Icon) → API Access → API Key. Click generate and copy the key string.
- Paste it in your local `.env` file as `BING_WEBMASTER_API_KEY`.
- Save it on Cloudflare for production:
npx wrangler secret put BING_WEBMASTER_API_KEY -c wrangler.deploy.json.
11.2 Stock Image APIs (Unsplash, Pexels, Pixabay) & GNews API
The dashboard comes with an integrated media generator that fetches copyright-free high-resolution banner images and crawls news sources to generate blog posts.
A. Unsplash Integration
- Visit unsplash.com/developers and register a developer account.
- Go to Your Apps → New Application, accept terms, name it (e.g., `MyBlogCMS`), and click Create.
- Scroll to the Keys section and copy the Access Key.
- Add to `.env` as `UNSPLASH_API_KEY` and to production via `npx wrangler secret put UNSPLASH_API_KEY -c wrangler.deploy.json`.
B. Pexels Integration
- Register on pexels.com/api.
- Go to the Developer section, click "Request API Key", fill out the simple app details, and copy the key.
- Add to `.env` as `PEXELS_API_KEY` and to production via `npx wrangler secret put PEXELS_API_KEY -c wrangler.deploy.json`.
C. Pixabay Integration
- Create an account on pixabay.com.
- Navigate to the API documentation at pixabay.com/api/docs/.
- Scroll down to the Parameters section. Under the parameter `key`, your unique API key is printed directly in green text. Copy it.
- Add to `.env` as `PIXABAY_API_KEY` and to production via `npx wrangler secret put PIXABAY_API_KEY -c wrangler.deploy.json`.
D. GNews API (News Sourcing)
- Go to gnews.io and register a free account.
- Copy your API key from the account dashboard overview page.
- Add to `.env` as `GNEWS_API_KEY` and to production via `npx wrangler secret put GNEWS_API_KEY -c wrangler.deploy.json`.
11.3 Firebase Service Account JSON (FCM Notifications)
This CMS includes a built-in JWT generator that communicates with the Google Firebase Cloud Messaging (FCM) v1 API to deliver web push notifications. It is compatible with Cloudflare Workers without using heavy dependencies.
A. Generate Google Service Account Key:
- Log in to Firebase Console and open or create a project.
- Click the gear icon next to "Project Overview" and choose Project settings.
- Select the Service accounts tab.
- Ensure Node.js option is selected under the Firebase Admin SDK section, and click Generate new private key.
- Download the resulting `.json` file to your computer. Open it in a text editor like VS Code and copy its entire contents.
B. Save FCM Service Account Configuration:
For local development, paste the JSON content on a single line in `.env` as `FIREBASE_SERVICE_ACCOUNT_JSON`. For Cloudflare production, run the command:
$ npx wrangler secret put FIREBASE_SERVICE_ACCOUNT_JSON -c wrangler.deploy.jsonPaste the copied JSON text directly when prompted by Wrangler and press Enter.
C. Initialize the D1 Subscribers Database Table:
The push alerts system saves subscription tokens inside your Cloudflare D1 database. To create the necessary database table, run this command in your VS Code terminal:
$ npx wrangler d1 execute push-db --remote --command "CREATE TABLE IF NOT EXISTS push_subscribers (id INTEGER PRIMARY KEY AUTOINCREMENT, token TEXT UNIQUE NOT NULL, created_at DATETIME DEFAULT CURRENT_TIMESTAMP);"Deploy to Cloudflare Workers
Now that wrangler bindings and secrets are configured, execute the local deployment script to publish your dashboard directly to Cloudflare:
$ npm run deployThis will automatically login to Cloudflare via browser if you are not authenticated locally, compile the production bundles, build database schemas, and deploy your live dashboard Worker app.
Verification Tip:
Wrangler will output a dashboard deployment URL (e.g., https://my-cms-dashboard.workers.dev). Navigate to this link in your browser to verify the login screen renders successfully.
Custom Domain Routing
- In Cloudflare dashboard, go to Workers & Pages → Overview and select your deployed Worker dashboard app.
- Navigate to Settings → Domains & Routes → Add → Custom Domain.
- Enter your custom dashboard URL subdomain (e.g.,
dash.yourdomain.com) and click save. Cloudflare will automatically set up the DNS routing records and SSL certifications. - Open
wrangler.deploy.jsonin your project, and append your custom domain route:wrangler.deploy.json"routes": [ { "pattern": "dash.yourdomain.com", "custom_domain": true } ]
Need Help with CMS Setup?
Setting up secure API routes, Google Cloud credentials, and serverless Cloudflare architectures can be complex. Reach out to support if you need help.