We've shipped a series of improvements to the Oh Dear API with this in mind. Every change helps humans too, but we specifically optimized for how agents consume and reason about data.

Historical check runs #

Until recently, our API only returned the latest results for each check. That's fine for a quick status check, but it makes it impossible for an agent to answer questions like "compare yesterday's broken links to today's, show me the diff."

Now you can list all completed runs for any check type:

curl https://ohdear.app/api/monitors/1/checks/broken_links/runs \
    -H "Authorization: Bearer $OHDEAR_TOKEN" \
    -H 'Accept: application/json'

{
  "data": [
    {
      "id": 98765,
      "check_type": "broken_links",
      "result": "succeeded",
      "started_at": "2026-03-17T00:30:00+00:00",
      "ended_at": "2026-03-17T00:53:58+00:00",
      "ohdear_url": "https://ohdear.app/monitors/1234/check/broken-links/report/98765"
    },
    {
      "id": 98710,
      "check_type": "broken_links",
      "result": "failed",
      "started_at": "2026-03-16T00:30:00+00:00",
      "ended_at": "2026-03-16T00:48:12+00:00",
      "ohdear_url": "https://ohdear.app/monitors/1234/check/broken-links/report/98710"
    }
  ]
}

You can filter by date range and result status:

Once you have a run ID, pass it to the check endpoint to get the detailed results from that specific run:

curl "https://ohdear.app/api/broken-links/1?run_id=98710" \
    -H "Authorization: Bearer $OHDEAR_TOKEN"

This works for broken links, mixed content, certificate health, and sitemap checks. Runs are kept for approximately 10 days.

For an agent, the workflow becomes straightforward: list runs, pick two, fetch both, diff the results. That's a powerful debugging tool when you're trying to figure out when a new broken link appeared or when your SSL certificate chain changed.

Dashboard links in every response #

When an agent fetches data from an API, it often needs to show the user where to look for more details. But constructing dashboard URLs from API data is error-prone. Different check types have different URL structures, and an agent would need to know our routing conventions.

We solved this by including an ohdear_url field in every response that links directly to the right dashboard page:

{
  "meta": {
    "run_id": 98765,
    "run_started_at": "2026-03-17T00:30:00+00:00",
    "run_ended_at": "2026-03-17T00:53:58+00:00",
    "ohdear_url": "https://ohdear.app/monitors/1234/check/broken-links/report/98765"
  }
}

The URL points to the exact report page for that specific run. An agent can now say "you have 3 new broken links since yesterday, view the full report" with a link that actually works.

This is a small addition, but it removes a whole category of guesswork. The API tells you exactly where to look.

Documentation URLs and markdown-friendly docs #

Every API response now includes a documentation_url in the links section:

{
  "links": {
    "documentation_url": "https://ohdear.app/docs/features/broken-links-detection"
  }
}

When an agent encounters a response it doesn't fully understand, it can fetch the documentation URL to learn more. And to top it all off, our docs are served as clean markdown when you ask for it.

curl -H 'Accept: text/markdown' \
    https://ohdear.app/docs/features/broken-links-detection

Instead of getting a full HTML page (with navigation, footers, scripts, and all the chrome), the agent gets just the content as markdown. The token savings are significant:

We wrote about the caching challenges we ran into when building this feature. The short version: both Cloudflare and our Laravel response cache needed to learn that Accept: text/markdown requests should get different responses than regular browser requests.

The detection logic is simple. We support two ways to request markdown:

• Append .md to any docs URL: https://ohdear.app/docs/api/monitors.md
• Send the Accept: text/markdown header

Both return plain markdown with a text/markdown content type and a noindex robots tag.

Full list of crawled URLs #

Our broken links endpoint has always returned the URLs that are broken. But sometimes you need the full picture: how many URLs were crawled, how many are internal vs. external, and what types of resources were found.

We've added two new endpoints for this.

Summary gives you the counts without the weight of individual URLs:

curl https://ohdear.app/api/crawled-urls/1/summary \
    -H "Authorization: Bearer $OHDEAR_TOKEN"

{
  "data": {
    "total": 1234,
    "internal": 800,
    "external": 434,
    "by_type": {
      "image": 250,
      "link": 900,
      "og:image": 14,
      "script": 40,
      "stylesheet": 30
    }
  }
}

Details returns the full paginated list (100 per page) with the same fields as the broken links response:

curl https://ohdear.app/api/crawled-urls/1/details \
    -H "Authorization: Bearer $OHDEAR_TOKEN"

Each entry now also includes type (link, image, script, stylesheet, og:image) and error_message fields, so you know exactly what kind of resource failed and why.

Both endpoints support run_id for historical data, just like broken links.

This is particularly useful for agents doing site audits. Instead of just knowing what's broken, they can understand the full scope of a crawl and reason about the ratio of broken to healthy URLs.

What this unlocks #

These changes aren't just incremental API improvements. Together, they create a feedback loop that makes agents more capable when working with Oh Dear.

An agent using Claude Code or Codex can now:

1. List historical runs and compare results across time periods
2. Link users to the right dashboard page instead of generic "check Oh Dear" suggestions
3. Read our documentation as markdown when it needs more context, without wasting tokens on HTML chrome
4. Audit all crawled URLs, not just the broken ones

The pattern we're following is: give the agent everything it needs to be self-sufficient. If it can answer its own questions by following links in the API response, it doesn't need hardcoded knowledge about our URL structure or documentation layout.

We also provide an llms.txt file and a full MCP server for AI assistants that want deeper integration.

Try it out #

If you're building with AI agents and want to integrate site monitoring, here's how to get started:

# List your monitors
curl https://ohdear.app/api/monitors \
    -H "Authorization: Bearer $OHDEAR_TOKEN"

# Check historical broken link runs
curl https://ohdear.app/api/monitors/1/checks/broken_links/runs \
    -H "Authorization: Bearer $OHDEAR_TOKEN"

# Get a crawl summary
curl https://ohdear.app/api/crawled-urls/1/summary \
    -H "Authorization: Bearer $OHDEAR_TOKEN"

# Read our docs as markdown
curl -H 'Accept: text/markdown' https://ohdear.app/docs/api/monitors

All of these changes are live now and documented in our API docs.

Feedback? #

If you run into anything unexpected or have ideas for making the API more agent-friendly, reach out via mattias@ohdear.app or ping @mattiasgeniar or @OhDearApp. We'd love to hear how you're using these features!

That's what skills are for. A skill is a small package of documentation that teaches an AI agent how to use a specific tool. We've built one for Oh Dear.

What this gives you #

Once installed, your AI coding agent can do anything the Oh Dear CLI can do. That covers every endpoint in the Oh Dear API: listing monitors, checking uptime, reviewing broken links, managing maintenance windows, posting status page updates, and more.

You don't need to remember command names or look up parameter syntax. You describe what you want in plain language, and the agent figures out the right commands.

Installing the skill #

Two steps. First, install the Oh Dear CLI if you haven't already:

$ composer global require ohdearapp/ohdear-cli
$ ohdear login

You'll be prompted for your API token. Generate one at your API token page.

Then install the skill:

$ ohdear install-skill

That's it. Your AI agent now knows how to work with Oh Dear.

What you can ask #

Here's where it gets interesting. These are real prompts, not hypotheticals.

"Is example.com up right now?"

The simplest question. The agent runs ohdear get-monitor, checks the status, and tells you. No need to open a browser or switch tabs.

"Compare yesterday's broken links to today's"

This is the kind of task that used to require manual work: opening two reports side by side in the dashboard. Now the agent lists historical runs, fetches both, diffs the results, and tells you exactly which links are new, which got fixed, and which are still broken.

> Compare the broken links from March 17 to March 20 for ohdear.app

Tool calls:
  ohdear list-check-runs --monitor-id=42 --check-type=broken_links --json
  ohdear list-broken-links --monitor-id=42 --run-id=98765 --json
  ohdear list-broken-links --monitor-id=42 --run-id=98710 --json

Result:
  3 new broken links found
  2 links fixed since March 17
  7 persistent broken links across both runs

We built historical check run endpoints specifically to make this kind of workflow possible.

"Start a maintenance window and post a status update"

Deploying? Tell your agent to handle the communication:

> Start a 30-minute maintenance window on ohdear.app
  and post a status update: "Deploying v2.4"

Tool calls:
  ohdear start-maintenance --monitor-id=42
    --field stop_maintenance_after_seconds=1800
  ohdear create-status-page-update
    --field status_page_id=123
    --field title="Deploying v2.4"

Result:
  Maintenance window started (30 min)
  Status page updated: "Deploying v2.4"

No false downtime alerts. Your users see the status update. You stay in your terminal.

"Our checkout is down. Post a status update and snooze the uptime check for 1 hour."

Incident response from your editor. The agent posts the update to your status page and snoozes the check so you're not getting pinged while you're actively fixing the problem.

"Cross-reference sites.csv with our Oh Dear monitors. Which ones are missing?"

This is one of my favorites. The agent reads your file, fetches your monitor list as JSON, compares the two, and tells you which sites aren't being monitored. Try doing that in a web dashboard. 😅

"What do the latest Lighthouse scores look like for my homepage?"

Quick performance check without leaving your editor. The agent fetches the latest Lighthouse report and summarizes the scores for performance, accessibility, best practices, and SEO.

ohdear.app Lighthouse scores (March 22, desktop from Frankfurt):

┌────────────────┬───────┐
│    Category    │ Score │
├────────────────┼───────┤
│ Performance    │ 81    │
├────────────────┼───────┤
│ Accessibility  │ 96    │
├────────────────┼───────┤
│ Best Practices │ 100   │
├────────────────┼───────┤
│ SEO            │ 100   │
└────────────────┴───────┘

Core Web Vitals:
- FCP: 495ms, LCP: 862ms (both good)
- CLS: 0 (perfect)
- TBT: 415ms (the main drag on the performance score)
- TTI: 1.3s

"Show me the certificate health for all my monitors"

Bulk SSL overview. The agent loops through your monitors, checks certificate health on each, and flags anything expiring soon or with chain issues.

All done. Here's the summary:

80 monitors with certificate health enabled. All clear.

- 79 monitors: All certificates healthy, no issues found
- 1 monitor (18953, uptime-checker-bahrain-1): Certificate check hasn't run yet, no data available

Nearest expirations to keep an eye on:
- uptime-checker-frankfurt-2 (11108): Apr 14 (3 weeks)
- uptime-checker-frankfurt-4 (13332): Apr 15
- uptime-checker-paris-4 (13335): Apr 17
- uptime-checker-toronto-2 (13333): Apr 15

These are all Let's Encrypt certs that auto-renew, so nothing to worry about.

The Bahrain node is interesting, it's hosted at the Bahrain AWS datacenter that's been down for a while due to bombing/collatoral damage near the UAE.

How the CLI stays in sync with the API #

One thing worth mentioning: the Oh Dear CLI is auto-generated from our OpenAPI specification. When we add a new API endpoint, it automatically becomes a CLI command. No manual work, no lag between API and CLI.

This is powered by spatie/laravel-openapi-cli, which reads the OpenAPI spec at runtime and generates commands from it. The operation IDs in the spec map directly to CLI command names in kebab-case: listMonitors becomes list-monitors, getCertificateHealth becomes get-certificate-health.

For the skill, this means it always covers the full API surface. If we ship a new endpoint today, the CLI has it tomorrow and the skill can use it immediately.

Lessons from building the skill #

The skill went through several iterations before we landed on something that works well. The commit history tells the story:

First attempt: document everything. We started with exhaustive documentation of every command, every parameter, every output format. The result was a massive prompt that burned through context window tokens.

Second iteration: trim it down. We realized agents are good at discovery. Instead of documenting every flag, we document the patterns: how commands are named, how to use --json for structured output, how to use --help to learn more. The commit message says it well: "let agents auto-discover with enough hints on what's available."

Third iteration: add workflows. Raw command documentation wasn't enough. We added step-by-step workflows for common tasks: investigating downtime, comparing historical data, managing maintenance windows. These give agents a playbook to follow.

Final tweaks: enforce good habits. We added rules like "always use --json when you need to analyze data" and "when you see an ohdear.app URL, use the CLI to fetch the data." These small nudges make the agent significantly more useful in practice.

The takeaway: good skill design isn't about completeness, it's about giving the agent the right level of guidance. Too little and it guesses wrong. Too much and you waste context tokens on information the agent can discover on its own.

You can see the entire SKILL.md and worfklows on Github.

Skills protocol #

The Oh Dear skill uses the Skills protocol, an open standard for teaching AI agents how to use tools. Any agent that supports the protocol can use our skill, not just Claude Code.

Try it #

composer global require ohdearapp/ohdear-cli
ohdear login
ohdear install-skill

Then ask your agent something like "are there any broken links on my site?" and watch it work.

The skill, CLI source, and all documentation are open source at github.com/ohdearapp/ohdear-cli.

Feedback? #

If you run into anything unexpected or have ideas for the skill, reach out via support@ohdear.app or @OhDearApp. We'd love to hear how you're using this.

Three ways to theme your dashboard #

We've added three theme options to your profile settings:

• Light: The classic Oh Dear look you know.
• Dark: A carefully tuned dark palette across the entire app.
• System: Follows your operating system's preference automatically.

Your theme preference is saved to your account, not just your browser. That means it applies on every device, every session, and every tab you open.

No more flashbangs at 3 AM #

When your site goes down at 3 AM and you open the Oh Dear alert from Slack, the last thing you want is a blinding white screen burning your eyes.

If you've set your theme to "dark" or "system" (and your OS is in dark mode), your dashboard stays dark. Always. No matter how you got there, no matter which device you're on. Your eyes will thank you.

We specifically made sure the theme is saved on the profile, not just in a cookie or localStorage. When you click through from a Slack notification at midnight, your dark mode is already waiting for you.

Additional benefit: now that the dashboard is also mobile friendly, you won't only get a good-looking dark mode, but a well-rendered version of any page you visit.

It just looks really good #

Dark mode isn't just a comfort feature. It looks great.

Charts, tables, status indicators, alert boxes, everything got its own carefully chosen dark palette. We didn't just invert colors. We picked backgrounds, borders, text contrasts, and accent colors that feel right together.

Even the performance charts have dedicated dark mode color sets, so your timing breakdowns are just as readable at any hour.

349 files, and a lot of dark: prefixes #

This was a big update. The PR touched 349 files with 2,718 additions and 1,531 deletions across the entire app. Every template, every component, every form, every table needed dark mode variants.

That's the kind of work where agentic coding really shines.

How we built it: AI for the repetitive parts, humans for the creative parts #

If you read our previous post about making Oh Dear mobile-friendly, this will sound familiar. The pattern was the same: let AI handle the tedious, repetitive work, and focus human effort on the parts that actually matter.

The agentic scaffold

We used Claude Code to generate the initial dark mode implementation across the entire codebase. The work was broken down into 8 user stories:

1. Add theme preference to the user model
2. Serve the theme preference to the app layout
3. Build a theme switcher on the profile page
4. Dark mode styles for the app layout shell
5. Dark mode styles for content cards and panels
6. Dark mode styles for form elements
7. Dark mode styles for tables and data displays
8. Dark mode styles for check report pages

Each of these was committed individually, with Claude as co-author. The agent worked through every Blade template, adding dark: Tailwind classes to backgrounds, text colors, borders, shadows, and interactive states. Hundreds of files, thousands of class additions, all done in a single session.

This is where AI is genuinely useful: applying a known pattern (dark:bg-gray-900, dark:text-gray-200, dark:border-gray-700) consistently across 349 files. It's not creative work. It's precise, repetitive, and easy to get wrong if you're doing it by hand.

The human side: getting the colors right

Adding dark: classes is the easy part. Choosing which colors, and making them feel cohesive across the entire app, that's where human judgment comes in. In our case, that human is called Nick.

The initial AI pass gave us structurally correct dark mode. Every element had a dark variant. But the palette didn't feel right. Backgrounds were too dark or too light. Text contrast was inconsistent. Borders disappeared or felt too harsh. The charts looked washed out.

Getting the theme right required sitting with the app, clicking through every page, and fine-tuning values until the whole thing felt intentional. Not just technically correct, but aesthetically coherent.

That's design work, and it's the part AI can't (yet?) do for you. It doesn't know that a particular shade of gray makes a card feel heavy, or that reducing border opacity by 10% makes a table feel lighter. It doesn't have opinions about whether a status indicator should be muted or vibrant in dark mode. Those are judgment calls that need a human eye.

The technical foundation

A few things we got right from the start:

Tailwind's class strategy: We use darkMode: 'class' in our Tailwind config, which toggles dark mode by adding a dark class to the <html> element. This gives us full control and avoids relying solely on the system media query.

No flash on page load: The theme script runs in the <head>, before any content renders. Whether you're in dark or light mode, you'll never see a white flash followed by a dark switch. It's instant.

Real-time system detection: If you've chosen "system" mode, we listen for OS-level theme changes. Switch your Mac to dark mode, and the Oh Dear dashboard follows immediately, no refresh needed.

Persistent preference: Your theme choice is saved to the database via your profile, with a localStorage fallback for immediate application. This means it works everywhere, instantly.

Give it a try #

Dark mode is available now for all Oh Dear users. Head to your profile settings and pick the theme that works for you.

And if you're the type who keeps their phone on dark mode 24/7, just set it to "system" and forget about it. Oh Dear will match your preference automatically.

What changed #

We didn't just slap some media queries on the existing layout. Some parts of the app needed a completely different approach on small screens. Here's what we did:

• New mobile navigation with a floating action button and full-screen menu overlay
• Dedicated mobile card layouts for monitor lists and status pages
• Scrollable tables with a visual hint that there's more to see
• Larger touch targets for toggles, checkboxes, and dropdown items
• Responsive check report pages for uptime, SSL, DNS, performance, broken links, and all other checks
• Mobile-friendly modals, forms, and settings pages

We touched over 160 Blade templates across the entire app.

Optimize mobile views when you need them the most #

We send you alerts when we notice something doesn't seem right. That can be website downtime, broken links, failing scheduled tasks, ... You're probably going to click through on these alerts from inside your Slack, Discord, Teams or any other notification type we offer.

The page you're landing on, likely on your mobile device, needs to be optimized for that unhappy state: you want all the details of the problem we're reporting, at your fingertips.

The new layout is optimized for exactly that: getting all the necessary details, clearly visible, on mobile.

• Tables with multiple columns are replaced by stacked, labeled cards, so nothing gets clipped or overlaps
• Download and action buttons are always visible, never hidden behind menus
• Page headers and action buttons stack naturally instead of wrapping awkwardly
• "Copy to clipboard" icons are available where relevant, to easily share error messages, HTTP headers or reproduction steps with colleagues

When you get that alert that something is down, you're already in a stressful moment. The last thing you need is to fight the UI to find the details. Everything you need to diagnose and communicate the problem is right there, on whatever device you happen to have in your hand.

The floating menu #

On desktop, Oh Dear has a horizontal navbar with dropdowns for switching teams, accessing settings, and navigating between monitors and status pages. That doesn't work on a phone.

Instead of cramming the navbar into a hamburger menu at the top, we went with a floating action button (FAB) fixed to the bottom-right corner. It's always within thumb reach.

<button
    class="fixed bottom-6 right-6 z-[60] flex items-center justify-center
           w-12 h-12 text-white rounded-full transform-gpu bg-primary
           md:hidden shadow-glow-primary"
    @click="$store.appMobileMenu.isOpen = !$store.appMobileMenu.isOpen"
>

Tapping it opens a full-screen overlay with all the navigation options, organized vertically with generous padding for easy tapping. The menu uses an Alpine store ($store.appMobileMenu) as a shared state between the button and the overlay, which keeps things simple.

One nice detail: when the menu is open, we add overflow-hidden to the body so the page behind it doesn't scroll.

<div
    x-data
    x-effect="document.body.classList.toggle('overflow-hidden', $store.appMobileMenu.isOpen);
              document.body.classList.toggle('mobile-menu-open', $store.appMobileMenu.isOpen)"
>

The mobile-menu-open class also repositions our support bubble widget so it doesn't overlap with the menu button.

Two layouts instead of one #

The monitor list is probably the most complex page in the app. On desktop, it's a multi-column table with performance sparklines, issue counts, and a hover-revealed actions menu.

Making that responsive with pure CSS would mean hiding columns, stacking cells, and losing the at-a-glance overview that makes the table useful. So we went with a different approach: render two completely separate layouts and show the right one based on screen size.

{{-- Desktop table layout --}}
<table class="hidden md:table w-full tabular-nums table-fixed">
    @include('app.monitors.list.components.monitorListRow')
</table>

{{-- Mobile card layout --}}
<div class="md:hidden divide-y divide-gray-150">
    @foreach($monitorsInGroup as $monitor)
        @include('app.monitors.list.components.monitorListRowMobile')
    @endforeach
</div>

The mobile card packs the essential info into a vertical layout: status indicator and name on top, tags inline, a mini performance chart below, and check summary messages as a list. Every row has a minimum height of 44px for reliable touch targets.

This is more code to maintain, but the result is clean on both screen sizes. No CSS hacks, no overflow issues, no squished text.

Scrollable tables with a fade hint #

Not every table needed a mobile-specific layout. For simpler tables (DNS records, certificate chains, downtime history), horizontal scrolling works fine. But users need to know the table extends beyond what they can see.

We built a small scrollable-table component that wraps any table and adds a gradient fade on the right edge:

<div
    x-data="{
        canScroll: false,
        atEnd: false,
        check() {
            const el = this.$refs.scroller;
            this.canScroll = el.scrollWidth > el.clientWidth;
            this.atEnd = el.scrollLeft + el.clientWidth >= el.scrollWidth - 1;
        }
    }"
    x-init="check()"
    x-on:resize.window="check()"
>
    <div class="scrollable-table-inner" x-ref="scroller" x-on:scroll="check()">
        {{ $slot }}
    </div>
    <div class="scrollable-table-fade" x-show="canScroll && !atEnd" x-cloak></div>
</div>

The fade automatically disappears once you scroll to the end. It only shows on screens where the table actually overflows, and it's hidden entirely on desktop where tables fit comfortably.

Bigger touch targets #

Small toggles and checkboxes are a constant frustration on mobile. We scaled up all form controls on small screens:

@media (width < theme(--breakpoint-mg)) {
    .check-toggle {
        @apply w-11 h-6;
    }

    [type='checkbox'],
    [type='radio'] {
        height: 1.25rem;
        width: 1.25rem;
    }
}

Dropdown menu items also get extra vertical padding on mobile, bringing them to a comfortable 44px touch height.

Try it out #

If you're an Oh Dear user, open the app on your phone. Everything should just work. Monitor lists, check reports, settings, notifications, status pages, all of it.

If something looks off on your device, let us know at support@ohdear.app or at @OhDearApp on X.

We've shipped DNS blocklist monitoring to catch this early. Oh Dear now checks your domain against 11 major blocklists and notifies you the moment you're listed, with direct links to get removed.

Two kinds of blocklists, two kinds of pain #

Not all blocklists are the same. We monitor two categories:

Security blocklists (RBLs) are the ones that wreck your email deliverability. If your IP or domain appears on Barracuda, SpamCop, SURBL, or URLhaus, email servers will reject or spam-folder your messages. Password resets, order confirmations, support replies: silently gone.

Content filter DNS services block your site entirely for users behind DNS-level filtering. If Quad9, Cloudflare Family, AdGuard, or OpenDNS blocks your domain, anyone using those services (directly, or through tools like Pi-hole and AdGuard Home) simply can't reach you. That's millions of privacy-conscious users, corporate networks, and families with parental controls.

The 11 blocklists we check #

How it works #

For security blocklists, we perform standard DNSBL lookups. IP-based lists like Barracuda get a reversed-IP query against their DNS zone. Domain-based lists like SURBL get a direct domain query. A DNS response means you're listed.

For content filter services, we resolve your domain through each provider's DNS server. If the response is NXDOMAIN or a known block-page IP (like 0.0.0.0 for AdGuard), your domain is blocked by that service.

Checks run daily by default. You can increase the frequency to every 4 hours if you want tighter coverage, or pick specific blocklists instead of monitoring all 11.

What happens when you're listed #

You get a notification through whichever channels you've configured: email, Slack, Discord, Teams, Telegram, PagerDuty, Opsgenie, Pushover, SMS, webhooks, ntfy, or Google Chat.

The notification tells you exactly which blocklist flagged you and why. Your dashboard shows direct links to each provider's delisting form, so you can start the removal process immediately instead of researching where to go. All the info you need, at your fingertips.

When you're removed from all blocklists, you'll get a recovery notification confirming the all-clear.

If you're working on a fix and don't want repeated alerts, you can snooze the check.

It's probably not your fault #

Domains get blacklisted for reasons beyond your control:

• Shared hosting: a neighbor on your IP sends spam, your IP gets flagged
• Domain history: you registered a domain previously owned by bad actors
• IP history: you provisioned a new VM and got an IP that was previously abusive
• Compromised sites: attackers inject content you don't even know about
• Email misconfiguration: missing SPF/DKIM records or an open relay

Regardless of the cause, you need to know fast. The longer you stay listed, the more damage accumulates.

API access #

DNS Blocklist history is also available through our API. Fetch all check results for a monitor:

GET /api/monitors/{id}/dns-blocklist-history-items

Each result includes the checked domain, resolved IPs, and per-provider results with listing status, return codes, and reasons. Full details in our API documentation, or use our PHP-SDK for convenience.

Ready to be enabled by everyone #

DNS blocklist monitoring is available for all monitors. Head to your monitor's settings, enable the DNS Blocklist check, and you're covered. All 11 blocklists are monitored by default.

Read the full documentation for configuration options and remediation guides.

Want to bulk-update this check for all your monitors? Just reach out via support.

We're working with several partners to bring Oh Dear into more products and platforms. Zone and Ploi Cloud are the first two out the door.

What's the reseller program? #

If you run a hosting company, a deployment platform, or an agency managing client sites, you probably want monitoring baked into your product. Building that from scratch is a massive undertaking. Uptime checks from multiple global locations, SSL monitoring, broken link detection, performance tracking, DNS change alerts, cron monitoring... that's years of work.

Our reseller program lets you skip all of that. You integrate with our API, and your customers get the full Oh Dear experience inside your platform. You handle the billing and the relationship with your customer. We handle the monitoring infrastructure.

Zone: monitoring as a native hosting feature #

Zone is one of the largest domain registration and hosting providers in the Baltics, operating in Estonia, Finland and Latvia. They now offer Oh Dear monitoring as a native service to all their customers, covering uptime, SSL certificates, broken links, performance, domain expiry, DNS changes, and cron job monitoring.

Their approach to notifications is seamless: Zone customers get a one-click login into the full Oh Dear dashboard, where they can configure exactly which alerts they want and where they should go. Email, SMS, Slack, webhooks, you name it. The customer controls their own notification preferences directly in Oh Dear, without ever needing to create a separate account.

What we love about Zone's integration: they don't just resell it, they use Oh Dear internally too. When your own hosting provider trusts the same monitoring tool they're offering you, that says something.

"Oh Dear is the easy one to implement, because the API makes sense and is easy to work with."

Kaarel Urva, Chief Project Officer at Zone Media

You can read more about their offering in Zone's announcement post.

Ploi Cloud: three clicks to monitoring #

Ploi Cloud is a deployment platform built for developers. Their Oh Dear integration is beautifully simple: navigate to the Monitoring tab, click "Enable monitoring", and you're done. Uptime checks, SSL monitoring, performance metrics, broken link detection, and mixed content scanning, all running within seconds.

Ploi took a different approach to notifications. Instead of sending users to the Oh Dear dashboard, they receive all monitoring alerts through our webhooks and pipe them into their existing notification system. If you've already set up Slack, Discord, Google Chat, or email notifications in Ploi, your monitoring alerts just show up there too. Nothing extra to configure.

Their team described it well: "This isn't a third-party plugin or a workaround, it's a first-class integration built together."

Check out Ploi Cloud's announcement for the full details.

Built on our reseller API #

Both integrations are powered by our reseller API. It gives partners everything they need to build a seamless experience:

• Team provisioning: create and manage separate client teams programmatically
• User management: add users with roles (admin, member, guest) to each team
• Secure login links: generate time-limited login links so customers can access the full Oh Dear dashboard without creating separate credentials
• Monitor management: create, configure, and manage monitors across all client teams through the standard monitors API

The beauty is in the flexibility. Zone gives their customers direct access to the Oh Dear dashboard through login links, so users can configure their own notification preferences. Ploi keeps everything inside their own platform and uses webhooks to feed alerts into their existing notification channels. Both approaches work, both are valid. You tailor it to what fits your product best.

More to come #

Zone and Ploi Cloud are the first two reseller partners we can publicly share, but there are more in the making. We'll announce them as they go live.

If you run a hosting company, a deployment platform, or a service where website monitoring would be a natural fit for your customers, we'd love to talk. Reach out at support@ohdear.app and we'll walk you through the program.

It worked great in development. Then we deployed, and two separate caching layers broke everything. Here's the journey.

The implementation (surprisingly easy) #

Just last week, we added .md suffixes to all our docs URLs and listed them in our /llms.txt. That felt like a solid approach. A week later, the convention has already moved on. Accept: text/markdown is now the preferred way. It's cleaner HTTP and works with standard content negotiation. We're keeping the .md suffixes for tools that can't set custom headers.

The actual implementation is a small trait:

trait DetectsMarkdownRequest
{
    protected function shouldReturnMarkdown(): bool
    {
        if (str_ends_with(request()->path(), '.md')) {
            return true;
        }

        if (str_contains(request()->header('Accept', ''), 'text/markdown')) {
            return true;
        }

        return false;
    }
}

Each controller just checks this early and returns markdown when needed:

public function __invoke(string $slug = ''): View|RedirectResponse|Response
{
    if (str_ends_with($slug, '.md')) {
        $slug = Str::chopEnd($slug, '.md');
    }

    if ($this->shouldReturnMarkdown()) {
        return $this->markdownResponse($slug);
    }

    // ... regular HTML response
}

That's it. Add the trait, add the early return, done. The markdownResponse() method returns the raw content with the right headers:

return response($markdown, 200, [
    'Content-Type' => 'text/markdown; charset=UTF-8',
    'X-Robots-Tag' => 'noindex',
]);

The savings #

Here's what our pages look like as HTML versus markdown:

What that means in API costs, per request for the Monitor API docs page:

Per request, the difference is small. But agents crawling multiple docs pages per session add up, and there's no reason to ship navigation chrome and script tags to something that just wants the content.

And then production happened.

Cache layer 1: Cloudflare #

Cloudflare caches by URL. It doesn't vary by Accept header. So the first browser visit cached the HTML, and every subsequent request, including Accept: text/markdown, got that cached HTML back.

First instinct: add Vary: Accept. Nope. Cloudflare Free/Pro doesn't respect Vary: Accept for non-image content.

There's a clever workaround using Transform Rules to append a query parameter to markdown requests, giving them a different cache key. Mike Olson wrote a great post about this approach for the Cloudflare Free plan.

We went simpler: a Cloudflare Cache Rule that bypasses cache entirely for markdown requests.

• Rule name: "Do not cache text/markdown requests"
• Expression: any(http.request.headers["accept"][*] contains "text/markdown")
• Action: Bypass cache

Available on all plans, including Free. Why not the Transform Rule? Markdown requests are a tiny fraction of traffic. Bypassing the CDN for those has zero noticeable impact, and the rule is dead simple. Sometimes the boring solution is the right one.

Cache layer 2: spatie/laravel-responsecache #

Fixed Cloudflare. Tested again. Still HTML. What.

We use spatie/laravel-responsecache on our docs routes. First attempt: override shouldCacheRequest() to return false for markdown. Still HTML.

Here's why. The middleware does this on every request:

if enabled() && hasBeenCached($request)
    → return cached response          // our check never runs

if enabled() && shouldCacheRequest($request)
    → store the fresh response         // only controls STORING

shouldCacheRequest() only controls storing, not serving. The cached HTML was already returned before our override ever ran.

The fix: vary the cache key using useCacheNameSuffix(), the documented way to differentiate requests:

public function useCacheNameSuffix(Request $request): string
{
    $suffix = parent::useCacheNameSuffix($request);

    if (str_contains($request->header('Accept', ''), 'text/markdown')) {
        return $suffix.'-markdown';
    }

    return $suffix;
}

HTML and markdown now get separate cache entries. Both cached, both served correctly.

We also added a Vary: Accept middleware on the docs routes. Cloudflare ignores it on our plan, but it's correct HTTP semantics for browsers and other proxies.

What we learned #

1. Vary: Accept doesn't work on Cloudflare Free/Pro. Use Cache Rules with any(http.request.headers["accept"][*] contains "text/markdown") instead.
2. shouldCacheRequest() in spatie/laravel-responsecache only controls storing, not serving. Use useCacheNameSuffix() to vary the cache key.
3. Test with all cache layers enabled. Our local dev had response cache disabled, masking the bug entirely. Worked in dev, failed in prod. Classic.
4. Caching bugs are sneaky. Valid response, wrong variant. No errors, no 500s, nothing in the logs.

Try it out #

# Regular HTML
curl -I https://ohdear.app/docs/api/monitors

# Markdown for AI agents
curl -H 'Accept: text/markdown' https://ohdear.app/docs/api/monitors

# Also works with .md suffix
curl https://ohdear.app/docs/api/monitors.md

Our llms.txt lists all available documentation. This works for feature docs, API docs, FAQ items, and blog posts. Everything a coding agent needs when integrating with Oh Dear.

If you're running Cloudflare + Laravel response cache and want to serve different content based on headers, hopefully this saves you the debugging time we spent on it.

Here's what each part covers:

Part 1: Finding the right queries to fix #

Before you can optimise anything, you need to know what to optimise. This post covers the tools and techniques we use to identify slow queries: Laravel's debug bar for local development, MySQL's slow query log, logging queries that don't use indexes, inspecting currently running queries, and using pt-query-digest to analyse query patterns. We also cover Laravel's built-in lazy loading prevention for catching N+1 issues early.

Read part 1: Finding the right queries to fix →

Part 2: Analysing & fixing the slow queries #

Once you've found the problematic queries, how do you actually fix them? This post dives deep into MySQL indexes: how EXPLAIN works, what each output field means, how to read query execution plans, and how to design effective composite indexes. We cover the difference between full table scans, index scans, and index seeks - and show real examples of queries going from seconds to milliseconds with the right index.

Read part 2: Analysing & fixing the slow queries →

Part 3: Automatic detection & regression testing #

Fixing performance issues is one thing - keeping them fixed is another. This post introduces our open-source package phpunit-query-count-assertions that lets you assert SQL performance in your test suite. Catch N+1 queries, duplicate queries, and missing indexes automatically in CI before they reach production. We've eliminated over 15% of our SQL queries by catching duplicates that slipped through code review.

Read part 3: Automatic detection & regression testing →

Whether you're just starting to think about database performance or looking to prevent regressions in an already-optimised application, there's something in this series for you.

A few weeks ago, we massively improved the performance of the dashboard & website by optimizing our SQL queries. The improvements were significant - but how do we make sure we don't accidentally undo all that work with future code changes?

In this post, you'll see:

• The problem: performance regressions slip through
• The solution: test-driven SQL performance
• Installing the package
• Quick start: the one assertion you need
• Detecting duplicate queries
• Catching N+1 / lazy loading issues
• Verifying index usage
• Query count thresholds
• Multi-connection support
• The paranoid mode: automatic checks on every test
• Real-world results from Oh Dear
• What this won't catch

Let's go!

What these results look like #

Before diving into the tooling, here's what we've achieved by implementing automated SQL performance testing:

We eliminated over 15% of our SQL read queries by catching duplicate queries that slipped through manual code review. These weren't obvious N+1 loops - they were subtle cases where the same query was executed in different parts of the request lifecycle.

We've caught index regressions in CI before they hit production. When a developer removes an index in a migration or writes a query that can't use existing indexes, the tests fail with a clear message explaining why.

The feedback loop is immediate: write code, run tests, see if your queries are efficient. No more waiting for production metrics to reveal problems days or weeks later.

The problem: performance regressions slip through #

Here's a scenario we've all experienced: you spend time optimising queries, ship the improvements, celebrate the faster response times - and then a few weeks later, performance starts degrading again.

Why? Because nothing was preventing new inefficient queries from being introduced. Code review helps, but reviewers don't always catch:

• Duplicate queries executed in different service classes
• Lazy loading that only triggers with certain data combinations
• Missing indexes on new columns added in migrations
• Queries that worked fine on small datasets but don't scale

The problem isn't fixing performance issues - we covered that in parts 1 and 2. The problem is keeping them fixed.

The solution: test-driven SQL performance #

We built a package that lets us assert SQL performance characteristics in our test suite. When tests run (locally or in CI), they fail if queries are inefficient.

The package is called phpunit-query-count-assertions and it's available on GitHub. We've been using it internally at Oh Dear for months, and it's caught more issues than we'd like to admit.

Here's the core idea: wrap your code in a tracking block, then assert that the queries were efficient.

$this->trackQueries();

app(CertificateHealthChecker::class)->perform($run);

$this->assertQueriesAreEfficient();

That single assertion checks for N+1 queries, duplicate queries, and missing indexes - all at once.

Installing the package #

The package requires PHP 8.2+ and Laravel 11 or 12. Install it as a dev dependency:

$ composer require --dev mattiasgeniar/phpunit-query-count-assertions

Then add the trait to your test class:

use Mattiasgeniar\PhpunitQueryCountAssertions\AssertsQueryCounts;

class CertificateHealthCheckTest extends TestCase
{
    use AssertsQueryCounts;
}

That's it. No configuration files, no service providers - just a trait.

Quick start: the one assertion you need #

For most cases, assertQueriesAreEfficient() is all you need. It combines three checks into one:

1. No lazy loading - catches N+1 queries
2. No duplicate queries - same query shouldn't run twice
3. All queries use indexes - no full table scans

Here's a real example from our certificate health checker tests:

public function test_health_checker_is_efficient(): void
{
    // Setup - create test data (these queries aren't tracked)
    $certificate = Certificate::factory()->expired()->create();
    $run = new InMemoryRun();

    // Track only the code under test
    $this->trackQueries();
    app(CertificateHealthChecker::class)->perform($run);
    $this->assertQueriesAreEfficient();
}

The key insight: call trackQueries() after your test setup. Factory calls and seeders execute queries too - we don't want those triggering false positives.

When something fails, you get actionable output:

Query efficiency issues detected:

Lazy loading violations detected:
Violations:
  1. App\Models\Certificate::$site
  2. App\Models\Certificate::$site

Duplicate queries detected:
  1. Executed 2 times: SELECT * FROM sites WHERE id = ?
     Bindings: [42]
     Locations:
       #1: app/Checkers/CertificateHealthChecker.php:67
       #2: app/Checkers/CertificateHealthChecker.php:89

The locations tell you exactly where each query was triggered - no more guessing.

Detecting duplicate queries #

Duplicate query detection is surprisingly powerful. It catches cases that aren't traditional N+1 loops but still waste database resources.

$this->assertNoDuplicateQueries(function () {
    // This code executes the same query twice
    $user = User::find(1);

    // ... 50 lines of other code ...

    $sameUser = User::find(1); // Duplicate!
});

The assertion considers bindings: User::find(1) and User::find(2) are different queries. But User::find(1) called twice is a duplicate.

When we first enabled this at Oh Dear, we found duplicate queries we'd missed in code review. The same Monitor model was being loaded in three different places during a single request - each time fetching from the database instead of reusing the already-loaded instance.

Fixing these duplicates removed over 15% of our SELECT queries.

Catching N+1 / lazy loading issues #

N+1 queries are the classic performance killer. You load a list of models, then loop through them accessing a relationship - triggering a new query for each iteration.

// This will fail
$this->assertNoLazyLoading(function () {
    $sites = Site::all();

    foreach ($sites as $site) {
        echo $site->checks->count(); // N+1 query!
    }
});

The fix is eager loading:

// This will pass
$this->assertNoLazyLoading(function () {
    $sites = Site::with('checks')->get();

    foreach ($sites as $site) {
        echo $site->checks->count();
    }
});

The package uses Laravel's built-in lazy loading prevention under the hood, so it catches exactly what Laravel would catch - but only within your test assertion, not globally.

Ps; if you only need the count, Site::withCount('checks')->get() is even more efficient since it doesn't load the related models at all.

Verifying index usage #

This is where it gets interesting. The package runs EXPLAIN on your queries and checks for performance red flags.

$this->assertAllQueriesUseIndexes(function () {
    Site::where('team_id', 1)->get();
});

If team_id doesn't have an index, you'll see:

Queries with index issues detected:

  1. SELECT * FROM sites WHERE team_id = ?
     Bindings: [1]
     Issues:
       - [ERROR] Full table scan on 'sites'
     Locations:
       #1: tests/Feature/SiteTest.php:42

The severity levels help prioritise:

What gets detected

For MySQL and MariaDB:

• Full table scans (type=ALL)
• Full index scans (type=index)
• Index available but not used
• Using filesort
• Using temporary tables
• Using join buffer (missing index for joins)

For SQLite (useful for fast local tests):

• Full table scans (SCAN table)
• Temporary B-tree usage
• Foreign key constraint check scans

Small table optimisation

Caution: full table scans on tiny tables (< 10 rows) are often faster than index lookups. The package ignores these by default - MySQL's optimiser knows what it's doing on small datasets.

If you need to adjust this threshold:

use Mattiasgeniar\PhpunitQueryCountAssertions\QueryAnalysers\MySQLAnalyser;

self::registerQueryAnalyser(
    (new MySQLAnalyser)->withMinRowsForScanWarning(100)
);

Query count thresholds #

Sometimes you want precise control over how many queries run:

// Exact count
$this->assertQueryCountMatches(3, fn() => $this->loadDashboard());

// Upper bound - useful for "don't make this worse"
$this->assertQueryCountLessThan(10, fn() => $this->loadDashboard());

// Range
$this->assertQueryCountBetween(5, 15, fn() => $this->complexOperation());

// No queries at all (cached responses)
$this->assertNoQueriesExecuted(fn() => $this->getCachedData());

When assertions fail, you see exactly what ran:

Expected 3 queries, got 5.
Queries executed:
  1. [0.45ms] SELECT * FROM users WHERE id = ?
      Bindings: [1]
      Locations:
        #1: app/Services/Dashboard.php:42
  2. [0.32ms] SELECT * FROM sites WHERE user_id = ?
      ...

The timing information helps identify which queries are worth optimising - a 0.3ms query that runs once matters less than a 0.1ms query that runs 100 times.

Multi-connection support #

If your application uses read replicas, separate analytics databases, or tenant-specific connections, you'll appreciate this: trackQueries() captures queries from all database connections by default.

$this->trackQueries();

DB::select('SELECT 1');                         // Tracked
DB::connection('replica')->select('SELECT 2');  // Also tracked

$queries = self::getQueriesExecuted();
// $queries[0]['connection'] === 'mysql'
// $queries[1]['connection'] === 'replica'

Each tracked query includes its connection name, so you can verify queries are hitting the right database.

Filtering to specific connections

Sometimes you want to focus on just one connection - maybe your test setup runs migrations on a different connection that you don't want to count:

// Track only the replica connection
$this->trackQueries('replica');

// Track multiple specific connections
$this->trackQueries(['mysql', 'replica']);

This is useful when:

• Your test setup runs queries on different connections that you don't want to count
• You want to verify that specific queries go to the right connection
• You're debugging connection routing in read/write split setups

At Oh Dear, we generally track all queries, across all connections.

The paranoid mode: automatic checks on every test #

If you want to enforce query efficiency across your entire test suite, you can enable automatic checking in beforeEach and afterEach hooks.

For Pest (in tests/Pest.php):

use Mattiasgeniar\PhpunitQueryCountAssertions\AssertsQueryCounts;

pest()->extend(Tests\TestCase::class)
    ->use(AssertsQueryCounts::class)
    ->beforeEach(fn () => self::trackQueries())
    ->afterEach(fn () => $this->assertQueriesAreEfficient())
    ->in('Feature');

For PHPUnit (in your base test class):

abstract class TestCase extends BaseTestCase
{
    use AssertsQueryCounts;

    protected function setUp(): void
    {
        parent::setUp();
        $this->trackQueries();
    }

    protected function tearDown(): void
    {
        $this->assertQueriesAreEfficient();
        parent::tearDown();
    }
}

I know some will #YOLO this on their entire test suite - don't @ me when hundreds of tests suddenly fail. Consider starting with a subset of critical tests first. Keep in mind this might trigger warnings for queries executed purely during the setup and seeding of the tests, although you can make an argument efficiency matters then, too.

Real-world results from Oh Dear #

Here's what we've caught since implementing this:

Duplicate query in the Scheduled Task Checker: Our scheduled task checker called ->refresh() twice on the main model, to ensure we operate on all the received pings in our checker. This was a legacy from our older setup, before we refactored it to our new setup more than a year ago. The refresh() was needed in the old system, not our new one, so we could safely clean it up. This is hard to spot, because the code never broke, it was just being a little too aggressive in refreshing state.

N+1 in certificate expiry notifications: When sending expiry warnings, we were lazy-loading the team for each certificate instead of eager loading. Only triggered when multiple certificates expired simultaneously - exactly the kind of edge case that slips through manual testing.

The pattern is clear: these aren't bugs that crash the application. They're inefficiencies that slowly accumulate until someone notices "the app feels slower than it used to."

What this won't catch #

Let's be honest about the limitations. This package catches a lot, but it's not a silver bullet.

Small dataset blindspot: By default, the package ignores full table scans on tables with fewer than 10 rows. MySQL's optimiser often chooses to scan tiny tables because it's faster than an index lookup. This means your tests - which typically have small datasets - might pass while production (with millions of rows) suffers.

EXPLAIN isn't execution: The index analysis runs EXPLAIN on your queries, which shows MySQL's plan, not what actually happened. In rare cases, the plan and reality diverge - especially with complex joins or when statistics are stale.

Timing is unreliable in tests: Query timing assertions (assertMaxQueryTime) work, but test databases are usually local SSDs with no contention. A query that runs in 5ms locally might take 500ms in production under load.

You need representative test scenarios: If your test only creates one user with one site, you won't catch the N+1 that only triggers when a user has multiple sites. The package can only catch what your tests actually exercise.

That said, we've found it catches roughly 80% of performance issues before they reach production. The remaining 20% still need production monitoring - but that's a much smaller haystack to search through.<@

Wrapping up #

The three-part journey is complete:

1. Part 1: Find slow queries using debug bars, slow query logs, and process monitoring
2. Part 2: Fix them with proper indexes
3. Part 3: Keep them fixed with automated testing

The package is open source and available at github.com/mattiasgeniar/phpunit-query-count-assertions. We'd love to hear how it works for your applications.

Feedback? #

If this article contains any errors or if it should clarify certain sections more, do reach out via either mattias@ohdear.app or ping me via @mattiasgeniar or our @OhDearApp account. Any feedback is appreciated!

Curious to hear about performance issues you've caught with automated testing that we don't yet know about!

This post examines some of our lessons learned, and we'll share our insights into what we saw during the outage.

Cloudflare, a net positive for our industry #

Let me start by chiming in on the public debate: has the internet decided to centralize too much around a few key players (Cloudflare, AWS, Google, ...)? Probably.

Should we now all move away from these big players to decentralize the web again? Probably not.

Despite Cloudflare's outage yesterday, I firmly believe they're a net positive for our industry, advancing the protection, speed, and availability of websites globally. Any major provider will experience downtime. I'm confident there will be a solid and transparent post-mortem of this incident with many lessons learned to prevent this from happening again. (Update: Cloudflare's post-mortem on the incident is now available)

So no, we won't suddenly move everything away from Cloudflare in a knee-jerk reaction, but we will be conscious to have procedures and workflows readily available to temporarily move away from Cloudflare when there is prolonged downtime.

Now, on to the real stuff!

Our Web UI was offline, our status pages & monitoring weren't #

Oh Dear itself sits behind Cloudflare. We've had the bad luck of experiencing some DDoS attacks a few years ago and have since opted into Cloudflare's Pro plan for better protection against this. As a result, during the outage, this was the availability of our services:

• Website: ❌
• Dashboard: ❌
• API: ❌
• Monitoring engine: ✅
• Notification engine: ✅
• Status pages: ✅

The problem we (and our clients) were facing: while status pages were online, our users couldn't post any updates to them because they couldn't log in to the main application that has the interface to manage those status pages.

This essentially turned status pages—unless users opted into the auto-updates based on our uptime monitors—into a stale and outdated communication channel. Only when our dashboard services were restored could our users start posting updates.

All our actual monitoring & notification engines remained online and performant at all times.

Temporarily disabling Cloudflare #

Because of this, we temporarily disabled Cloudflare for our website so that our users could access our service again.

This turned out to take slightly more time because the Cloudflare Dashboard itself was offline during their outage (because challenges.cloudflare.com, their "I'm not a Robot" service, was offline and prevented logins to their dashboard). Only once the CF dashboard was available again could we disable proxying through Cloudflare.

Lesson learned: we need a readily available DNS backup at our domain registry, allowing us to more easily switch nameservers away from Cloudflare to a third party in the case of an emergency. We have backups of our DNS records, but there are many of them, and the process to restore those was still manual and too time-consuming.

Our ping endpoint stays behind Cloudflare #

Users of our cron job/scheduled task monitoring might have noticed notifications about missed scheduled tasks because the callback URL ping.ohdear.app is also routed through Cloudflare.

This was also unavailable during the outage. We do, however, have internal systems that prevented ~99% of the false alerts related to those cron job monitors from being sent.

Every 4 seconds, we ping our own endpoint and expect the result to be processed in the following seconds. This system caught the unavailability of the ping endpoint early on and muted most of the alerts for our clients. Only during the recovery/early downtime—when our system hadn't caught this yet—have we sent some notifications to users.

Lessons learned: our internal system worked well for this particular use case, but we'll investigate options around service recovery times to ensure we don't send notifications that were just on the edge of the Cloudflare downtime.

Increased system load for downtime verifications #

The happy path of uptime monitoring is fairly straightforward: make an HTTP (or ping or TCP) request; if the service responds as expected, the service is considered up. All is well.

The unhappy path, where we detect downtime, is more resource-intensive: we'll do that exact same monitor request but route it via a different set of servers (technically: a different datacenter provider but within the same geographical continent) and expect that to also confirm the downtime.

This means that downtime detection doubles our system load because we can no longer just do a single check to confirm something is up; we need a second verification.

We have around 50+ servers worldwide, here's a screenshot of the network-throughput of one of our satellite servers:

In our capacity planning, we take this into account: our systems aren't running at their limits and always have the capacity to double their throughput at any moment in time, especially for these circumstances.

Lessons learned: there's a reason we keep 50% spare capacity at all times—this incident shows why. We'll keep doing so.

A spike in notifications sent #

It makes sense that when Cloudflare goes down, we'll start notifying a lot of our users that their website is down. Yesterday can be considered a stress test on our own systems as well, and I'm glad to see our choices in architecture have ensured that this was a smooth process.

At any given time, some of the websites we monitor are down, and we'll be notifying those users. Yesterday was a bit different, though.

For any of the following data, timestamps are shown in UTC.

At the peak, we were sending ~1,500 notifications per second. This is a mix of channels—some via email, some Slack, some Discord, etc.—depending on the settings of our users.

The downtime wasn't consistent either, so during the same period we also sent out a lot of recovery notifications (only to send new downtime notifications a few minutes later when the service was disrupted again):

During our peak, we observed at most a 1- to 2-minute delay between detecting the downtime and sending the notification because our queues were being hit much harder than ever before. We quickly scaled up capacity for processing outbound notifications and swiftly processed all notifications in < 1 minute again.

We also monitor our own service with some of our competitor tooling, and we observed some of their email notifications only arriving more than an hour later than the actual incident. We're proud to say that wasn't the case for us.

Lessons learned: our architecture allows for sending out many notifications in a short period of time with minimal disruption.

Where did our users get notified the most? #

We support a myriad of notification options, so where did we send most notifications during this outage?

In order of popularity, we sent out most notifications over:

• mail: 54.0%
• slackApi: 18.8%
• sms: 5.1%
• telegram: 4.4%
• discord: 3.8%

The others are in single digits. Email being the most popular makes sense, as it's the most accessible and it's the one we enable by default if someone signs up to try Oh Dear. The bump in email delivery is also clear from our email delivery stats:

In closing #

There are a few lessons learned from this incident, but we're proud to see how our service performed during a real-life stress test. We can implement some improvements over the coming weeks and prepare even better for a major outage. With the centralization of more of the web, we should prepare for downtime events to potentially have much bigger ripple effects that could affect more services at the same time.

Through our support channels, we heard some of our users request new features, such as:

• Mass-muting of all notifications during an outage like this (initiated by the user)
• Out-of-band access to Status Pages for managing updates/incidents
• An in-app banner highlighting a worldwide issue of downtime

All of these are under consideration. If you missed crucial functionality during this outage, we'd love to hear from you!

As of today, there's a second view available, one that matches the webbrowser visualisation of the timing of a single request.

This view shows the same waterfall information you'd find in Chrome or Firefox, providing a familiar view to developers worldwide.

The historical insights remain available as always, of course, allowing you to zoom out and look at the bigger picture.

You'll find the new view under the "Show all details" section of an uptime monitor.

AI monitoring lets you describe what should work in plain English, and we'll test it like a real user would - clicking buttons, filling forms, checking content. No scripts to maintain, no complex setup.

Here's an example where we let the AI submit a form and verifies that the submission was ok.

Our AI can control a real browser and click, type and submit forms on your site, and inspect results. Like you see above, it can also take screenshots. When something does not seem right, the AI can notify you via our powerful notification system.

There are lots of other use cases for AI checks. Here are some example prompts you can use:

• If there are any warnings or errors on the developer console of mysite.com, fail the check and send me a notification. You can ignore any messages from CloudFlare.
• Make sure the homepage of mysite.com lists at least five products, includes a login link, and has a registration page link. Send me a notification if any of these elements are missing.
• Check the spelling on https://example.com. If there are any spelling mistakes, send me a notification.

You can already check out the AI monitoring documentation, which contains more info on what you can do with our AI check.

A couple of users are currently helping us test and polish our AI check. Want to test it out too? Apply for the AI monitoring closed beta.

We aim to fully launch this feature mid-end November.

A few weeks ago, we massively improved the performance of the dashboard & website by optimizing some of our SQL queries. In this post, we'll dive deeper into the optimisations of queries with indexes.

Table of contents:

• Ways to improve database performance
• How database indexes work
• Let MySQL explain why a query is slow
• Different EXPLAIN output
• Adding indexes
• Multiple indexes vs. composite indexes
• The order of the index vs. the order of the WHERE statement
• NULL values in indexes
• What performance gains to expect
• Random trivia on indexes
• The AI way: how LLMs can help

Let's go!

What these results look like #

As a reminder, this is the resulting performance gain for the dashboard & some of our internal APIs:

These graphs come from the Oh Dear uptime monitoring we perform. Behind the scenes, we also use Zabbix for low-level server monitoring, where we get extra insights into the performance of our servers.

The optimisations have lead to an increase in network bandwidth between our SQL server & the rest of our infrastructure. Normally an increase like this would be cause for concern, but in our scenario it's because we're now able to perform all checks faster and complete our queues at a much faster pace, so that we're able to utilize the network bandwidth more.

As a result of our improvements, we were able to almost double the SELECT's (green line) we're able to do concurrently.

This also gives us a bit of context: at a constant load of ~6,000 SELECT's per second, around 1,000 INSERT's, another 1,000 UPDATE's and ~600 DELETE's per second, we've got ourselves a busy system.

So then, what did we do to get these numbers?

Ways to improve database performance #

In general, speeding up SQL queries can be done in 4 main ways;

1. Avoiding the query altogether (resolving N+1 loops, introducing caching, etc.)
2. Rewriting the query to be more performant (different joins, fewer subqueries, etc)
3. Get faster hardware
4. Adding indexes to the table to speed up data lookups

This post focusses mostly on the last point: the indexes, the hidden weapon of any database system.

How database indexes work #

For clarity, we run on MySQL 8.0, what we're explaining in this post is tested and applied on our systems, and should work on PostgreSQL and even SQLite - although the output of the EXPLAIN queries lower in this article will vary.

Imagine a table with 100,000,000 rows of data and multiple columns. If you ask your database to perform the following query:

mysql> SELECT * FROM big_table
       WHERE user_id = 1 AND deleted_at IS NOT NULL;

Without indexes, the database has to scan the entire table for rows that match your criteria. With indexes, it has a general idea of where the records you'll be asking might be. It's the difference between walking across a country with or without a map. You can get there, but it'll be a lot more efficient with that map.

When it comes to using indexes, you need to have a good idea on what data you want to filter on. Generally, that's everything in your WHERE clause. That's where the indexes come in.

In our example above, we're filtering data on both user_id and deleted_at, ideally we have an index that combines both of those data points for faster lookups, although even one index (say on the user_id column) would already make big differences.

There's a few gotcha's with that query straight-away (hint: nullable values can be tricky) which we'll cover deeper down.

Let MySQL explain why the query is slow #

In our previous post, we explained the techniques to identify which queries need improving. If you've followed along, you might now have a list of queries that have been identified as slow. Now, it's time to analyse them. That's where MySQL's EXPLAIN keyword comes in.

Take your slow query, add in the keyword EXPLAIN just before your own query, and let MySQL tell you what it did during execution.

mysql> EXPLAIN SELECT * FROM ...

The output can be something like this:

           id: 1
  select_type: SIMPLE
        table: <your table-name>
   partitions: NULL
         type: ref
possible_keys: <table-name>_created_at_index
          key: <table-name>_created_at_index
      key_len: 8
          ref: const
         rows: 1
     filtered: 100.00
        Extra: Using filesort

To start, the most important fields are:

• possible_keys: if indexes already exist in your table, these are the ones that are under consideration for executing this query
• key: if there are multiple indexes, this is the one MySQL ended up chosing
• rows: MySQL estimates it will need to examine 1 row to satisfy the WHERE clause
• filtered: 100% of the examined rows are expected to pass the WHERE condition.
• extra: the biggest clue is here

The extra column can contain a lot of value, typically you'll see values like these, sorted by the best possible output (aka the fastest queries) to the slowest.

• The best performance:
  • (no extra info) - Optimal: using index efficiently with no additional operations
  • Using index - Very fast: query satisfied entirely from index without accessing table data
  • Using where; Using index - Fast: filtering done on index data only
  • Using index condition - Good: index condition pushdown reduces data transfer
• Moderate performance:
  • Using where - Acceptable: additional filtering applied after index lookup
  • Distinct - Moderate: removing duplicates, but can use index
  • Using index for group-by - Good for GROUP BY: grouping operations done via index
• Performance concerns:
  • Using filesort - Slow: sorting requires additional memory/disk operations
  • Using temporary - Slow: temporary table needed for complex operations
  • Using temporary; Using filesort - Slower: both temporary table creation and sorting required
• The worst performance:
  • Using join buffer - Slow: nested loop join without efficient index access
  • Using where; Using join buffer - Very slow: inefficient joins with additional filtering
  • Range checked for each record - Very slow: MySQL recalculates optimal index for each row
  • Full scan on NULL key - Extremely slow: cannot use index due to NULL handling in subqueries

The key principle here is: anything involving filesorts, temporary tables, or full scans without indexes will significantly impact query performance and should be solved.

Different EXPLAIN output #

MySQL has several outputs for an EXPLAIN query, depending on your preferred tooling, these can be useful to you:

-- output in tabular format, the default
mysql> EXPLAIN SELECT * FROM ...

-- output in JSON, also contains cost calculations
-- from the query optimizer
mysql> EXPLAIN FORMAT=JSON SELECT * FROM ...

-- outputs a visual hierarchy of operations,
-- useful with many joins
mysql> EXPLAIN FORMAT=TREE SELECT * FROM ...

-- performs the actual query and compares
-- estimated vs. actual rows
mysql> EXPLAIN ANALYSE SELECT * FROM ...

I usually default to just the standard EXPLAIN output.

Adding indexes #

Most slow queries can be solved by adding indexes. This ensures MySQL can find the data efficiently, without having to scan the entire table.

Take the following query for instance:

SELECT
	*
FROM
	`snooze_history_items`
WHERE
	`snooze_history_items`.`check_id` = 1
	AND `ends_at` > '2025-09-13 20:00:00'
ORDER BY
	`ends_at` DESC
LIMIT
	1

We're querying a pretty big table to get some results. The two WHERE conditions are meant to limit the result, but without indexes, MySQL needs to scan and read the entire table, filter out the requested results, then return them.

To make matters worse, it also needs to then sort the result set in memory, before returning the result.

Both actions - reading the entire table to filter the results and then sorting them - are incredibly CPU intensive. If the query can't be simplified further, it's time to add an index so MySQL can consult its index for the results, efficiently gather only the data it needs, and instantly return it.

mysql> CREATE INDEX idx_check_ends_optimized
       ON snooze_history_items (check_id, ends_at DESC);

Or in a Laravel migration:

Schema::table('snooze_history_items', function (Blueprint $table) {
    $table->index(['check_id', 'ends_at'], 'idx_check_ends_optimized');
});

Now when we ask the EXPLAIN output, we'll see:

mysql> EXPLAIN SELECT ... 

possible_keys: idx_check_ends_optimized
          key: idx_check_ends_optimized
        Extra: Using index condition; Backward index scan

This saves a tremendous amount of CPU cycles in MySQL reading all data & sorting the results. At our scale of close to 10k queries/s, this seriously adds up.

Multiple indexes vs. composite indexes #

After a while, you might have multiple indexes on any given table, like these:

KEY `table_user_id` (`user_id`) USING BTREE,
KEY `table_user_id_deleted_at` (`user_id`,`deleted_at`) USING BTREE,
KEY `table_user_id_deleted_at_client_type` (`user_id`,`deleted_at`,`client_type`) USING BTREE

Written differently, this table has 3 indexes:

• user_id ("user_id_index")
• user_id, deleted_at ("user_id_deleted_at_index")
• user_id, deleted_at, client_type ("user_id_deleted_at_client_type_index")

Indexes are used/read from left-to-right: an index that consists of 3 columns, like our user_id_deleted_at_client_type_index in the example above, can also be used by queries that only search for the left-most column of that index.

If you're performing a query like:

SELECT * FROM users WHERE user_id = 1;

Any of the 3 indexes is capable of supporting this query, because the user_id is the left-most index. This actually makes the first index, user_id_index, obsolete and it can be dropped.

The order of the index vs. the order of the WHERE statement #

Both of the following queries will use the same available index on the user_id, deleted_at fields. The order of the WHERE statements does not matter:

SELECT * FROM big_table
WHERE
    user_id = 1
    AND deleted_at IS NOT NULL

and:

SELECT * FROM big_table
WHERE
    deleted_at IS NOT NULL
    AND user_id = 1

The order of the index, on the other hand, does matter!

When creating indexes, it helps to visualize which data-filter would reduce the result set the most. In our query, if we can filter based on user_id first, we might already limit the scope of our query to 1% of the total table. This filter has the biggest impact. It's also the most likely field to be used in WHERE statements, so can probably be re-used by other queries, it makes sense for both of these reasons to keep user_id the first column in the index.

If we turned the indexes around, like so:

KEY `table_deleted_at_user_id` (`deleted_at`, `user_id`) USING BTREE,

We'd now have an index that starts with the deleted_at column, followed by the user_id column. Now, any query that filters only on the user_id can no longer use this index and will have to fall back to a full table scan, even though it's part of another index.

NULL values in indexes #

Some fields in your table might be nullable. A good example is usually a deleted_at soft-delete timestamp. It's only filled in with a date if a record is actually soft-deleted.

The main gotcha with nullable columns in MySQL indexes is that NULL values are indexed, but they can cause performance issues in your queries:

-- This CAN use the index
WHERE deleted_at IS NULL
WHERE deleted_at IS NOT NULL

-- These too, for either range or equality checks
WHERE deleted_at = '2025-10-06'
WHERE deleted_at >= '2025-10-06'
WHERE deleted_at < '2025-10-06'
WHERE deleted_at BETWEEN '2025-01-01' AND '2025-12-31'

-- These CANNOT efficiently use the index
WHERE deleted_at != '2025-10-06'  -- Inequality (requires scanning most of the index, inefficient range scan)
WHERE deleted_at <> '2025-10-06'  -- Same, requires scanning most of the index
WHERE NOT (deleted_at = '2025-10-06')  -- NOT conditions also require scanning most of the index here

If you need consistent indexes on datetime fields, you could opt for a default timestamp (ie 1970-01-01) on that column instead and removing the nullable property.

As a rule of thumb, where possible, put nullable columns as the last column in your composite indexes.

What performance gains to expect #

I define a fast query as one that completes under 15-20ms, depending on the size of the output. For single-row queries, it's reasonable to expect a response around 1ms to 2ms. Larger responses (ie many rows) will just take longer to travel over the network as well, let's set that upper bound to somewhere around 20ms.

Take the following example for instance:

SELECT * FROM big_table
WHERE user_id = 1
LIMIT 10

The performance results are:

• Without an index on user_id: 32ms
• With an index on user_id: 3ms

That's a straight up 10x faster query, just with an index.

The results are a little more extreme with bigger tables or more complex queries, in our environment where we might have big queries with joins, subqueries & lots of WHERE conditions, we've seen improvements from > 5s down to < 50ms, that's an almost 100x faster query.

Random trivia on indexes #

A few notes & thoughts on indexes in general;

• They usually only matter for bigger tables, on very small tables, full scans might actually be faster than index lookups.
• More indexes = slower write performance, so slower INSERT, UPDATE and DELETE queries. This can significantly slowdown the write performance, a table with 3+ indexes can see slower write performance by up to 20% and more. The larger (more columns) the index, the slower writes will become. Another reason to use a single, good, composite index vs. overlapping smaller ones.
• Most applications benefit from more indexes, they often have a 95% SELECT vs. 5% WRITE ratio on database load anyway.
• Primary keys & foreign keys are automatically indexes as well, but are added as single-column indexes, and may be redundant with composite indexes.
• Indexes consume disk space, but I've never realistically seen this have any noticeable impact.
• Indexes also use RAM, but I've also not seen this become an issue.
• You can always get a bigger and faster database server, often times, this is cheaper than spending weeks optimizing code or queries.
• Using functions in queries means the index won't be used, ie WHERE YEAR(created_at) = 2025 won't use an index on created_at, but WHERE created_at >= '2025-01-01' AND created_at < '2026-01-01' will
• Leading wildcard searches break indexes: WHERE name LIKE '%smith' can't use an index, but WHERE name LIKE 'smith%' can.
• In the past 20yrs of managing servers, I've had one weird instance where indexes became corrupt (queries were always slow, regardless of the indexes), where it needed an OPTIMIZE TABLE <table> to rebuild indexes. Since then, I run OPTIMIZE TABLE quite often when troubleshooting.

Curious to hear trivia you might have on SQL performance that we don't yet know about!

The AI way: how LLMs can help #

When you give your AI of choice enough context, the suggestions can be extremely powerful. You'll need to be diligent in reviewing the response, but if what you're looking for is a good first review of a slow query, this helps:

Below is the EXPLAIN output of a slow query, followed by the result of the query analysis. The table structure is below that. Analyze the query and suggest which indexes to add, clarify why, and show the index creations in the Laravel migration format.

Follow that with;

• The exact EXPLAIN SELECT ... query
• The output of that EXPLAIN
• The output of SHOW CREATE TABLE <tablename>

This gives the LLM the query that's slow, what the query planner did to execute it as well as the full table structure - including current indexes - to work with.

You should, however, review the suggestions and see if any of the indexes the LLM might suggest already exist or could be part of a composite index you added in earlier, to avoid duplicating indexes.

Feedback? #

If this article contains any errors or if it should clarify certain sections more, do reach out via either mattias@ohdear.app or ping me via @mattiasgeniar or our @OhDearApp account. Any feedback is appreciated!

Maybe we're better at actually building good software than we are at marketing it? Or are we trying what everyone else is also doing, thus making it all harder? After all, you can only outbid your competitors in Google Ads for so long.

So we're trying something new: an analog marketing campaign for the digital world. 🍺

The origin of Oh Dear #

Back in 2017 we were brainstorming the idea of a better uptime monitor. We did this out of a local bar called Paters Vaetje, a small but cozy bar in Antwerp, near the Cathedral.

Belgium has many good beers, so it's no surprise that the bar we were sitting in was covered in beer advertisements. One of them was this one for a fine one called "Moeder Overste", which translates to "Mother Superior".

We were thinking: "What would Mother Superior Superior say if her website was down". Immediately "Oh Dear" came to mind. We thought we would only keep it as a work-in-progress name, but over time we liked it so much that we used it as the final product name.

Sharing is caring #

So with the origin of our name clarified, we figured: why not let others experience the same taste while promoting Oh Dear at the same time?

So as an experiment, we're sending a specially branded beer gift to some select companies in Belgium. Obviously, with some Moeder Overste inside of it.

The outside of the beer packages have our branding, with the backside a small text explaining what Oh Dear does.

Inside the packaging, there's a personal and handwritten note for the recipients. With so many word-puns available, we couldn't resist the "cold emails" angle. 😁

Will this work and actually convert to Oh Dear users? We have no idea yet, but we're about to find out. 😎

Not just for new clients #

We're trying this as an experiment, but we've already heard from some of you that you'd love a package like this to be delivered. And you're right, why should we only try to convince new users and not treat loyal customers just the same?

We're looking into extending our beer-delivery-operation to some of our existing clients as well, as a token of gratitude for the trust placed in Oh Dear to keep watch over all your sites. Realistically though, these packages aren't cheap to make ... so ... the bigger your Oh Dear subscription, the more chance you'll have of receiving a package. It's marketing after all. 😇

(Ps; we can only do Belgium for now, turns out, shipping alcohol across the border comes with its own challenges)

What AI Monitoring Can Do #

Our AI monitoring system comes equipped with comprehensive capabilities:

Internet Access and sending notications: The AI can check live websites in real-time. It is also able to use our notification system.

Make sure the homepage of mysite.com lists at least five products, includes a login link, and has a registration page link. Send me a notification if any of these elements are missing.

DNS Record Analysis: Full access to all DNS records for comprehensive domain monitoring

Verify that all MX records for spatie.be point to Google. If they don't, send me a notification and show all current MX records in the result.

API Testing: Complete support for POST requests with custom payloads and headers

Send a POST request to mysite.com/api/my-endpoint with this payload:

• first_name: "John"
• last_name: "Doe"

Include this HTTP header:

• my-custom-header: my-custom-header-value

The response code should be 200. Send me a notification if the response code is anything other than 200.

These are just a couple of simple examples. We’re curious to know how you would use this feature.

Join Our Closed Beta #

We're preparing to launch our closed beta program and need passionate users to help us test and refine this feature. If you're interested in being among the first to experience AI monitoring and want to help shape its development, we'd love to hear from you.

Apply for the AI monitoring closed beta

Your feedback will be invaluable in making this feature the best it can be.

We're aiming to add people to our closed beta in October, and launch the feature for all users in November.

In this blog post I'd like to explain why we built it and how you can use it.

Why we needed to reflect HTTP requests #

One of the many checks we offer is our uptime check. Like all our checks, we have an extensive test suite for our uptime monitoring functionality. We have tests that prove that when a site is down, we actually do warn our users.

So, in our end-to-end tests we need to have a site available that is considered down. Instead of bringing an actually service down, wouldn't it be nice if we could just tell a website what status code it should return?

That's exactly the sort of thing that Request Mirror can do. It has a route /status/ that you can append with any status code you want. So a request to https://request-mirror.ohdear.app/status/500 will respond with status code 500, mimicking a website that is down. Try it by visiting that URL in the browser and use your developer tools to see the status code.

In our tests we can use this:

// I've simplified the test for brevity
it('can send a notification when the site is down', function () {
   performUptimeCheck('https://request-mirror.ohdear.app/status/500');
    
   Notification::assertSent(UptimeCheckFailedNotification::class);
});

Other endpoints #

Our uptime check has many options to tailor it to your specific monitoring needs. To be able to test all these options, we added extra endpoints to Request Mirror.

Let's take a look at the ability to reflect headers:

$response = Http::withHeaders([
    'extra-header' => 'extra-value',
])->get('https://request-mirror.ohdear.app/get');

// the json response will have a headers property that contains
// the `extra-header` header.
$response->json('headers');

These are also available:

• https://request-mirror.ohdear.app/ip: returns your IP
• https://request-mirror.ohdear.app/user-agent: returns your user agent
• https://request-mirror.ohdear.app/json: returns a bit of random JSON
• https://request-mirror.ohdear.app/xml: returns a bit of random XML

And there are a few more listed on Request Mirror.

An alternative: HTTPBin #

There's also an excellent alternative that's been around for a long time: HTTP Bin. Request Mirror was heavily inspired by HTTP Bin.

Even though HTTP Bin works well, I still took the time to build Request Mirror, because the uptime of HTTP Bin was a bit flaky in the past period, causing our tests to fail sometimes. And with Request Mirror being in my control, I can add any endpoint Oh Dear needs for its test suite.

In closing #

Granted, Request Mirror is not the most exciting project, but if you need this kind of functionality it can come quite handy.

Should you need another endpoint for your testing, I'm open for pull requests to the request mirror repo on GitHub.

If you use a tool like Claude Code, then this is how you can connect Oh Dear to it (you can create an API token in your account settings)

claude mcp add --transport http ohdear https://ohdear.app/mcp \
--header "Authorization: Bearer YOUR-API-TOKEN-HERE"

Some examples #

Here are a couple of example prompts

“Analyse the performance of spatie.be of the last week”

“Which DNS records changed recently at spatie.be”

“Show me the trends of the lighthouse reports of spatie.be”

This is very powerful stuff. I’m curious which prompts you will try.

In closing #

Our MCP server can access all checks and their results, so you can ask questions about anything that Oh Dear is monitoring for you.

You learn how to get started an view a few more examples in on the dedicted MCP server page in our docs.

We’re still improving our MCP server. If you have some unexpected results, or think a result can be better, do reach out to support@ohdear.app

We'll cover the basics and gradually work our way up to the more advanced/complex ways of identifying slow queries.

In this post, you'll see:

• Using a local debug-bar to identify queries
• Using MySQL slow query log
• Logging queries that don't use indexes
• Evaluating currently running queries live
• Analysing the global query log
• 2 MySQL bonusses: better CLI output & redirecting output to files
• Enforce eager loading in local Laravel environment

Let's go!

What these results look like #

As a reminder, this is the resulting performance gain for the dashboard & some of our internal APIs:

These graphs come from the Oh Dear uptime & performance monitoring we perform.

Now let's get started identifying which queries need optimising.

Enable the debug-bar in your local environment #

The easiest place to start investigating queries is locally, in your development environment. Most frameworks have the concept of a "debug bar" - in the case of Laravel applications, the most widely used is the barryvdh/laravel-debugbar package that offers excellent insights.

Once enabled, you can see output similar to this:

It contains, at a glance:

• The total time spent executing SQL queries (top-right)
• The total amount of queries executed (top-left)
• How many of those were duplicates (indicating potential N+1 loop issues)

Before optimising any query, it makes sense to ask the question: can the query be avoided in the first place? Duplicate queries are worth investigating, as well as queries that don't add meaning to the page you're seeing (ie a Class being lazy-loaded whose data isn't needed on this page).

In our case, if we're looking at the data being loaded on an uptime monitor, we wouldn't expect a SQL query to load data for a broken link monitor. For this, you need application-awareness to know what data makes sense to load on that page.

Let MySQL tell you which queries are slow #

MySQL has the ability to enable a "slow query log", where you get to decide what qualifies as a slow query. This is the easiest step to get started, as MySQL will log to disk the SQL queries that exceeded your threshold.

First, create the file to be used as the log (as the root user):

$ touch /var/log/mysql-slow-query.log
$ chown mysql:mysql /var/log/mysql-slow-query.log

This creates an empty file and allows MySQL to read & write to it. If the file doesn't exist, MySQL won't create it for you, it just won't log anything.

Next, hop in your MySQL command-line and activate the Slow Query Log.

$ mysql
mysql> SET GLOBAL slow_query_log_file = '/var/log/mysql-slow-query.log';
mysql> SET GLOBAL long_query_time = 1;
mysql> SET GLOBAL slow_query_log = 'ON';

From this point, MySQL will log every query that exceeded the 1s threshold in your log file. Tweak the "long query time" as you see fit.

$ tail -f /var/log/mysql-slow-query.log

# Query_time: 2.547717  Lock_time: 0.000003 Rows_sent: 0  Rows_examined: 0
SET timestamp=1757095277;
select * from `runs` where `runs`.`check_id` = ...;

This will give you a list of your slow queries, ready to be optimized.

The example above will modify your currently running MySQL instance to log queries, but if you restart your MySQL server, the settings won't be persisted. If you want to have this enabled all the time, it needs to be added to your my.cnf config file:

[mysqld]
slow_query_log = ON
slow_query_log_file = /var/log/mysql-slow-query.log
long_query_time = 1

You can gradually increase the slow query threshold, MySQL allows decimal values to log queries that are faster than 500ms, 300ms, etc.

mysql> SET GLOBAL long_query_time = 0.3;

This would let MySQL log all queries that are slower than 300ms.

If the results become too verbose, you can tweak how many queries get logged a bit more by setting a minimal amount of rows that a query should return, before it's logged.

mysql> SET GLOBAL min_examined_row_limit = 1000;

Queries that examine fewer than this number of rows will not be logged to the slow query log.

Let MySQL tell you which queries lack indexes #

Spoiler alert: a fast query usually has indexes on them that make retrieving the data blazing fast. We'll explore how to set those & decide which ones to set in future posts.

MySQL can log all queries that are being executed that don't use an index for lookups. This can get a little noisy, especially if you haven't added indexes before, so this is a setting to enable once you've done the 2 tips shared above first, to trim down on the log-noise this might generate.

mysql> SET GLOBAL log_queries_not_using_indexes = ON;

This will log all sorts of queries, including queries like:

• SELECT * FROM users: a full table scan (without a WHERE clause)
• SELECT * FROM users WHERE email = 'mattias@ohdear.app': a WHERE clause on a non-index column
• SELECT * FROM users WHERE UPPER(email) = 'MATTIAS@OHDEAR.APP: a function call on an indexed column (this prevents index usage)
• SELECT * FROM users WHERE name LIKE '%mattias%': using a leading wildcard in a LIKE statement

I wouldn't recommend running log_queries_not_using_indexes all the time, just for debugging & analysis purposes.

The log_queries_not_using_indexes is also compatible with the same min_examined_row_limit option we shared in the previous tip, so you can limit the logging of non-indexed queries by adding:

mysql> SET GLOBAL min_examined_row_limit = 1000;

If you have a high amount of queries without indexes and a busy MySQL server, the log activity can also become a bottleneck. Keep this in mind and disable it again once you're done with your analysis.

mysql> SET GLOBAL log_queries_not_using_indexes = OFF;

Ps; feels weird writing queries that set a value to what seems to be a string, right? The values for OFF and ON are reserved keywords, similar to TRUE or FALSE, so they don't need quotes.

Let MySQL tell you which queries are executed right now #

As a rule of thumb, I like to use: whenever I can see a query being executed right now, it probably can use some optimisations.

Think about that logic for a second: ideally, queries are finished under 10ms or faster. What are the odds that when I request the current processlist, a query will show up? It becomes such a narrow window that when you look at the current processlist a few times, and you see the same queries showing up over and over again, they're worth investigating.

Let's start with the basics:

mysql> SHOW FULL PROCESSLIST;

If this returns a lot of results, you can use the raw SQL query to be able to filter the results based on your own criteria. The SHOW FULL PROCESSLIST is essentially a shortcut for the following SQL query:

mysql> SELECT 
		ID,
		USER,
		HOST,
		DB,
		COMMAND,
		TIME,
		STATE,
		INFO
FROM performance_schema.processlist
ORDER BY ID;

So you're able to trim down the output a little by avoiding Sleeping connections or from databases or users you don't need (if you're hosting multiple databases on this system);

mysql> SELECT 
		ID,
		USER,
		HOST,
		DB,
		COMMAND,
		TIME,
		STATE,
		INFO
FROM performance_schema.processlist
WHERE DB = 'ohdear' AND COMMAND != 'Sleep';

If you run this command a few times in a row and you see the same types of queries showing up, even if they have indexes, they're worth noting for followup.

The output of PROCESSLIST and the content of the performance_schema.processlist have a limitation that the TIME only has seconds granularity, so it's hard to sort on. As a workaround, once you need more insights into < 1 second queries, you can run the following query:

mysql> SELECT 
	t.processlist_id,
	t.processlist_user,
	t.processlist_host,
	t.processlist_db,
	t.processlist_command,
	t.processlist_state,
	t.processlist_info,
	ROUND(s.timer_wait/1000000, 2) as execution_time_ms
FROM performance_schema.threads t
JOIN performance_schema.events_statements_current s ON t.thread_id = s.thread_id
WHERE t.processlist_command != 'Sleep' 
  AND s.timer_wait IS NOT NULL
ORDER BY s.timer_wait DESC;

This will show the time spent in miliseconds in the execution_time_ms column.

Let MySQL tell you which queries get executed the most #

Caution: on high-traffic MySQL servers, this will become a major bottleneck! Be careful.

This one is best to enable locally, in your development environment. Sure, you can try to enable this on staging or production, but there's a very big chance your disk I/O won't survive that setting. Be careful when doing this on anything but your local development environment.

I know some will #YOLO this in production, don't @ me when your system breaks. :-)

MySQL can log all queries that are being executed, with the ability to then fire off some CLI tools on that big query log to identify the most recurring queries.

First, similar to the Slow Query Log, create the file MySQL can write to:

$ touch /var/log/mysql-general-query.log
$ chown mysql:mysql /var/log/mysql-general-query.log

Next, instruct MySQL to log all queries to that file:

mysql> SET GLOBAL general_log_file = '/var/log/mysql-general-query.log';
mysql> SET GLOBAL general_log = ON;

To disable the general log again:

mysql> SET GLOBAL general_log = OFF;

Now you can - again, locally - open your application, run your jobs & scheduled tasks, run your CI tests, ... and every query will be logged to the /var/log/mysql-general-query.log file. The output will be something like this:

$ tail -f /var/log/mysql-general-query.log
2025-09-16T11:40:04.736814Z	   94 Prepare	select * from `plan_prices` where `archived` = ? and `is_yearly` = ? and `currency` = ? order by `amount` asc limit 1
2025-09-16T11:40:04.736987Z	   94 Execute	select * from `plan_prices` where `archived` = 0 and `is_yearly` = 0 and `currency` = 'eur' order by `amount` asc limit 1
2025-09-16T11:40:04.737575Z	   94 Close stmt
2025-09-16T11:40:04.745635Z	   94 Prepare	select * from `transformation_results` where `url` = ? and `type` = ? limit 1
2025-09-16T11:40:04.745773Z	   94 Execute	select * from `transformation_results` where `url` = 'https://ohdear.app.test/pricing' and `type` = 'ldJson' limit 1
2025-09-16T11:40:04.746173Z	   94 Close stmt
2025-09-16T11:40:04.768509Z	   94 Prepare	select * from `users` where `id` = ? limit 1
2025-09-16T11:40:04.768763Z	   94 Execute	select * from `users` where `id` = 27765 limit 1
2025-09-16T11:40:04.769149Z	   94 Close stmt

This quickly becomes overwhelming & you won't be able to parse this manually anymore. That's where the CLI comes in. Percona offers some amazing scripts for us to use, let's install those first:

$ apt install percona-toolkit # for debian/ubuntu
$ brew install percona-toolkit # for Mac

The pt-query-digest tool allows us to analyse this general log and sort the queries by either count or time-spent in the database. We just need a quick fix in our log, because pt-query-digest only looks at the keyword Query in the log, and we're using Prepared Statements so we have a lot of entries with Prepare and Execute that the tool will happily ignore. Since each Execute is just a Query that was executed, we can simply rename them in our logfile.

$ sed 's/Execute\t/Query\t/' /var/log/mysql-general-query.log > /var/log/mysql-general-query-editted.log

Then, let's fire off the analysis:

$ pt-query-digest \
	--type=genlog \
	--group-by fingerprint \
	--order-by Query_time:cnt,Query_time:sum \
	--filter '$event->{cmd} =~ /^(Query|Execute)$/' \
	--limit 25 \
	/var/log/mysql-general-query-editted.log

The output is a bit noisy, but tells you which queries were executed most (Count attribute) and which spent most time (Exec time attribute). Any performance gain that can be made to the most-occuring queries will yield better results.

Improving a query from 25ms to 20ms may sound negligible, but if it's performed millions of times a day, it adds up.

MySQL bonus 1: sort output vertically, not horizontally #

If you're working via the CLI, some of the queries I shared above can have quite lengthy output that's not always easy to see on small screens. You can change some of the outputs with modifiers in MySQL.

One very useful modifier is the \G control character - that's backslash + G.

This is a normal query output via the CLI:

mysql> SELECT id, name FROM teams LIMIT 2;
+----+--------------+
| id | name         |
+----+--------------+
|  1 | Team Mattias |
|  2 | Spatie       |
+----+--------------+
2 rows in set (0.00 sec)

If you add in the \G suffix to a query, the results are shown vertically instead:

mysql> SELECT id, name FROM teams LIMIT 2 \G;
*************************  * 1. row ***************************
  id: 1
name: Team Mattias

*************************  * 2. row ***************************
  id: 2
name: Spatie
2 rows in set (0.00 sec)

That's a litteral \G (backslash + G) at the end of the query.

MySQL bonus 2: write query output to a file #

If you miss using grep, awk, sort, ... in a MySQL shell, you're probably a greybeard Linux sysadmin and we should have some beers together. But good news, MySQLs' output can be redirected to a file for easier parsing!

mysql> \T /tmp/query-output.log
Logging to file '/tmp/query-output.log'

mysql> SELECT * FROM teams;

mysql> \t
Outfile disabled.

With \T you can specify which file this MySQL session should write all its output to. And with \t you can stop writing to that file. Afterwards, your file contains all the output of the queries you ran in between.

You can also use INTO OUTFILE but I find it a little cumbersome to tweak queries to achieve that, I'd rather mark a terminal session as "log to file", do the queries I want, and then stop that logging.

Let Laravel warn you for N+1 queries #

The Laravel framework can warn you when you're (potentially) causing excessive queries by throwing an exception when you're lazy loading relationships.

You can enable this warning in your non-production environment by adding the following into your boot() method in your AppServiceProvider:

public function boot(): void
{
    Model::preventLazyLoading(! $this->app->isProduction());
}

Now, every time you run a piece of code like this:

$posts = Post::all();

foreach ($posts as $post) {
    echo $post->comments->count();
}

It'll throw an exception, because for every iteration through the loop, Laravel would perform an extra query to count the comments of that specific $post instead of loading them at once. The fix, in this example, would be to eager load the counts only - not all the comments.

// Eager load the comment counts
$posts = Post::withCount('comments')->get();

foreach ($posts as $post) {
    echo $post->comments_count; // Note the _count suffix
}

This is an example that will optimise your query count with just minimal code changes.

Next up: fixing the queries #

In this post, we shared several ways of identifying which queries either get executed the most or which are the slowest. There's many ways to get this data, and you're able to pick whichever method you're most comfortable with or have access to.

In our next post, we'll deep-dive into the different ways of identifying what the bottleneck of a query is and how to resolve it.

The biggest gains are for our users that have > 100 sites on their dashboard, they'll get a noticeably faster loading time. For those biggest users, the dashboard is quite litterally 10x faster.

What these results look like #

This is the historical performance of our homepage for instance:

And one of our uptime location API endpoints:

These graphs come from the Oh Dear uptime monitoring we perform.

Over the next few blogposts, we'll share the details on how we identified which areas to focus on and how we implemented the performance improvements across the board.

By default, we check your website for uptime every minute. The Lighthouse check runs daily. Using our new feature, you can now, for instance, choose that the uptime check should run every 2 minutes, and the Lighthouse check every 5 days.

You can choose the frequency at the settings of the check.

Most people won’t need this option. For people who host multiple sites on one server, all monitored by Oh Dear, you can decrease the check frequency to have less stress on the server.

One of the things that was asked a lot was ping and TCP port monitoring. The past few months we worked hard to add this kind of monitoring to our service. And while building it, we touched upon other parts of our service and improved lots of little things.

And I'm proud to share that we now have shipped it all! Let's go through it!

Goodbye sites, welcome monitors #

Let's take a look at the dashboard at Oh Dear.

Long time Oh Dear users will probably notice that "sites" isn't in the main navigation anymore. It has been replaced by "monitors".

Since Oh Dear started, we always had the concept of a "Site" you're monitoring. But with the introduction of Ping and TCP checks, we can now monitor more than just a site.

That's why we renamed the "Site" concept in Oh Dear to "Monitor". Not only the main navigation has changed, but we updated all copy throughout our entire app and docs.

A monitor will have a type:

• HTTP: for checking websites
• Ping: for checking servers via ICMP ping
• TCP: for checking the connectivity of a port over TCP

When you now create a monitor in Oh Dear, this new dialog pops up, which lets you choose the type of monitor.

Monitor your servers via ping #

Let's explore the new ping monitoring type. With HTTP monitoring we're sending an HTTP request to your app to see if it works. With ping monitoring, we're sending an ICMP(v6) ping packet to your server, so this kind of monitoring is more low-level. Ping checks if your server is responding at the most basic network level. If ping fails, you know there's a fundamental connectivity issue before users even try to access your site.

Adding a ping monitor is easy, just select the ping type, enter the address (either a FQDN hostname or the IPv4 or IPv6 address) of your server and you're good to go.

On the uptime report of a ping check, you can see the average response time, together with the raw ping output.

When you scroll down a bit, you'll see a full graph of how the ping check performed over time.

Needless to say, whenever the ping fails, we'll send you notifications, via one of our many available notification channels.

The ping check can also be customized to your heart's content. You can choose how many packets should be sent, what their size should be, define the acceptable packet loss, and much more.

Monitor TCP ports #

Let's take a look at the second new monitoring type: TCP ports.

TCP port monitoring checks if specific services are running and accepting connections on their designated ports, giving you more targeted insight than basic ping monitoring: While ping only tells you the server is reachable, TCP port monitoring verifies that specific services (web server on port 80/443, database on 3306, SSH on 22, etc.) are actually listening and responding.

When creating a monitor, you can now choose the TCP type.

For this example we're going to monitor smtp.google.com:587, Gmail's mail server.

Let's maybe look at the settings of a TCP monitor first.

On the image above you see that we can check the welcome message the server will send back. If the welcome message doesn't contain the string given, we'll regard the server as down. Optionally, you can also send a message to the server, and also check if the response we get for the message contains a substring. This way you can really test particular behavior of your server.

On the TCP result page, we'll show the welcome message (and also the response of the optional message when it has been set)

Our API has been updated as well #

Across our UI, notifications and docs, we have changed the language so we'll talk about "Monitors", instead of "Sites". We've also updated our entire codebase. Internally our Site model is renamed to Monitor, together with all relationships, foreign keys, views, controllers... Together with the technical rename, we'll also pay off other technical debt that was accrued over the years.

This has also affected our API. At Oh Dear, we value backwards compatibility. In the eight years that we've been in operation, we've never made a breaking change to our API. We also considered keeping a v1 of our API, but we decided against it because the maintenance burden would be too big.

On this FAQ page, you can read more info on which exact breaking changes we've made, and how you can upgrade.

A new homepage #

To promote ping and TCP monitoring, we added two dedicated new pages, one for ping, and one for TCP. These pages both have beautiful illustrations, made by our designer Nick.

We also took the time to update our homepage to mention the new feature, and also to show some nice screenshots from our app.

The features and docs menu were revamped as well.

Bonus feature: customize the frequency of the checks #

We've also shipped another small, but often requested feature: you can now choose the frequency of the check we run.

By default, we check your website for uptime every minute. The Lighthouse check runs daily. Using our new feature, you can now for instance choose that the uptime check should run every 2 minutes, and the Lighthouse check every 5 days.

You can choose the frequency at the settings of the check.

In closing #

We hope you'll like these updates we've made to Oh Dear.

We aren't done and are building more exciting features, but it's a bit too early to talk about those. Should you have any suggestions on how to improve Oh Dear, do let us know by filling in our survey or just emailing support.

We'll close off this post by highlighting some of the features that were requested through our survey:

• We now log sent notifications
• Our new SDK has been rebuilt from the ground up
• People with a big number of sites in their team reported that the site list screen is slow. We made it faster, and are still optimizing it.
• There's a new usage screen that shows your usage against your current plan
• Maintenance periods can now have a name
• We can now send notifications via Google Chat
• The certificate health check has a new "Detected Certificates" tab showing the history of certificates we detected for a site.
• A graph was added to the Lighthouse result history
• Our blog layout was simplified.
• We made it more clear across our UI which things are clickable, by adding the cursor-pointer CSS class to those elements
• You can now manage monthly reports with our API
• Alert snoozing now has full history
• A new login method was added: passkeys
• Our broken links check has a new "Troubleshooting" tab, showing you tips to fix broken links.
• We merged our uptime and performance check

In this blog post, I'd like to show you how you can use the new SDK and how it works under the hood.

Using the SDK #

With the SDK package installed (you'll only have to require it using composer require ohdearapp/ohdear-php-sdk), you'll be able to instantiate the Oh Dear class like this:

use OhDear\PhpSdk\OhDear;

$ohDear = new OhDear('your-api-token');

That API token can be created on the API tokens screen.

On that OhDear class you can use one of the many available API methods.

Here's how you would create a simple monitor.

$monitor = $ohDear->createMonitor([
    'url' => 'https://example.com',
    'type' => 'http',
    'team_id' => 1,
]);

echo $monitor->url; // returns https://example.com

Of course, we'll start performing all of our checks on a new monitor right away.

Here's how you would list all broken links we detect on a site.

$brokenLinks = $ohDear->brokenLinks($monitorId);

foreach ($brokenLinks as $brokenLink) {
    echo "Broken link: {$brokenLink->crawledUrl}";
    echo "Status: {$brokenLink->statusCode}";
    echo "Found on: {$brokenLink->foundOnUrl}";
    echo "Link text: {$brokenLink->linkText}";
    echo "Internal link: " . ($brokenLink->internal ? 'Yes' : 'No') . "";
}

Here's a cool tidbit, you can't know from looking at the code above: you don't need to care about pagination. The brokenLinks method (and all other methods in our SDK that return multiple results) doesn't return a regular array. Instead it returns an iterator.

When you loop over the iterator, we will automatically fetch more pages of results from our API. It's completely transparent. So no matter how many broken links we detect on your site, looping over the iterator returned by brokenLinks will handle them all.

Built on top of Saloon #

This way of handling pagination (with an iterator) is powered by Saloon, which is a wonderful package to build modern PHP SDKs. I really had a fun time developing our SDK because Saloon streamlines everything so well.

At the heart of a Saloon powered SDK is Connector. This is the class that has all of the basic information of how to connect to an API. Here's the OhDear connector from our package (redacted for brevity).

<?php

namespace OhDear\PhpSdk;

use Saloon\Http\Connector;
use Saloon\Http\Request;
use Saloon\Http\Response;
use Throwable;

class OhDear extends Connector implements HasPagination
{
    use AcceptsJson;
    use AlwaysThrowOnErrors;
   
    protected string $apiToken;

    protected string $baseUrl;

    protected int $timeoutInSeconds;

    public function __construct(
        string $apiToken,
        string $baseUrl = 'https://ohdear.app/api/',
        int $timeoutInSeconds = 10,
    ) {
        $this->apiToken = $apiToken;
        $this->baseUrl = rtrim($baseUrl, '/');
        $this->timeoutInSeconds = $timeoutInSeconds;
    }

    public function resolveBaseUrl(): string
    {
        return $this->baseUrl;
    }

    protected function defaultAuth(): TokenAuthenticator
    {
        return new TokenAuthenticator($this->apiToken);
    }

    protected function defaultHeaders(): array
    {
        return [
            'Accept' => 'application/json',
            'Content-Type' => 'application/json',
        ];
    }

    protected function defaultConfig(): array
    {
        return [
            'timeout' => $this->timeoutInSeconds,
        ];
    }

    // other methods
}

For each different API request, you can create a class that extends Saloon\Http\Request. In the class, you can define the URL that should be called, and the parameters it needs. Here's the GetMonitorRequest that is used to retrieve a single monitor.

<?php

namespace OhDear\PhpSdk\Requests\Monitors;

use OhDear\PhpSdk\Dto\Monitor;
use Saloon\Enums\Method;
use Saloon\Http\Request;
use Saloon\Http\Response;

class GetMonitorRequest extends Request
{
    protected Method $method = Method::GET;

    public function __construct(
        protected int $monitorId
    ) {}

    public function resolveEndpoint(): string
    {
        return "/monitors/{$this->monitorId}";
    }

    public function createDtoFromResponse(Response $response): Monitor
    {
        return Monitor::fromResponse($response->json());
    }
}

That Monitor object is a DTO class that will transform the array response from our API to a real PHP object, which is nicer to handle.

<?php

namespace OhDear\PhpSdk\Dto;

class Monitor
{
    public function __construct(
        public int $id,
        public ?int $teamId,
        public string $url,
        
        // other properties omitted for brevity
        
    ) {}

    public static function fromResponse(array $data): self
    {
        return new self(
            id: $data['id'],
            teamId: $data['team_id'],
            url: $data['url'],
            
            // other properties omitted for brevity
        );
    }
}

Using the connector and the request, you can get results from the API like this.

use OhDear\PhpSdk\Requests\Monitors\GetMonitorsRequest;

$request = new GetMonitorsRequest();

// raw response from the Oh Dear API
$response = $ohDear->send($request);

$monitor = $response->dto();

By using the connector/request this way, you have full control to customize requests as you see fit (you could for example use Saloon's concurrency functionality this way.)

Now, to make it easier for the package user, I've added methods to the connector class, that wrap up those requests, so it becomes easier to use.

// on the OhDear connector class

public function monitor(int $monitorId): Monitor
{
    $request = new GetMonitorRequest($monitorId);

    return $this->send($request)->dto();
}

With this in place, users can just get a monitor like this.

$monitor = $ohDear->monitor(1);

echo $monitor->url;

Easy peasy!

One thing that I'd like to highlight about Saloon, is its amazing testing facilities. Using the fixture recorder, you can easily test endpoints of the real SDK.

Here is the test of that endpoint to get a single monitor.

it('can get a single monitor', function () {
    MockClient::global([
        GetMonitorRequest::class => MockResponse::fixture('monitor'),
    ]);

    $monitor = $this->ohDear->monitor(82063);

    expect($monitor->url)->toBe('https://laravel.com');
});

In the code above you can see that we use Saloon's MockResponse::fixture function. This works a bit like snapshot testing. The first time you run this test, it will call the actual API and store its response in a file in the Fixtures directory of the test suite. The second time this test is run, it will not call the actual API anymore, but use the response saved in the Fixtures directory. And of course, this is a much faster test.

Notice that the test above mentioned the actual id of the created monitor. I don't mind that, because this is from our staging environment, which will be cleaned up by the time you read this. If you have sensitive values returned by your API, Saloon has got your back too as it can redact fixtures.

In closing #

When I decided to rebuild our SDK in a modern way, I dreaded it a bit, as it's always a bit of tedious work. But because of Saloon, I really enjoyed the process. After creating the base setup and a couple of requests, I also used AI to complete most of the endpoints. Because Saloon divides all concerns of an SDK so nicely, the AI didn't have any problems discovering the structure. Be sure to check out the source code our package, to learn more about Saloon can be used.

As a user of Oh Dear, I hope you'll enjoy using our new SDK. All the most important API methods are covered by our SDK. Missing a method? Feel free to open a PR, or just reach out to support and we'll add it!

Our notification system is quite powerful. We support many different channels (like email, Slack, Telegram, ... and a whole bunch more), and have fine-grained control over which events should trigger a notification.

Today, we've added notification logs. If you take a look at your configured team notifications, you'll now see a new counter that indicates how many notifications we've sent you per configuration.

In the little menu on the right, you can now choose "Show sent notifications"...

... that will show you all sent notifications that were sent to this configuration.

On the usage page, which we added a couple of weeks ago, we also list the total number of notifications we sent you across your account.

Behind the scenes, this feature is powered by ClickHouse, which is also used for storing all measured performance data we collect. Using ClickHouse will unlock more interesting features, which will be coming soon.

The new notification log feature was requested via the survey we recently sent to all our users. If you want to request a feature, feel free to fill in the survey as well.

In other words, SEO still matters, a lot. Additionally, it's never a bad idea to keep tabs your website's SEO performance. SEO monitoring helps you identify exactly what needs improvement so that your website can get the attention it deserves, without directly emptying your pockets and bidding your life's savings on a couple of keywords.

What is SEO monitoring? #

SEO monitoring refers to the continuous process of tracking website performance metrics that impact your SEO rankings, simple. It shows you the aspects of your website that could use improvement and what aspects are currently working well. You can gain further insights by comparing your metrics to competitor sites that are currently ranking for keywords you target.

Typically, SEO monitoring involves:

• Tracking keyword rankings
• Analyzing organic traffic patterns
• Evaluating technical SEO elements
• Monitoring backlink profiles
• Assessing page performance metrics
• Checking for crawlability and indexation issues

Why does SEO monitoring matter? #

Using SEO monitoring allows you to assign metrics to changes in your website’s rankings. That way, you can make continuous improvements backed by data as opposed to hoping something sticks. Identifying the most impactful improvements you can make allows you to zero in on what matters most. What gets measured, gets managed—you know what it is.

You can also use SEO monitoring to catch technical issues before they impact your rankings. Whether it’s an update to Google’s algorithm or a change in your CMS, monitoring SEO metrics allows you to make pre-emptive changes to keep your numbers up.

What are some key SEO metrics to keep an eye on? #

As with most things in marketing, there’s no shortage of metrics you can monitor. However, there are a few crucial metrics that you need to monitor. We’re going to group the most important metrics into categories so that you can more easily put your metrics to use based on the results you’re looking for.

Traffic Metrics

One of the main reasons to invest in SEO is to drive more traffic to your site. These are the three main metrics you should monitor when trying to increase your traffic:

• Organic Sessions: These are the number of people who visit your site through results on search engines.
• New versus Returning Visitors: Higher levels of return visitors signal to search engines that your site consistently provides visitors with value.
• Bounce Rate: This refers to how many people leave shortly after being directed to your site and signals to search engines that your site is not delivering the content users seek.

Engagement Metrics

You also want users to engage with your site, not just visit it. Here are likely the most important engagement metrics for SEO monitoring:

• Pages Per Session: You want users that find your site through organic searches to explore your other pages. The number of pages per session tells you how many they visit on average.
• Scroll Depth: Users who read an entire page provide you with more value making it an important engagement metric.
• Click-through Rate: Every page comes with an intention for an action from the user. The click-through rate tells you the percentage of people who take that action.

Technical SEO Metrics

For some sites, certain technical aspects can hold back your performance and therefore ranking, including:

• Page Load Speed: If your site suffers from performance issues and takes too long to load, users bounce from your site before they see your content.
• Mobile-friendliness: Nowadays, most people browse the internet on their phone or tablet, so your site needs to work just as well for them as desktop users. Crazy how we still need to talk about this.
• Crawl Errors: Google can’t rank your site if its bots can’t crawl through it. Look out for crawl errors, such as broken links, and fix them immediately. Getting on top of issues like these as quickly as possible is the name of the game here.

Content Performance Metrics

The most in-your-face SEO metrics are your content performance metrics, such as:

• Keyword rankings: Most people investing in SEO aim to improve their keyword ranking, but that comes from improving other SEO metrics.
• Featured snippets: Oftentimes overlooked, featured snippets can drive more traffic than a high-ranking page.
• Backlink quality and quantity: The number and quality of sites linking to your website help search engine’s assess the trustworthiness and authority of your site.

Can't have an article without a top 5 of something! #

We've talked at length about metrics, let's dive into some practicalities next. Martech vendors are kind of like a plague these days, so there's obviously no shortage of SEO tools around. These are the five most popular ones:

1. Google Search Console: Showing which queries bring users to your site, identifying indexing issues, and highlighting mobile usability problems makes Google Search Console the core of most monitoring strategies.
2. Google Analytics: It’s not specific for SEO, but Google Analytics provides tons of data that can help you monitor SEO metrics such as which channels drive traffic and the behavior flow of users.
3. Ahrefs: As one of the most expensive SEO monitoring tools, Ahrefs provides a premium monitoring service for just about any metric you could want.
4. SEMRush: For a budget-friendly alternative to Ahrefs, consider SEMRush. It’s another all-in-one tool, but it primarily focuses on content.
5. Screaming Frog: To identify technical SEO errors, use Screaming Frog. It crawls your site the same way Google does to find issues.

Don't forget about Google Lighthouse #

Now, one can’t discuss SEO monitoring without mentioning Google Lighthouse. They provide a pretty complete overview of your site’s performance and then assign it a grade for different categories. It covers everything from mobile-friendliness and content quality to performance and crawlability.

After completing the test, Google Lighthouse gives you actionable tips on how to improve your site. However, their recommendations are fairly technical, so you'll need at least a modicum of SEO expertise to implement their suggestions. It’s a free tool, though, which makes it accessible to anyone and is an overall pretty valuable asset to have.

SEO monitoring made even simpler with Oh Dear #

Running SEO tests across your site and recording your metrics takes a lot of time. Oh Dear simplifies the entire process by integrating Google Lighthouse into our full-fledged website monitoring suite. It automatically tracks key SEO metrics so you can monitor the impact of your SEO efforts as you build or expand your site.

Automatically running daily Google Lighthouse scans also notifies you of issues before they impact your rankings. Whether you accidentally loaded a full-scale image instead of a compressed one or a plugin you used suddenly updated, causing a hit to your site’s performance, you’ll be notified immediately thanks to Oh Dear’s daily scans. Neat!

Lighthouse monitoring is natively integrated with Oh Dear’s broader website monitoring suite so you can truly keep track of every little aspect of your website’s health and performance.

This post highlights the cause and the fix we've applied. There were several misleading metrics that caused this issue to last longer than we'd have expected that make for an interesting retrospective.

As is always the case when debugging: sometimes it's hard to distinguish cause from effect when looking at metrics.

The issue: slowdowns in application #

Without a seemingly clear cause, our website & API started to experience signifant slowdowns. There were no deployments, configuration or infrastructure changes at that time - in fact, the team was in the middle of our weekly standup/huddle at the time it started.

We monitor several different endpoints, the problem was only noticeable on authenticated endpoints or routes that actually touched our database - the PHP-only endpoints (such as naked API calls without authentication) showed stable performance.

What did our Zabbix monitor tell us? #

Internally, next to using Oh Dear to monitor Oh Dear, we also use an isolated open source system called Zabbix. This is our independent set of eyes on our infrastructure and looks at the internals, like CPU, memory & disk usage, as well as details on MySQL throughput, Redis usage, etc.

This is where we were thrown off-track.

Below we show our CPU load, CPU usage and MySQL throughput of our MySQL server.

Clearly, we had an issue: MySQL throughput (the top green line = SELECT's per second) fell off a cliff. CPU load and CPU time showed a noticeable, but in comparison to the SQL throughput difference - rather small, drop.

Our first train of thought was: the cause is on the application side, we're sending less SQL queries to our database server, so the cause is either;

• Slower-than-usual processing of PHP jobs (looking at: Horizon, PHP-FPM)
• Slower-than-usual network traffic between our main servers & MySQL (looking at: network throughput, firewalling, connection limits)
• Faulty hardware: a failing RAID setup, a failing memory bank, ...

None of these proved to be the cause, there were no anomalies and we could confirm & verify that we tried to process all requests at the same speed, but were being slowed down by MySQL queries.

Enter, CPU jumps #

Having excluded the most common suspects, we dived deeper and focussed the search entirely to MySQL itself. That's when this metric jumped out - pun intended.

On Linux, CPU jumps - typically referring to sudden spikes in context switches - can be caused by a variety of factors related to how the kernel schedules processes and handles interrupts.

Excessive I/O operations (disk or network), frequent system calls, or user-space programs making short-lived kernel interactions can force more context switches. Interrupts from hardware devices (IRQ) and soft interrupts (softirq), especially in high-throughput environments, further contribute to this, as they demand the CPU’s attention and force it to switch context from user processes to kernel handlers and back.

At first, this lead us back to the hardware side: rate limiting on the physical switch between the servers (causing time-waits on the network), faulty hardware, ... But these were all already excluded earlier.

MySQL queries impacting CPU jumps #

As we switched our own context back to MySQL itself, we noticed a single query taking ~1 second to execute. In and of itself not the biggest of issues (especially if they are one-offs), but these were recurring:

SELECT
	*
FROM
	`ping_endpoint_monitor_uptime_periods`
WHERE
	`started_at` <= '2025-07-23 15:29:01'
	AND `ended_at` >= '2025-07-23 15:29:01'
LIMIT
	1

Now for a bit of context: when we're performing our scheduled task monitoring, we receive incoming ping's to our ping.ohdear.app endpoint. This hits AWS, gets queued there, and we pick up the queue to process all incoming requests. AWS handles the peak load, we see a steady load of incoming messages via AWS SQS.

To avoid false alerts, we monitor this ping endpoint ourselves: besides all the usuals to monitor (like https, ping, tcp, ...) we also send a ping callback of our own every 4 seconds, and expect this to be processed and handled within the next 4 seconds. If that's not the case, we fire off some internal alerts and mark the ping endpoint as being down.

This way, we can keep the uptime of our ping endpoint in mind when processing and sending out alerts: if our ping endpoint was down, we shouldn't send a "Your scheduled task didn't run"-notification, it might have still run, but the pingback didn't receive us.

All that data is stored in in our ping_endpoint_monitor_uptime_periods table, with a simple structure:

CREATE TABLE `ping_endpoint_monitor_uptime_periods` (
	`id` bigint UNSIGNED NOT NULL AUTO_INCREMENT,
	`started_at` TIMESTAMP NULL DEFAULT NULL,
	`ended_at` TIMESTAMP NULL DEFAULT NULL,
	`created_at` TIMESTAMP NULL DEFAULT NULL,
	`updated_at` TIMESTAMP NULL DEFAULT NULL,
	PRIMARY KEY (`id`),
	KEY `started_ended_index` (`started_at`, `ended_at`),
) ENGINE = InnoDB AUTO_INCREMENT = 1 DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_unicode_ci

Over time, this table grew - we didn't prune it - and it looks like MySQL can be stressed when executing date queries on a large table, to the point where it exceeds a certain threshold and becomes incredibly inefficient at executing that same query.

There were no sudden increases in the table size, but it did contain 50k+ rows accumulated over time. By all accounts, it looks like we exceeded a certain size that either prevented the table from fitting in memory (unlikely, as it's still super small) or it forced a different query execution logic (possible, but hard to verify).

The result was: a massive jump in context switches as measured by CPU jumps and a very noticeable decrease in SQL throughput, all caused by queries that went from ~25ms in execution to jumping to > 1s. That longer query time didn't spike CPU usage (which you would expect), but spiked the context switches which slowed down all other CPU usage.

The fix #

In hindsight, the fix is easy: prune the table (we don't need records > 1 day old).

DELETE FROM `ohdear`.`ping_endpoint_monitor_uptime_periods`
WHERE
	(`started_at` < '2025-07-20 00:00:00')

What we didn't expect was the real cause to be so hidden by misleading metrics.

Avoiding this issue in the future #

Since this short-term fix, we've implemented daily pruning of the table to delete the old - unneeded - records.

In closing #

It can be very frustrating to see that a fix to a (for us at least) long period of performance issues can turn out to be so simple.

Like we mentioned at the top: when debugging, it can be hard to distinguish what is the cause of the problem vs. what is just a side effect of the problem.

I've never before experienced a MySQL server with lower CPU usage, lower CPU load and lower SQL throughput to be caused by a query. If anything, I'd assume the CPU usage and load to increase in such a scenario - which completely threw me off.

The fact that the problems appeared without clear human cause by us (a certain threshold in MySQL exceeded?) and that the initial metrics didn't make a lot of sense (slower SQL throughput, lower CPU usage on MySQL) lead us in the wrong direction first.

If you're using our API, here are the upgrade instructions.

Introducing Ping and TCP Port monitoring #

A few weeks ago, we sent a survey out to all our users asking what they like about Oh Dear, how they use it, and how we could improve our service. If you didn't get it, you can still fill out our survey. It only takes a couple of minutes.

Currently, we can monitor the uptime of any HTTP(s) site. In our survey, our users mentioned that they'd like to use Oh Dear to also monitor MySQL, email, Redis, or any other kind of server.

That's why we're working on adding ping and TCP monitoring. Instead of performing a simple GET request, Oh Dear will be able to send a Unix ping command to a server, and to open up a TCP port to any server you'd like, and send a command through it.

When adding a site to monitor to Oh Dear you will be able to select the type (we'll make this choice much prettier than a simple dropdown when we ship this feature).

We already have ping/TCP checks running in our staging environment. Here's how ping results look like.

Of course, we'll also record performance data, which will be shown on that page as well when scrolling down.

And here's an example of TCP results.

For TCP checks, we'll also record connection time and dislay a graph for those times.

Naming things is hard (why we are breaking our API) #

Since Oh Dear started, we always had the concept of a "Site" you're monitoring. But the name "Site" is really weird when you change the checking type to ping or TCP. For example, when checking the uptime of a port of a server, you're not really checking a "Site".

That's why we made the hard choice of renaming the "Site" concept in Oh Dear to "Monitor". A monitor will have a type:

• HTTP: for checking websites
• Ping: for checking websites and servers via Ping
• TCP: for checking the connectivity of a port

Here's a screenshot from our staging environment, where we run a "Monitor" for each type. Notice that in the main navigation, we don't have "Sites" anymore, but "Monitors".

Across our UI, notifications and docs, we'll change the language so we'll talk about "Monitors", instead of "Sites". We're also busy with updating our entire codebase. Internally our Site model is renamed to Monitor, together with all relationships, foreign keys, views, controllers... Together with the technical rename, we'll also pay off other technical debt that was accrued over the years.

This will also affect our API. At Oh Dear, we value backwards compatibility. In the eight years that we've been in operation, we've never made a breaking change to our API. We also considered keeping a v1 of our API, but we decided against it because the maintenance burden would be too big.

We'll help prepare you #

On Tuesday 26st August, we'll be making breaking changes to our API. The "sites" endpoints will be renamed to the "monitors" endpoint. We also rename and regroup some of the attributes.

To help you through these changes, we'll publish a page with instructions on how to update to the new API. We will also update our PHP SDK package and related packages. We'll also send you a dedicated mail with a reminder an upgrade instructions.

More features are coming #

Ping/TCP isn't the only new feature we have planned. Our uptime check runs once per minute by default. For most people this is fine, but a lot of users have asked for the ability to specify the frequency of checking. So we'll be adding that.

We also have other exciting things on the table, but it's a bit too early to talk about those. Should you have any suggestions on how to improve Oh Dear, do let us know by filling in our survey.

We'll close off this post by highlighting some of the features that were requested through our survey:

• People with a big number of sites in their team reported that the site list screen is slow. We made it faster, and are still optimizing stuff.
• There's a new usage screen that shows your usage against your current plan
• Maintenance periods can now have a name
• We can now send notifications via Google Chat
• The certificate health check has a new "Detected Certificates" tab showing the history of certificates we detected for a site.
• A graph was added to the lighthouse result history
• Our blog layout was simplified.
• We made it more clear across our UI which things are clickable, by adding the cursor-pointer CSS class to those elements
• You can now manage monthly reports with our API
• Alert snoozing now has full history
• A new login method was added: passkeys
• Our broken links check has a new "Troubleshooting" tab, showing you tips to fix broken links.
• We merged our uptime and performance check

That being said, here's a quick overview of our currently accepted payment methods.

Worldwide available options #

We accept all major credit and debit cards, including:

• Visa
• Mastercard
• American Express
• Other major international cards

European payment methods #

If you're paying in euros, additional regional payment options are available:

• SEPA Direct Debit
• Sofort
• iDEAL
• Bancontact
• Revolut Pay

For Laravel applications, this is incredibly easy to set up using the spatie/laravel-health package, which can automatically check your composer dependencies against known vulnerabilities. I wrote a detailed guide on my personal blog about protecting your Laravel app against critical vulnerabilities that walks through the entire setup process. Don't wait for the next zero-day - start monitoring your application's health today.

For agencies, development teams and platforms who are responsible for loads of websites, having to repeat the same configuration over and over is not only inefficient but also more prone to errors. That’s where this blog post comes in handy.

While Oh Dear doesn’t offer templates via the UI (yet) you can achieve pretty powerful templating patterns using tags, notification channels and the API.

Here’s how you can achieve this:

1. Build a Template Site #

Start by creating a site in Oh Dear that contains all your default settings. You can do this via the API but it's probably worth doing this via the UI and seeing what's available. Everything you can do in the UI you can do via the API.

For example, by default you might want to:

• Uptime and performance checks enabled
• SSL certificate check enabled with a 30-day expiry threshold
• Broken link crawler active

Save the site and tag it with template and anything else you might want to identify it with if you have multiple types of sites to share config.

For example, you might have template:marketing, template:app and template:internal.

2. Create Notification Channels #

Before we get too far into the API, let's consider how we want notification channels to work. We have multiple blog posts on this topic, so we won't go into too much detail here but tag-level notifications are great, extendible way to route client alerts and team-level tags are great for keeping your dev team informed across every site.

This decouples notification logic from individual sites and makes future updates super easy!

3. Use the API to Clone from Template #

When onboarding a new client site, skip the UI. Use the API to:

• Fetch your template site
• Copy over settings (checks, thresholds, tags, notifications)
• Apply any client-specific overrides (tags, server location, client report delivery address, etc.)

This ensures consistency without requiring manual duplication. Let's get stuck in:

const response = await fetch('https://ohdear.app/api/sites', {
	headers: {
		'Authorization': 'Bearer ' + process.env.OH_DEAR_API_KEY,
		'Content-Type': 'application/json'
	}
});

const sites = await response.json();

const templateSite = sites.data.find(site => site.tags.includes('template:marketing'));


const keysToRemove = [
	'id', 'team_id', 'url', 'label', 'checks',
];

// Remove keys that we don't want to copy over
const rawData = Object.fromEntries(

  
Object.entries(templateSite).filter(([key]) => !keysToRemove.includes(key))
);

// Get the check types that are enabled for the template site
const templateCheckTypes = templateSite.checks.filter(check => check.enabled).map(check => check.type);

// Check settings are found under each check instance in the response
// Here's a way to go through each check and pluck the settings and merge them into a single object
const checkSettings = templateSite.checks.map(check => check.settings).reduce((acc, obj) => ({ ...acc, ...obj }), {});

// Build the new site payload
const urls = [
"https://example.com/from-template-1",
"https://example.com/from-template-2",
"https://example.com/from-template-3",
]

  

for (const url of urls) {

const data = {
	"url": url,
	"team_id": templateSite.team_id,
	...rawData,
	...checkSettings,
	checks: templateCheckTypes
}

  

const created = await fetch('https://ohdear.app/api/sites', {
	method: 'POST',
	headers: {
		'Authorization': 'Bearer ' + process.env.OH_DEAR_API_KEY,
		'Content-Type': 'application/json'
	},
	body: JSON.stringify(data)
})

Wrap this up into a function and you've got yourself a nice little script to clone a template site. Alternatively, you could store a local JSON object with all the default site settings and use the add-a-site-with-custom-settings end point directly. On one hand this allow your non-tech team members to update the template site in Oh Dear but at the same time keeping the entire payload in a file means you can keep it in version control and share it with your team.

4. Mass Update All Sites via the API #

Need to roll out a new policy across all sites (e.g. enable certificate checking with a new threshold)?

Use the API to:

• Fetch all sites (optionally filter by tag, URL, internal notes etc)
• Update only the checks you care about
• Apply the new certificate expiration threshold across the board

This is especially helpful if you're enforcing compliance or want to roll out new monitoring best practices without point and click effort.

const response = await fetch('https://ohdear.app/api/sites', {
	headers: {
		'Authorization': 'Bearer ' + process.env.OH_DEAR_API_KEY,
		'Content-Type': 'application/json'
	}
});

const sites = await response.json();

for (const site of sites.data){

const checks = site.checks
	.filter(check => check.enabled)
	.map(check => check.type)
	.concat([ 
		"certificate_health", // enable certificate health check in all environments
		site.tags.includes('env:production') ? "lighthouse" : null // enable lighthouse check for production sites
])
.filter(Boolean);

const update = await fetch('https://ohdear.app/api/sites/' + site.id, {
	method: 'PUT',
	headers: {
		'Authorization': 'Bearer ' + process.env.OH_DEAR_API_KEY,
		'Content-Type': 'application/json'
	},
	
	body: JSON.stringify({
		"checks": checks,
		// check settings
		"certificate_health_check_expires_soon_threshold_in_days": 10,
		"lighthouse_check_continent": "europe",
		"lighthouse_cpu_slowdown_modifier": 0
	})
});
	
	console.log({
		site: site.id,
		url: site.url,
		status: update.status,
	});
}

Hopefully, this can help you get started with templating in Oh Dear. If you have any questions or feedback, please let us know.

Here's what that looks like:

Our Google Chat notifications include:

• Visual status indicators with emojis (✅ for success, ⚠️ for warnings, ❌ for errors)
• Clear, concise messaging that tells you exactly what happened
• Quick action buttons to view full reports and investigate issues
• Consistent formatting that matches the severity of each alert type

You can read more on how to set up Google Chat notifications in our docs.

Of course, we also offer numerous other channels to notify you when something is wrong with your site.

github.com/ohdearapp/oh-dear-api-examples

How it works

Installation in under a minute just following the README.md or:

git clone https://github.com/ohdearapp/oh-dear-api-examples.git
cd oh-dear-api-examples
cp .env.example .env
npm install

Just clone → npm install → start interacting with your account. This repository is a cookbook not a full SDK. It was created in JavaScript as it's easy to use, reference and port to another language. Copy a function, tweak it, add it to your workflows as needed. 💪

You will find a few different files

• ./examples.js: composable functions (create_site_from_existing, sync_status_pages_with_tagged_sites, generateReportSnapshot, …) you can import or run directly
• report.js: exposes a generateReportSnapshot function that returns a full site report for the month (up to the current day) - useful when recreating Oh Dear's monthly PDF reports
• cache/: responses are persisted locally so repeated runs are fast and you can inspect the raw JSON response when debugging
• ohdear.js: a thin wrapper around fetch to interact with the API
• .env: add you Oh Dear API key here (OH_DEAR_API_KEY=…)

Let us know if you have any other use-cases, problems or automation suggestions. This could either be a product/service update or an addition to this repo. Just let us know!

Did you know?

We have several options to automate Oh Dear further;

• We have an official Php SDK
• There's an Oh Dear CLI command
• And more 3rd party integrations

Need more?

Leave an issue in the repo or contact support for suggestions or more information. We look forward to helping you navigate real world use cases when using Oh Dear API to manage you team and client monitoring.

Oh Dear’s status pages are more than just a pretty uptime dashboard. They’re fully API-driven and designed to scale with your workflow. Whether you manage five client sites or five hundred, you can create, update and sync status pages as needed.

Before we get into it, you can find everything there's to know about our status pages in the documentation.

Creating status pages via the API #

You can programmatically spin up a status page using the Oh Dear API. This includes:

• Name and title
• Sites components to show
• Create a status update

This is perfect for automating client onboarding from your CRM - provision their site, then create a branded status page as part of the same flow.

Let's create a status page for all of our client sites.

const response = await fetch('https://ohdear.app/api/status-pages', {
    headers: {
        'Authorization': `Bearer ${process.env.OHDEAR_API_KEY}`,
        'Content-Type': 'application/json'
    },
    method: 'POST',
    body: JSON.stringify({
        "team_id": 1,
        "title": "Clients",
        "sites": []
    })
});

const data = await response.json();

const statusPageId = data.id;

Syncing sites according to their tags #

Once the page is created, use the API to attach monitored sites to it. To keep status pages in sync with your infrastructure, you can pull all sites matching tag and attach them to the relevant status page.

In this example we will sync sites tagged with env:production and client:*. This way, new sites added to your system are reflected in public reporting without extra effort. Add this in as a hook to your CRM or on a schedule.

Tip: you can monitor the scheduled task using Oh Dear's cron job monitoring service.

Let's see how we can do this:

// get the status page using the id from the previous step or find it by your custom domain:

const statusPages = await (await get('status-pages')).json();

const statusPage = statusPages.data.find(page => page.domain === 'status.your-site.com');

const sites = await (await get('sites')).json();

const sitesToSync = sites.data.filter(site => site.tags.includes('env:production') && site.tags.includes('client:*'));

const response = await post(`https://ohdear.app/api/status-pages/${statusPage.id}/sites`, {
        "sync": true,
        "sites": sitesToSync.map(site => ({
            "id": site.id,
            "clickable": true
        }))
    })

console.log(response.status);

You should see a 200 response and all sites synced to the status page. You can also switch off the sync by setting "sync": false which turns this endpoint into a append-only operation.

Status page sites are automatically grouped by the 'group name' in your site settings. Note: tags are not visible to the public.

Creating reusable status page templates #

If you manage multiple clients with similar needs, you can define a status page template from the UI or API. This gives you the option to set a default title, text and/or severity with a label for quick selection.

Even though we are using the API one of the biggest benefits of status page templates is the ability to give non-technical team members access to pre-prepared messages to the public. No more back and forth with the team to get a message approved.

Let's see how we can create a new template. You might use this to control the list of messages from your CRM.

const response = await post('https://ohdear.app/api/status-page-update-templates', {
    "team_id": 1,
    "name": "Major issue template",
    "title": "Major issue",
    "text": "We are currently experiencing a major issue. Please check back later.",
    "severity": "major"
})

You might want to make the template more useful by providing more details about the issue. You can view some example templates we have prepared here: https://ohdear.app/news-and-updates/new-feature-status-page-update-templates

Setting up recurring maintenance periods #

Using the API, you can schedule a maintenance window and set the status page’s current status at the same time. This is ideal when deploying updates or rolling out infrastructure changes.

We recommend:

1. Triggering the maintenance state just before deployment starts (if you are zero downtime it might be worth doing this for larger code changes, migrations and performance-impacting work)
2. Updating the status to "Maintenance scheduled"
3. Redirecting traffic to the status page during the window if there's downtime involved

This improves transparency and helps set expectations regarding performance while you focus on the work.

We frequently get asked about recurring maintenance periods. We don't support it directly in the application as it can be confusing to manage - sometimes it's not obvious why your notifications have been supressed. This is especially important when a maintenance window is cancelled internally but Oh Dear is not aware - potentially causing some alerts to be silenced.

However, the API allow you to set a time in advance and duration for the maintenance window., This way you can schedule as many maintenance windows as you want in preparation scheduled releases. Similarly, status page updates can also be set in advance so you can co-ordinate your alert maintenance windows and public status updates.

Let's see how we can do this:

const response = await post('https://ohdear.app/api/maintenance-periods', {
    "site_id": 1,
    "start_at": "2025-01-01 09:00",
    "end_at": "2025-01-01 10:00",
});

const response = await post('https://ohdear.app/api/status-page-updates', {
    "status_page_id": 1,
    "title": "Scheduled maintenance",
    "text": "We are working on it. Please check back later.",
    "severity": "maintenance",
    "time": "2025-01-01 09:00",
    "pinned": false
});

Now everything is nicely syncronized. Set up as many as you need in advance, trigger it via a cron job or by deployment or via your internal tools - your status page and alerts is only an API call away.

You can automate everything #

By integrating status page management into your deployment pipeline and client onboarding you give your customers a better experience without extra overhead. And with Oh Dear’s flexible API you're always in control of what gets shared, and when.

The API works across your account (assuming you have scoped the API key appropriately) so you can easily transfer sites, status pages, message templates and notifications between teams.

Let us know what you would like to see in the API to make managing sites as easy as using the UI.

Why URL validation matters

By default, our uptime checks follow redirects and consider the site to be "up" as long as a 200 OK response is reached, regardless of what the final URL is.

But for some workflows, infrastructure setups or security models, ensuring the final destination matches a specific URL is critical. For example:

• You expect all traffic from https://example.com to land on https://www.example.com
• You're routing through CDNs, reverse proxies or edge workers and want to verify the correct endpoint is reached
• You're enforcing domain-level canonicalization

Introducing the expected_final_redirect_url setting

Oh Dear has been able to verify the maximum number of redirects allowed before marking the site as "down".

But with the new expected_final_redirect_url setting we will now inspect the full redirect chain during each uptime check. If the final URL doesn’t exactly match what you’ve configured, the site will be marked as down.

"expected_final_redirect_url": "https://www.example.com"

If the final resolved URL is anything other than https://www.example.com the check fails.

How it works

You can configure this setting in the dashboard under your site's uptime check settings or via the API.

PUT /api/sites/{site_id}

{
  "uptime_check_redirect_url": "https://www.example.com"
}

What Happens If It Doesn't Match?

If the resolved URL doesn't match the configured redirect_url exactly:

• The site will be marked 'down'
• The status page (if used) will reflect the downtime
• Your configured notifications will be triggered just like with any other failure

What's next?

👉 Have questions or ideas for other advanced uptime rules? Reach out to us via support as we’d love to hear them.

Happy monitoring!

For context, SURF's primary goal is to strengthen the Dutch education and research sector by collaborating on digital services, innovation, and knowledge sharing in ICT. In practice, they are a member organization that provides solutions, knowledge, and expertise in areas such as security, public values, access management, storage, and connectivity. For its members, SURF functions as an association, service provider, and innovation hub, negotiating contracts with suppliers on behalf of its members. Basically, the aim is to provide members with good deals and proper expertise under clear conditions—both in line with (inter)national laws and regulations and shared public values.

“The fact that a large-scale member organization like SURF now offers Oh Dear to its members is a very nice confirmation for us that we have been able to build a reliable and quality product,” says our co-founder Mattias. “Even though we're small potatoes, we're proud that with Oh Dear, we're supporting the educational landscape and digital learning environments in the Netherlands.”

More than 100 institutions are affiliated with the SURF cooperative, including all Dutch universities, colleges, medical centers, vocational schools (MBO), as well as research institutions like the Dutch Research Council (NWO) and the Royal Library (KB).

“I also love how conscious and diligent people have become when they're looking for a specific tool,” adds our other co-founder, Freek. “The biggest ballers are not always first-choice anymore. Some people even deliberately avoid the large tech companies from the US and instead opt for a fully EU-based solution. Buy local, as they say!”

Speaking of being EU-based, Oh Dear was recently recommended on European Alternatives, a database of alternative solutions to well-known software and tools. This didn't happen overnight, as Oh Dear underwent a pretty thorough assessment in terms of privacy and security.

With SURF’s trust, our boys Freek and Mattias are optimistic about the future. “Partnerships like these give Oh Dear a lot of credibility and confirm that we certainly don’t have to fall short compared to our biggest competitors,” they say.

If, by some miracle, you landed on this page without any context whatsoever, Oh Dear is an all-in-one website monitoring tool. It's a complete solution for uptime, domain, and performance monitoring, with built-in status pages and extensive notification settings. With a focus on transparency, ease of use, and reliability, Oh Dear serves customers worldwide—from sole proprietors to government agencies and large agencies. We can handle anything you throw at us, and we're still working on improving our services on the daily!

What is static analysis and why it matters #

Static analysis tools like PHPStan analyze your codebase to find errors that might slip through testing. They check for type mismatches, undefined methods, incorrect return types, and more. While PHP has become more type-safe over the years, static analysis adds an extra layer of confidence, especially in large codebases where manual review becomes impractical.

A bit of history #

When we launched Oh Dear almost 8 years ago, we were using the cutting-edge tools of the time: PHP 7, Laravel 5, and the first version of Laravel Spark. Over the years, we've diligently kept our stack modern, upgrading annually to run on the latest versions. Our extensive test suite (over 2,000 tests) has been crucial in making these upgrades smooth and ensuring everything continues to work correctly.

Despite our commitment to code quality, there was one area I'd been putting off: static analysis.

At Spatie, where I also work, static analysis has been a standard practice for years. Starting new projects with PHPStan from day one is straightforward. But Oh Dear was different - it's a mature application with many many classes. The thought of retrofitting static analysis into such a large existing codebase felt overwhelming. I didn't want to just suppress all the errors in a baseline file; I wanted to fix them properly. But finding the time for such a massive undertaking seemed impossible.

Recently, I finally decided to tackle this technical debt. I started with PHPStan at level 1, methodically fixing every issue before moving to the next level. Now I'm working through level 6, where PHPStan becomes particularly strict about type definitions. The most common issues at this level involve missing or incomplete type hints - and that's where today's story begins.

Adding typehints to Laravel form requests #

Before diving into the problem, let me briefly explain Laravel's FormRequest objects. In Laravel, FormRequests are classes that encapsulate validation logic for HTTP requests. They keep your controllers clean by moving validation rules to dedicated classes.

Oh Dear has grown into a substantial application with over 100 web and API endpoints, each with its own FormRequest object. Here's a typical example:

namespace App\Http\Api\Requests;

use App\Domain\Site\Rules\SiteIdRule;
use App\Domain\Team\Rules\TeamMemberRule;
use Illuminate\Foundation\Http\FormRequest;

class StoreStatusPageRequest extends FormRequest
{
    public function rules(): array
    {
        return [
            'team_id' => ['required', new TeamMemberRule(currentUser())],
            'title' => ['required', 'string', 'max:255'],
            'sites' => ['required', 'array'],
            'sites.*.id' => ['required', new SiteIdRule(currentUser())],
            'sites.*.clickable' => ['bool'],
        ];
    }
}

This looks clean and works perfectly. But when PHPStan examines it at level 6, it's not satisfied:

 ------ --------------------------------------------------------------------------------------- 
  Line   StoreStatusPageRequest.php                                                             
 ------ --------------------------------------------------------------------------------------- 
  16     Method App\Http\Api\Requests\StoreStatusPageRequest::rules() return type has no value  
         type specified in iterable type array.                                                 
         🪪 missingType.iterableValue                                                           
         💡 See:                                                                                
            https://phpstan.org/blog/solving-phpstan-no-value-type-specified-in-iterable-type   
 ------ ---------------------------------------------------------------------------------------

PHPStan wants to know what's inside the array. Let's start with a simple fix:

// ...

/** @return array<string, array<string>> */
public function rules(): array
{
    // ...
}

This tells PHPStan we're returning an array with string keys and arrays of strings as values. But now we get a different error:

 ------ ------------------------------------------------------------------------------------------
  Line   StoreStatusPageRequest.php
 ------ ------------------------------------------------------------------------------------------
  19     Method App\Http\Api\Requests\StoreStatusPageRequest::rules() should return array<string,
         array<string>> but returns array<string,
         list<App\Domain\Site\Rules\SiteIdRule|App\Domain\Team\Rules\TeamMemberRule|string>>.
         🪪 return.type
 ------ ------------------------------------------------------------------------------------------

PHPStan has analyzed our actual return value and found that we're not just returning strings - we're also returning custom rule objects. Let's be more specific:

/** @return array<string, array<\Illuminate\Contracts\Validation\ValidationRule|string>> */
public function rules(): array
{
    // ...
}

Since both SiteIdRule and TeamMemberRule implement Laravel's ValidationRule interface, this type hint is more accurate and flexible. PHPStan is now satisfied:

 [OK] No errors

But wait - Laravel's validation system is even more flexible than this. Rules don't always need to be wrapped in arrays, and there are multiple validation contracts. Here's the complete type hint that covers all possibilities:

/** @return array<string, array<\Illuminate\Contracts\Validation\Rule|\Illuminate\Contracts\Validation\ValidationRule|string>|string> */
public function rules(): array
{
    // ...
}

This type hint is accurate but... it's quite a mouthful, isn't it?

Type aliases to the rescue #

Imagine copying that lengthy type hint to over 100 FormRequest classes. Not only would it be tedious, but it would also create a maintenance nightmare. What if Laravel adds a new validation contract? We'd need to update every single docblock.

Fortunately, PHPStan offers an elegant solution: type aliases. These allow you to define complex types once and reference them by a simple name throughout your codebase.

In your phpstan.neon configuration file, you can define a type alias like this:

parameters:
    level: 6
    
    typeAliases:
        ValidationRules: 'array<string, array<\Illuminate\Contracts\Validation\Rule|\Illuminate\Contracts\Validation\ValidationRule|string>|string>'

Now, instead of that complex type hint, you can simply use:

/** @return ValidationRules */
public function rules(): array
{
    // ...
}

In closing #

Adding static analysis to a large existing codebase can feel daunting, but it doesn't have to be an all-or-nothing endeavor. By starting at level 1 and gradually working your way up, you can improve your code quality incrementally. In our case, implementing PHPStan has already helped us catch several subtle bugs that our tests missed.

Type aliases, in particular, have made the process much more manageable. What could have been a tedious copy-paste exercise across 100+ files became a simple, maintainable solution. The readable type hints also serve as inline documentation, making our codebase more approachable for new team members.

Oh Dear is an all-in-one monitoring service that gives you a unified dashboard for uptime checks, performance monitoring, broken link detection, SSL and domain expiry alerts, scheduled task validation and more. But beyond just running checks Oh Dear also gives you powerful tools for organizing and automating how you manage your client sites at scale.

Here are 5 practical ways to make that happen.

1. Use Tags to Organize and Notify #

When you're managing a fleet of sites, grouping them by client, environment, region or team is essential. Oh Dear lets you apply tags in any format but we suggest something like:

• client:spatie
• env:production
• infra:cloudflare
• region:eu-west-1
• project:rebrand

You are probably already aware that you can route notifications to tags or groups of tags. Once your tags are set up, you can configure tag group notifications. This means when something goes wrong on any site tagged with env:production + client:* for example, you can notify a VIP Slack channel or OpsGenie team automatically - no manual routing needed while env:staging + internal can go to the email inbox that no one reads.

Tags also make onboarding easy. New production application for a client? Just tag it accordingly client:spatie and all the right checks and notifications apply.

2. Find Sites by Tag via Global Search #

Tags aren't just for routing notifications - they’re fully searchable. Open the global search menu in Oh Dear and type any tag (like region:eu-west-1 or team:seo) to instantly filter your sites.

This is especially handy for large accounts where you need to quickly check in on just the production sites in Europe or just the ones belonging to a specific customer.

3. Trigger Health Checks on Deployment via the API #

Oh Dear provides an API endpoint to trigger checks manually, which is perfect for CI/CD workflows.

This ensures you catch issues before the client does, and keeps your deployment pipeline tightly integrated with live monitoring. Here's an article explaining how you can run a new broken links check on-demand: https://ohdear.app/news-and-updates/trigger-an-on-demand-uptime-broken-links-check-after-a-deploy

But you can also apply the same principles to all of our other checks. My favourites are:

• Lighthouse
• Sitemap

const OHDEAR_TOKEN = 'your API token';

// you can find this via the /sites/{id} endpoint
// or from the check settings in the app
const checkId = 1; 

fetch('https://ohdear.app/api/checks/1/request-run', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${OHDEAR_TOKEN}`,
    'Accept': 'application/json',
    'Content-Type': 'application/json'
  }
})
  .then(res => {
    if (!res.ok) throw new Error(`HTTP ${res.status}: ${res.statusText}`);
    return res.json();
  })
  .then(data => console.log('Check run requested:', data))
  .catch(err => console.error('Error triggering check:', err));

Our uptime checks and application health checks run every minute - so that's two extra things we don't have to worry about.

You could also add a maintenance window if you don't have zero-downtime deployments or you are expecting some temporary latency after go-live. Read more here: https://ohdear.app/docs/features/how-to-configure-maintenance-windows

4. Automate Site Creation Using Templates #

When spinning up new client sites speed and consistency is key. Rather than configuring everything from scratch, you can:

• Assign one of your sites as a template site using tag: template with your base checks, tags and settings.
• Use the API to clone that site when onboarding a new client.
• We support all site settings from our API so you can customize the new site as needed (e.g. domain name, team assignments) at the same time.
• Add the site to an internal status page and client-facing status page both with custom domains. (Yes you can have as many status pages, custom domains and sites as you need. Included in every plan!)

This approach saves time, ensures consistency across all clients and reduces configuration drift.

5. Control Access with Fine-Grained Permissions #

Not every stakeholder needs to see everything. Oh Dear lets you invite clients or teammates with scoped access:

• Give dev teams access to performance and scheduled task checks.
• Let clients see uptime and SSL status only.
• Prevent accidental edits to monitoring settings.

This keeps your workspace clean and secure while still being transparent with stakeholders.

You can also add clients to the monthly site reports so they will automatically be up to date. We run reports on the first day of every month.

Tip: client email address can be added to the monthly site report via sites API.

Bonus: Add Site Status Badges #

Want to show the latest status on your client sites? Oh Dear provides a site badge you can embed showing current uptime status.

// https://ohdear.app/api/sites/{id}

{
   ...
   "badge_id": "01jeb77smcek1f4dxys08vect5",
   ...
}

Then update your content with:

<img src="https://ohdear.app/badges/site/{badge_id}/uptime/normal" alt="uptime status badge" />

It's a small touch that builds trust with clients and surfaces real-time updates to visitors.

What's Next? #

In the next few blog posts, we'll dive deeper into each of these tips with hands-on code examples using the Oh Dear API, tips for setting up automation and ideas for streamlining your agency workflows even further.

Stay tuned!

In this blogpost, I’d like to give an overview of the changes and some background why we changed some things.

A bit of history #

When Oh Dear was initially built, we only had a handful of checks: uptime, certificate health, and broken links.

Over time we added more checks: DNS, application health, sitemap, and a couple more. One of the checks we introduced after launch was the performance check. It displays a graph that shows the response times of your site. For each minute it has a data point.

Under the hood the performance check is powered by the uptime check. Each time we ping your site to verify it is online, we collect response time data for the performance check. That's why for the performance check to work, you had to have the uptime check enabled.

Because the vast majority of our users have both the uptime and the performance check enabled for their sites, and both of these checks are technically so intertwined, we decided to merge them together.

Let’s take a look at new uptime check #

In our UI, you'll only see the uptime check, but the new results page now also includes the performance graph. Here's how that new page looks like.

We also improved what you see when the site is down. The alert is now much more clear, and you can take certain actions right from the alert: request a new run of the check, view your site. You can even post an update directly to the status page that contains your site.

Behind the scenes, we performed an additional technical upgrade. Instead of storing the performance data in our local MySQL database, it now gets saved in a ClickHouse database. This is a database specialized in working with time-based data. This unlocks future improvements we have in mind.

In closing #

We do hope that you like our new uptime check. Should you have any remarks, questions or feature requests, let us know!

This report can also be emailed to any email address - not just team members - perfect for keeping your customers informed.

Managing reports via API #

Up until now you could enable this feature from the 'Monthly reports' menu within your site details dashboard where you can also find the history but you could not update these settings from the API.

We have been adding more and more support to our API recently including snoozing individual scheduled task and application health items, managing status pages, viewing sitemap reports as well as exposing all check settings.

We have now made it possible to create and update sites with send_report_to_emails and include_check_types_in_report parameters in the payload to control who receives an email and what appears on the report.

Here's an example where i'm updating your_site_id with just the new monthly report parameters

POST https://ohdear.app/api/sites/{your_site_id}

Payload

{
	"send_report_to_emails": [
		"sean@ohdear.app",
		"mattias@ohdear.app",
		"freek@ohdear.app"
	],
	"include_check_types_in_report": [
	  "uptime",
      "performance",
      "broken_links",
      "mixed_content",
      "lighthouse",
      "cron",
      "application_health",
      "sitemap",
      "dns",
      "domain",
      "certificate_health",
      "certificate_transparency"
	]
}

What's next? #

Have you got any feature requests or anything you would like to see in the API that we haven't covered yet?

Leading causes of website downtime #

Before we jump into ways of preventing website downtime, let’s first cover the leading causes of website downtime. If you can diagnose the cause of the downtime, you’ll be in a much better spot to prevent it from happening again. You don't want the perpetual Whac-a-Mole. So, here are the eight leading causes of website downtime:

• Server issues: Whether you run your own website servers or pay for third-party hosting, hardware or software issues with your website’s servers can cause your site to go down.
• Overwhelmed resources: A sudden spike in traffic to your website can cause your servers to become overwhelmed preventing additional traffic from accessing your site.
• Expired SSL certificates: Although this doesn’t cause your website to go down, an expired SSL certificate should be treated the same. Most users will navigate away from your site if they receive a warning saying your site is insecure which occurs with an expired SSL certificate.
• DNS configuration issues: Your DNS needs to be configured correctly so that users are directed to your site when they navigate to your site’s URL. A DNS issue prevents people from accessing your site through your domain name.
• Software conflicts: Most sites use software to handle the backend of their website. Any errors with the software, which can occur after an update or due to conflicts between multiple software running different parts of a site’s backend, can cause your site to go down.
• Cyberattacks: Malicious actors can bring your website down with cyberattacks such as DDoS attacks which artificially overwhelm your hosting infrastructure.
• Human error: Mistakes happen more often than we think. Thankfully, if it was human error that took down your website, it usually means you can get it back up by reverting the action that caused the downtime.
• Maintenance gone awry: During scheduled maintenance, things can go wrong that cause the downtime to extend beyond the planned maintenance time.

10 ways to help you to prevent website downtime #

So, how do you prevent those eight leading causes of website downtime from occurring? We’re going to cover the 10 most effective strategies to prevent website downtime and minimize its impact.

Implement global uptime monitoring

To prevent website downtime, you first need to know when it happens. That can help you identify issues causing your website to go down. It also allows you to take immediate action to bring your site back up when it goes down.

Monitor your SSL certificates

Like we mentioned, issues with your SSL certificate won’t cause website downtime, but it does divert traffic. When issues with your SSL certificate exist, anyone navigating to your website will be greeted with a big warning from their browser saying your site is not secure. Most people do not choose to proceed to your site after that warning. SSL certificate monitoring ensures you’re the first person to know about any issues with your certificate so you can fix it before they impact your users.

Set up performance Monitoring

Pages that load slowly can have just as big of an impact as a page being down. When a page takes over three seconds to load, nearly half of users will leave your site. Performance monitoring keeps an eye on how long it takes your site to load and tells you what’s bogging down your load times. That gives you the information you need to make your site faster.

Implement DNS monitoring

Internal tests can easily miss DNS errors. Afterall, an issue with your DNS won’t prevent your server from sending data to a test environment. But, it does prevent your users from accessing your website. You need your DNS configured correctly to ensure your users can access your site through your domain name. DNS monitoring checks your configuration, ensures users can access your domain, and tells you where the error exists if there is an issue with your DNS records.

Schedule regular backups

Downtime is not 100% avoidable. There will be errors that happen whether they’re human errors, an issue with your hosting servers, or a software issue. Scheduling regular backups allows you to rollback your changes at any time while minimizing progress loss. This can immediately bring your website back up if you run into software issues or a human error that takes down your site.

Implement load balancing

Without load balancing, a single server becoming overwhelmed can prevent some users from accessing your website. Load balancing spreads out the traffic to your website between multiple servers preventing any one server from becoming overwhelmed. This makes your website more scalable as you can add more servers to accommodate increases in traffic.

Monitor scheduled tasks

Whether its database or server maintenance, keep track of scheduled tasks and monitor their progress. These tasks can fail and if not monitored, can cause cascading effects that create downtime for your website.

Check for mixed content

Mixed content doesn't cause downtime, but it does create a poor user experience. Browsers can identify mixed content and then send users a security warning just like with SSL certificate issues. Monitoring for this type of content tells you what pages it affects so that you can fix it.

Set Up application health monitoring

Most modern websites use various applications to run all the aspects of their site. These applications need to work in tandem for every part of your site to work. Application health monitoring notifies you of issues within an application and with the integration of each application so that it can work cohesively.

Create and maintain a status page

When downtime occurs, communication is critical. You want your users to know that your website will be coming back up and, if you can, give them a timeframe of when they can expect your site to be back up. So, create and maintain a status page with all relevant information you can display during downtime.

Monitoring your website #

It can sound overwhelming to manage all this stuff just to prevent downtime and fix issues before they impact your users. But guess what, modern website monitoring solutions—like Oh Dear of course—can manage all of the above with minimal effort from your end. They offer you a single dashboard to track all relevant aspects of your website from your performance and uptime to your SSL certificate and DNS records. You can try OhDear for free for 30 days to see how website monitoring can help you better manage your sites.

FAQs about website downtime #

How can I quickly respond to website downtime? Website monitoring is the best way to get notified of website downtime immediately so that you can respond to it as quickly as possible.

Should I notify users about downtime? Yes, proactive communication is the best way to minimize the impacts of downtime to your end user. Be open about the cause of the downtime, how long you expect it to impact users, and the extent of the impact.

How do I diagnose the cause of website downtime? You can start your diagnosis with the monitoring tool that notified you of the downtime. It should tell you the general cause of the error based on the HTTP status code the monitoring service received to identify the downtime. From there, you need to systematically test ever aspect related to the general cause until you find the point of failure.

What should I include in my website downtime status page? When displaying a status page notifying users that your website is currently down, we recommend including information related to when they can expect your website to come back up as well as a sign-up form that allows users to receive a notification when your website is back up.

When logging in using a passkey, you don’t have to type an email or password, and you won’t be redirect to a third party for logging in. It’s also super fast.

How to use passkeys at Oh Dear #

Here’s me logging in to Oh Dear using a passkey.

Cool right?

If you want to use a passkey to login, just head over to your profile page and scroll down to the passkeys section. There you can create a new passkey.

Please note that you need a modern browser and OS to use passkeys. For MacOS, the password app will be used to store your passkey. If you have 1Pass installed, it will offer to safe your passkey.

With the passkey stored in your password app of your choice, you can now use it. Just head over to the login page and click “Login with passkey” to login.

Easy peasy!

Learning more #

If you want to know more about passkeys, head over to the documentation of the spatie/laravel-passkeys package, which we are using behind to scenes.

Since April 2020, Oh Dear has allowed you to temporarily silence alerts for any check. Whether you’re managing a known outage or fighting some accessibility issues that is causing your Lighthouse score to drop, snoozing has given you breathing room across all notification channels at the site, team and tag level.

Today, we’re giving snoozing some more visibility.

Introducing Snooze History #

Ever wondered “did I already snooze this?” or “who muted alerts last week?”

With Snooze History you can now view a complete log of snoozes for every check and every site with some additional information:

• When the check was snoozed
• Who snoozed it
• How it was snoozed (UI, Slack, Email, API)
• Duration of the snooze
• Which check or scope it applied to

This audit trail helps your team stay informed especially when multiple people manage the same infrastructure. No more expected alerts disappearing!

You’ll find this at the bottom of the Snoozes tab on each check and in your site menu.

Snooze Specific Check Types #

Not all checks are created equal. Sometimes one failing cron job can be ignored but you still want to know if the others stop running. This has been a requested feature from our customers for a while now and we are pleased to announce that you can now snooze individual scheduled task and application health check items.

• Snooze a specific scheduled task without muting all defined jobs.
• Snooze one application health item, like a disk space warning, while keeping CPU and memory alerts active. But maybe you shouldn't ignore that disk space warning...just saying.

The Only Time Snoozing Helps DevOps #

Alert fatigue is real. We hope these new features help you mute what is necessary and keep your team in sync. Clear visibility into snooze actions helps reduce the risk of missing critical issues and tracking when and why.

Both available today for all subscribers.

With website monitoring, you can ensure every page on your site is up and running at all times. And if any of them go down, you’ll be the first person to know. That way, you can fix the problem before it impacts any of your customers.

The technical process of website monitoring #

Obviously, website monitoring monitors your website. But, how does that process actually work? It’s simpler than it sounds. Basically, the software uses an automated system to regularly check every page on your website and ensure an end-user could access them.

The request-response cycle

Let’s dig into the details of how that automated system works. It continuously sends your website server HTTP requests triggering the server to send an HTTP response back. That HTTP response includes a status code telling the monitoring service the current status of the page. Those HTTP status codes include:

• HTTP 2xx: A response with a HTTP status code in the 200s is the expected response. It means the page is up and running.
• HTTP 3xx: This means the page is redirecting traffic to a different page. This could be expected, but not always.
• HTTP 4xx: When there’s a problem with the code in one of your pages that prevents it from being displayed.
• HTTP 5xx: When your server cannot fulfil an HTTP request, like an issue with your website host or servers.

Receiving the status code for every page on your site is the basics of website monitoring. These services can do a lot more, though. For instance, they can also track how long it takes to fulfil a request so you can monitor the performance of your website.

That way, you can tell if a large uptick in traffic slows down your website which could mean you need to invest in faster server infrastructure.

Types of website monitoring #

The specialty tasks website monitoring can perform, like the performance testing we just mentioned, depends on the type of website monitoring provided. Here are the main types of website monitoring you should look for when signing up for a website monitoring service:

Uptime monitoring

This is the main type of website monitoring. It uses the process we discussed earlier with making an HTTP request and then analyzing the response code. However, more advanced uptime monitoring doesn’t just check that your website is up, it can also check for specific features in your website. Other services allow you to check that your website is up in specific regions or globally by making requests from localized servers.

SSL certificate monitoring

We’ve all gone to a site and saw the “your connection is not private” warning. That’s what happens when a site has an SSL certificate error. And just like you, that warning turns traffic away immediately. So, while receiving an HTTP response code, quality monitoring services also check the status of your SSL certificate and notify you of any errors. That way, you can fix any issues before your visitors notice them.

Broken link detection

Every website uses internal links and if you don’t, you should. But when you delete a page, it’s hard to find every single time you linked to that page on other pages. Or, if you change the URL of a page, finding every instance of a link to that URL can be a challenge. Broken link detection finds these issues for you while scouring your website. The service goes through each link on the page and makes sure it returns a valid HTTP response code as well.

Mixed content warnings

Just like an error with your SSL certificate can send your visitors a warning, mixed content on your pages does that too. That’s when your page has an SSL certificate and uses HTTPS, but content within your page uses insecure HTTP resources. This can cause your visitors to go running just like with an SSL certificate error. Monitoring this requires your website monitoring service to load all resources on the page and assess each one’s security status.

Performance monitoring

It’s easy to tell how quickly a website responds, but the information performance monitoring services can tell you a lot more than just how long it takes for a page to load from the time you enter the URL. It breaks down your page loading time into separate categories so you can identify the bottlenecks impeding your website’s performance.

Domain monitoring

There’s a lot that can go wrong with a domain. Whether it’s about to expire or someone fraudulently updated the WHOIS records, keeping tabs on your domain is just as important as keeping tabs on your website’s performance. That’s why most website monitoring services monitor your domain as well. They look for unexpected activity, warn you when your domain is about to expire, and verify all of your email-related records.

What kind of website monitoring do you need? #

Clearly there's no shortage in different types of website monitoring, but in practice you usually don’t need to pick and choose. Tools like UptimeRobot, StatusCake, and Oh Dear are considered "all-in-one" monitoring solutions. All types of monitoring are included, coupled with a robust notification system. What's also cool and totally not self-promotional, is that Oh Dear offers unlimited status pages, Lighthouse SEO monitoring and broken links and content detection as well! I know what I'd choose!

This move aims to enhance digital security and trust across the web. But as these changes approach, it'll become increasingly crucial for organizations to understand their implications and prepare accordingly. Automation will likely become mandatory.

What's the deal with TLS certificates? #

What are they?

TLS (Transport Layer Security) certificates—more commonly known as SSL certificates—are digital certificates that authenticate the identity of a website and enable encrypted connections like HTTPS.

Why do I need one?

Well, they are essential for securing data transmitted between a user's browser and a web server, ensuring privacy and data integrity. This is pretty important, as SSL certificates are now a requirement for all websites, as mandated by Google and Mozilla. In a nutshell, they enable:

• Data Encryption: Protecting sensitive information from eavesdroppers.
• Authentication: Verifying that a website is legitimate.
• Trust: Your browser will mark all HTTP pages as "Not Secure".

What are the upcoming changes to certificate lifetimes? #

To keep a short story even shorter, the maximum certificate lifetime is going down pretty drastically. The idea is, by reducing the lifetimes, you need more frequent validation ergo potentially compromised certificates won't stick around for too long. Here's the rundown.

• Until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.
• March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
• March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
• March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

Some additional clarification, though. As of March 15, 2029, the maximum lifetime for a TLS certificate will indeed be 47 days, but the maximum period during which domain validation information may be reused is only 10 days. That's pretty short. Manual revalidation will still be possible, but this kind of sets you up for trouble if you're not diligent.

What does this mean for my business and website(s)? #

The proposed changes are put there to improve overall security on the web. However, that is assuming everyone handles their certificate renewals precisely on schedule. While shorter lifetimes do improve security, they also increase the risk of certificate expiration without you realized it. Failing to renew your TLS/SSL certificate means browsers will immediately block access to your site.

We probably don't have to paint this picture, but if your site becomes inaccessible because of an expired TLS certificate, this can lead to:

• Lost revenue
• Damaged brand trust
• Search engine ranking drops
• Internal panic and/or angry clients

As a side note, according to the 2023 EMA report, 25% of certificates pose a security threat because they're either expired or self-signed. As lifetimes shrink, that number will go up considerably if counter measures aren't taken.

How do I prepare for these changes? #

The good news is that it's actually pretty easy to avoid certificates from expiring. There's plenty of time left and solutions are already readily available:

• The most obvious solution would be to automate TLS certificate renewals. Using services like Let’s Encrypt, cloud providers with automated certificate management, or something like CertBot you can deal with these shorter lifespans without breaking much of a sweat.
• Another solution is to simply monitor your websites, which is just good practice either way. A website monitoring tool (like Oh Dear, obviously) can notify you in time of not only expired certificates, but of broken links, tasks, drops in performance, SEO...
• Lastly, it's never a bad idea to keep your team informed. Make sure your developers, DevOps engineers, and sysadmins understand the timeline and implications of these changes.

Closing thoughts #

In a nutshell, the ballot argues that shorter lifetimes are necessary because the information contained in these certificates becomes less trustworthy over time, which can only be mitigated by revalidating said information more frequently.

DigiCert, the certificate authority where we got this information from, expects rapid adoption of automated certificate renewal well before the 2029 changes. This is the most likely course of events. But we wouldn't be Oh Dear if we didn't tell you to also use website monitoring :)

By default, it determines the concurrency level by taking a look at the number of CPU cores your machine has. So, if you're using a modern Mac that has 10 CPU cores, it will run 10 tests at the same time, greatly cutting down on the time your testsuite needs to run completely.

A default runner on GitHub doesn't have that many cores, so you can't leverage parallel testing as good as in your typical local environments.

In this blog post, I'd like to show you a way of running your tests on GitHub, by splitting them up in small chunks that can run concurrently.vWe use this technique to cut down the running time of our vast testsuite from 16 minutes to only just 4. In this blog post all examples will come from our base.

What we're going to do #

Like already mentioned in the introduction, a typical test runner on GitHub hasn't got a lot of cores, meaning the default way of running tests in parallel that Laravel offers (running a test per CPU core) doesn't work well.

What you can do at GitHub however is running a lot of GitHub actions jobs in parallel. So what we are going to do is splitting our testsuite in equal chunks, and create a test job on GitHub action per chunk. These chunks can run in parallel, which will immensely decrease the total running time.

I'll tell you how to achieve this technically in the remainder of this blog post, but here's already how the end result will look like on GitHub.

In the screenshot above you can see that our test suite is split up in 12 parts which will all run concurrently. Composer / NPM will only run once to build up the dependencies and assets and they will be used in all 12 testing parts.

Splitting up the testsuite in equal parts #

Let's first take a look at how we can split the testsuite in equal parts. We use Pest as a test runner, which offers a --list-tests option to output all tests.

Here's a bit of code to get all test class names from that output.

 $process = new Process([__DIR__ . '/../vendor/bin/pest', '--list-tests']);

$process->mustRun();

$index = $shardNumber - 1;

$allTestNames = Str::of($process->getOutput())
    ->explode("\n")
    ->filter(fn(string $line) => str_contains($line, ' - '))
    ->map(function (string $fullTestName) {
        $testClassName = Str::of($fullTestName)
            ->replace('- ', '')
            ->trim()
            ->between('\\\\', '::')
            ->afterLast('\\')
            ->toString();

        return $testClassName;
    })
    ->filter()
    ->unique();

In $allTestNames will be a collection containing all class names (= file names) that are inside the test suite.

To split the collection up in multiple parts, you can use the split function which accepts the number of parts you want. Here's how you would split up the tests in 12 parts, and get the first part

$testNamesOfFirstPart = $allTestNames
   ->split(12) // split the collection in 12 equal parts
   ->get(key: 0) // get the first part (the index is 0 based)

PHPUnit / Pest also offers a --filter option to only run specific tests. If you only want to run the tests in from the ArchTest class (which is displayed in the screenshot above), you could execute this.

# Will only run the tests from the ArchTest file
vendor/bin/pest --filter=ArchTest

You can use | to specify multiple patterns. Here's how you could execute the tests from multiple files

# Will only run the tests from the ArchTest file
vendor/bin/pest --filter=ArchTest|CheckSitesBeingMonitoredTest

Here's how you could use the $testNamesOfFirstPart from the previous snippet to run the first part of the tests programmatically.

$process = new Process(
    command: [
       './vendor/bin/pest',
       '--filter', 
       $testNamesOfFirstPart->join('|')],
       timeout: null // take as much time as we need
);

$process->start();

/* pipe the Pest output to the console */
foreach ($process as $data) {
    echo $data;
}

$process->wait();

// use the exit code of Pest as the exit code of the script
exit($process->getExitCode());

Running the testsuite parts in parallel at GitHub #

Now that you know how you could split up a test suite in equal parts, let's take a look at how we can run all these parts in parallel on GitHub actions.

GitHub actions support a matrix parameter. Shortly said, this matrix parameter is used for testing variations of your test suite, and it will run those variations concurrently.

Here's the part of the Oh Dear GitHub workflow where the matrix is being set up. I've omitted several parts for brevity.

# .github/workflows/run-tests.yml

name: Run tests

jobs:
    run-tests:
        name: Run Tests (Part ${{ matrix.shard_number }}/${{ matrix.total_shard_count }})
        runs-on: ubuntu-latest
        strategy:
            matrix:
                total_shard_count: [12]
                shard_number: ['01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12']

        steps:
           ## 
           ## multiple set up steps omitted for brevity
           ##
            -   name: Run tests
                run: ./vendor/bin/pest

The matrix will create jobs per combination in the matrix. So it will run 1 (only one element in total_shard_count) * 12 (twelve elements in shard_number) = 12 times.

In the Run tests step, pest is executed. This will result in the whole testsuite being executed 12 times. Of course we don't want to execute the whole test suite 12 times, but only each separate 1/12 part of the testsuite.

We can achieve this by not running /vendor/bin/pest but a custom PHP script called github_parallel_test_runner that will receive the total_shard_count and the shard_number as environment variables.

# .github/workflows/run-tests.yml

name: Run tests

jobs:
    run-tests:
        name: Run Tests (Part ${{ matrix.shard_number }}/${{ matrix.total_shard_count }})
        runs-on: ubuntu-latest
        strategy:
            matrix:
                total_shard_count: [12]
                shard_number: ['01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12']

        steps:
           ## 
           ## multiple set up steps omitted for brevity
           ##
            -   name: Run tests
                run: ./bin/github_parallel_test_runner
                env:
                    TOTAL_SHARD_COUNT: ${{ matrix.total_shard_count }}
                    SHARD_NUMBER: ${{ matrix.shard_number }}

Here's the content of ./bin/github_parallel_test_runner in our code base. It will read the environment variables, execute Pest using the --list-files and --filter flags to only run a part of the tests like explained in the previous section of this post.

#!/usr/bin/env php
<?php

use Illuminate\Support\Collection;
use Illuminate\Support\Str;
use Symfony\Component\Process\Process;

require_once 'vendor/autoload.php';

$shardNumber = (int)getenv('SHARD_NUMBER');
$totalShardCount = (int)getenv('TOTAL_SHARD_COUNT');

if ($shardNumber === 0 || $totalShardCount === 0) {
    echo "SHARD_NUMBER and TOTAL_SHARD_COUNT must be set." . PHP_EOL;
    exit(1);
}

new ParallelTests($totalShardCount)->run($shardNumber);

class ParallelTests
{
    public function __construct(
        protected int $totalShardCount,
    )
    {
    }

    public function run(int $shardNumber): never
    {
        $testNames = $this->getTestNames($shardNumber);

        echo "Running {$testNames->count()} tests on node {$shardNumber} of {$this->totalShardCount}..." . PHP_EOL;

        $exitCode = $this->runPestTests($testNames);

        exit($exitCode);
    }

    /** @return Collection<string> */
    protected function getTestNames(int $shardNumber): Collection
    {
        $process = new Process([__DIR__ . '/../vendor/bin/pest', '--list-tests']);

        $process->mustRun();

        $index = $shardNumber - 1;

        $allTestNames = Str::of($process->getOutput())
            ->explode("\n")
            ->filter(fn(string $line) => str_contains($line, ' - '))
            ->map(function (string $fullTestName) {
                $testClassName = Str::of($fullTestName)
                    ->replace('- ', '')
                    ->trim()
                    ->between('\\\\', '::')
                    ->afterLast('\\')
                    ->toString();

                return $testClassName;
            })
            ->filter()
            ->unique();

        echo "Detected {$allTestNames->count()} tests:" . PHP_EOL;

        return $allTestNames
            ->split($this->totalShardCount)
            ->get($index);
    }

    protected function runPestTests(Collection $testNames): ?int
    {
        $process = new Process(
            command: ['./vendor/bin/pest', '--filter', $testNames->join('|')],
            timeout: null
        );

        $process->start();

        /* pipe the Pest output to the console */
        foreach ($process as $data) {
            echo $data;
        }

        $process->wait();

        return $process->getExitCode();
    }
}

To make this script executable you must execute this command and push the changes permissions...

chmod +x ./bin/github_parallel_test_runner

Only run composer and NPM / Yarn once #

In the screenshot above, you could see how there's a "Composer and Yarn" step that is executing only once before all the test parts run. Here's that screenshot again.

A GitHub action workflow can contain multiple jobs, and you can define dependencies between them. In the snippet below you'll see the setup-dependencies job being defined (I've omitted all steps regarding to Yarn / NPM to keep things brief). We save the vendor directory as an artifact and use that saved directory in all of our test jobs. Finally, there's also a step to clean up any created artifacts.

You can see that in the needs key, you can define the steps that a job depends on.

#
# name, and concurrency setup omitted for brevity
#

jobs:
    setup-dependencies:
        name: Composer and Yarn
        runs-on: ubuntu-latest
        steps:
            -   uses: actions/checkout@v3
                with:
                    fetch-depth: 1

            -   name: Setup PHP
                uses: shivammathur/setup-php@v2
                with:
                    php-version: 8.4
                    extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick
                    coverage: none

            -   name: Install composer dependencies
                run: composer install --prefer-dist --no-scripts -q -o

            -   name: Upload vendor directory
                uses: actions/upload-artifact@v4
                with:
                    name: vendor-directory-${{ github.run_id }}
                    path: vendor
                    retention-days: 1

    run-tests:
        needs: [ setup-dependencies]
        name: Run Tests (Part ${{ matrix.shard_number }}/${{ matrix.total_shard_count }})
        runs-on: ubuntu-latest
        strategy:
            fail-fast: false
            matrix:
                total_shard_count: [12]
                shard_number: ['01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12']
        steps:
		        #
		        # Some setup steps omitted for brevity
		        #
        
            -   uses: actions/checkout@v3
                with:
                    fetch-depth: 1

            -   name: Download vendor directory
                uses: actions/download-artifact@v4
                with:
                    name: vendor-directory-${{ github.run_id }}
                    path: vendor

            -   name: Run tests
                run: ./bin/github-parallel-test-runner
                env:
                    TOTAL_SHARD_COUNT: ${{ matrix.total_shard_count }}
                    SHARD_NUMBER: ${{ matrix.shard_number }}

    cleanup-artifacts:
        name: Clean up artifacts
        needs: [setup-dependencies, run-tests]
        runs-on: ubuntu-latest
        if: always()
        steps:
            -   name: Delete artifacts
                uses: geekyeggo/delete-artifact@v2
                with:
                    name: |
                        vendor-directory-${{ github.run_id }}
                    failOnError: false

Cancelling stale tests #

There's another neat little thing that we do in our GitHub action workflow to save some time. Whenever changes are pushed to a certain branch, we're not really interested in the results of the tests of any previous commits / pushes on that branch anymore.

Wouldn't it be nice if the test for any older commits on a branch were automatically cancelled, so the tests for the new commits / push would immediately start?

Well, with this snippet in your workflow, that's exactly what will happen.

name: Run tests

on:
    push:
        paths:
            - '**.php'
            - '.github/workflows/run-tests.yml'
            - 'phpunit.xml.dist'
            - 'composer.json'
            - 'composer.lock'

concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true
    
jobs:
   #
   # omitted for brevity
   #

Our complete test workflow #

To make things clear, here's our entire workflow file including the setup of all the services that our testsuite needs like MySQL, Redis, ClickHouse, Lighthouse and more.

name: Run tests

on:
    push:
        paths:
            - '**.php'
            - '.github/workflows/run-tests.yml'
            - 'phpunit.xml.dist'
            - 'composer.json'
            - 'composer.lock'

concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true

jobs:
    setup-dependencies:
        name: Composer and Yarn
        runs-on: ubuntu-latest
        steps:
            -   uses: actions/checkout@v3
                with:
                    fetch-depth: 1

            -   name: Setup PHP
                uses: shivammathur/setup-php@v2
                with:
                    php-version: 8.4
                    extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick
                    coverage: none

            -   name: Get Composer Cache Directory
                id: composer-cache
                run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT

            -   name: Cache Composer dependencies
                uses: actions/cache@v3
                with:
                    path: ${{ steps.composer-cache.outputs.dir }}
                    key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
                    restore-keys: ${{ runner.os }}-composer-

            -   name: Install composer dependencies
                run: composer install --prefer-dist --no-scripts -q -o

            -   name: Upload vendor directory
                uses: actions/upload-artifact@v4
                with:
                    name: vendor-directory-${{ github.run_id }}
                    path: vendor
                    retention-days: 1

            -   name: Cache Node Modules
                uses: actions/cache@v3
                with:
                    path: node_modules
                    key: ${{ runner.os }}-node-${{ hashFiles('**/yarn.lock') }}
                    restore-keys: ${{ runner.os }}-node-

            -   name: Cache built assets
                uses: actions/cache@v3
                with:
                    path: |
                        public/build
                        public/hot
                        public/css
                        public/js
                    key: ${{ runner.os }}-assets-${{ hashFiles('resources/**/*') }}-${{ hashFiles('**/yarn.lock') }}
                    restore-keys: ${{ runner.os }}-assets-

            -   name: Compile assets
                run: |
                    yarn install --pure-lockfile
                    yarn build
                # Only run build if node_modules or assets cache wasn't hit
                if: steps.node-cache.outputs.cache-hit != 'true' || steps.assets-cache.outputs.cache-hit != 'true'

            -   name: Upload compiled assets
                uses: actions/upload-artifact@v4
                with:
                    name: compiled-assets-${{ github.run_id }}
                    path: |
                        public/build
                        public/hot
                        public/css
                        public/js
                    retention-days: 1

    install-chrome-and-lighthouse:
        name: Install Chrome and Lighthouse
        runs-on: ubuntu-latest
        steps:
            -   uses: actions/checkout@v3
                with:
                    fetch-depth: 1

            -   name: Setup PHP
                uses: shivammathur/setup-php@v2
                with:
                    php-version: 8.4
                    extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick
                    coverage: none

            -   name: Setup problem matchers
                run: |
                    echo "::add-matcher::${{ runner.tool_cache }}/php.json"
                    echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"

            -   name: Install Chrome Launcher
                run: npm install chrome-launcher

            -   name: Install Lighthouse
                run: npm install lighthouse

            -   name: Cache test environment
                uses: actions/upload-artifact@v4
                with:
                    name: test-env-${{ github.run_id }}
                    path: |
                        node_modules
                    retention-days: 1

    run-tests:
        needs: [ setup-dependencies, install-chrome-and-lighthouse ]
        name: Run Tests (Part ${{ matrix.shard_number }}/${{ matrix.total_shard_count }})
        runs-on: ubuntu-latest
        strategy:
            fail-fast: false
            matrix:
                total_shard_count: [12]
                shard_number: ['01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12']

        services:
            mysql:
                image: mysql:8.0
                env:
                    MYSQL_ALLOW_EMPTY_PASSWORD: yes
                    MYSQL_DATABASE: ohdear_testing
                ports:
                    - 3306
                options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
            redis:
                image: redis
                ports:
                    - 6379:6379
                options: --entrypoint redis-server
            clickhouse:
                image: clickhouse/clickhouse-server
                options: >-
                    --health-cmd "clickhouse client -q 'SELECT 1'"
                    --health-interval 10s
                    --health-timeout 5s
                    --health-retries 5
                ports:
                    - 8123:8123
                    - 9000:9000
                    - 9009:9009
                env:
                    CLICKHOUSE_DB: ohdear
                    CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: 1

        steps:
            -   uses: actions/checkout@v3
                with:
                    fetch-depth: 1

            -   name: create db
                run: |
                    sudo /etc/init.d/mysql start
                    mysql  -u root -proot -e 'CREATE DATABASE IF NOT EXISTS ohdear_testing;'

            -   name: Setup PHP
                uses: shivammathur/setup-php@v2
                with:
                    php-version: 8.4
                    extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick
                    coverage: none

            -   name: Download test environment
                uses: actions/download-artifact@v4
                with:
                    name: test-env-${{ github.run_id }}
                    path: .

            -   name: Download vendor directory
                uses: actions/download-artifact@v4
                with:
                    name: vendor-directory-${{ github.run_id }}
                    path: vendor

            -   name: Download compiled assets
                uses: actions/download-artifact@v4
                with:
                    name: compiled-assets-${{ github.run_id }}
                    path: public

            -   name: Prepare Laravel Application
                run: |
                    cp .env.example .env
                    php artisan key:generate

            -   name: Set permissions for vendor binaries
                run: chmod -R +x vendor/bin/

            -   name: Run tests
                run: ./bin/github-parallel-test-runner
                env:
                    DB_PORT: ${{ job.services.mysql.ports[3306] }}
                    REDIS_PORT: ${{ job.services.redis.ports[6379] }}
                    CLICKHOUSE_HOST: localhost
                    CLICKHOUSE_PORT: 8123
                    CLICKHOUSE_DATABASE: ohdear
                    CLICKHOUSE_USERNAME: default
                    CLICKHOUSE_PASSWORD:
                    CLICKHOUSE_HTTPS: false
                    TOTAL_SHARD_COUNT: ${{ matrix.total_shard_count }}
                    SHARD_NUMBER: ${{ matrix.shard_number }}

    cleanup-artifacts:
        name: Clean up artifacts
        needs: [setup-dependencies, install-chrome-and-lighthouse, run-tests]
        runs-on: ubuntu-latest
        if: always()
        steps:
            -   name: Delete artifacts
                uses: geekyeggo/delete-artifact@v2
                with:
                    name: |
                        vendor-directory-${{ github.run_id }}
                        compiled-assets-${{ github.run_id }}
                        test-env-${{ github.run_id }}
                    failOnError: false

Pros and cons #

There are pros and cons for running tests in parallel on GitHub actions. Let's start with the most important pro first: your test suite will run significantly faster. It's also very easy to increase or decrease the level of parallelism. A faster testsuite means that your entire feedback cycle is faster, which is a big win.

On the cons side, there's certainly some more complexity involved: you need a script to split tests, the workflow becomes more complex.

There's also the risk of uneven test distribution. If your tests vary significantly in execution time, you might end up with some shards finishing much earlier than others, reducing the efficiency gain.

In closing #

The approach outlined in this post works exceptionally well for large test suites like we have, where we've seen significant reduction in test execution time. But even smaller projects can benefit from this technique, especially as they grow over time.

When we can’t crawl all your links, or you see unexpected gaps in the results, it can be tricky to know where to start. Our new Troubleshooting tab is here to help.

Quickly identify and resolve crawling issues

The Troubleshooting tab detects common issues that may affect link checking and gives you clear guidance to resolve them and in some instances allows you to resolve them with one click. Is robots.txtpreventing us from accessing your site? Is your firewall rate-limiting us, or maybe you are linking to www when your site URL is different?

All broken link report pages will now have access to suggested and all troubleshooting filters where we either show you relevant actions based on your results or all possible issues and solutions. Think of it like interactive documentation and FAQs (which we have also linked to). There's even a short API snippet to trigger a new broken links - perfect for post-deployment hooks.

Why it matters

Our goal is to make it easy for teams of all sizes to catch and fix broken links and quickly identify and resolve any issues. With this update, even the trickier edge cases become actionable and transparent. Take a look at what we have got so far - we will be keeping this up-to-date based on feedback so keep an eye out! And if you're still having trouble our support team is just a click away in the support bubble.

New robots.txt controls

We have always allowed our users to 'ignore' broken links but sometimes you don't even want us to crawl your pages. Especially when you want us to respect your robots.txt file but where you may not have access to server config.

So we have added advanced settings for a couple of edge cases:

Force crawl specific URLs: If you can't or don’t want to modify your robots.txt, you can manually add specific pages to an allowlist that should always be crawled - even if disallowed.

Do not crawl specific URLs: Useful to exclude sensitive pages, admin areas, or known false positives.

These options give you just a little bit more control over how Oh Dear crawls your site.

Coming soon

We have more broken links updates coming to your notification settings soon! Tired of receiving the same alert every day for the same broken links? You will now be able to only get a follow-up notification when new broken links are found. Giving you a bit more time to get them fixed without constantly snoozing the notification.

Keep an eye on the Oh Dear to find out when this is released :)

Your website is your business’ storefront, sales team, customer service department, and potentially even your primary revenue channel. Just like you’d protect the physical presence of these aspects of your business with a security system, you also need to protect the online aspects too. That means keeping an eye on your website with monitoring.

How much does website downtime cost? #

When figuring out the cost of website downtime, there are two factors at play - direct costs and indirect costs.

Direct costs of website downtime

You can calculate the direct costs. Figure out how much money your website makes you per hour or minute and then multiply that number by the amount of time your site was down.

Of course, the amount your website makes is a lot easier to calculate for e-commerce sites than other businesses such as consultants. But, you can still get a rough idea by considering the amount of inquiries you get on your website per hour or day and the rate that you turn those inquiries into sales.

Indirect costs of website downtime

Then, there are the indirect costs. While they’re more difficult to account for, they cost your business all the same. Here are a few examples of the indirect costs to website downtime:

• Brand reputation damage: Nowadays, people expect websites to always be working. When potential customers visit a website that’s down, they start off with a negative impression of the brand. They associate it with brands that cut corners and offer cheap services or products.
• SEO ranking penalties: Google constantly indexes websites so they have the most up-to-date information on your pages. If your site is down while Google is trying to crawl your site, it will negatively impact your rankings since it returns an error code to the Googlebots.
• Customers go elsewhere: According to a study by Adobe, if your site doesn’t load, 41 percent of people go elsewhere. This drives your potential customers to your competitors.
• Increased support costs: You likely have self-help articles on your website. When those go down, customers who need help must revert to calling your customer service line which increases your support costs.

Real-world examples of website downtime impacts

The costs of website downtime aren’t just hypothetical. They cause real-world impacts. Let’s go over a few of the many times website downtime has cost companies millions:

• Amazon's Prime Day disaster: In 2018, Amazon went down for some users on the worst day for them, Prime Day. It’s one of their major shopping days and users couldn’t access the site. Amazon estimates this outage cost them upwards of $99 million.
• British Airways' internal chaos: Internal issues can arise from website downtime too. British Airways’ 2017 disaster is a perfect example. Their IT systems went down forcing them to cancel flights for up to 75,000 passengers.
• Facebook’s $90 million day: After just five hours of downtime, Facebook lost 4.9 percent of its share value. That resulted in Mark Zuckerberg losing roughly $6 billion in wealth.

Why startups can't afford to skip website monitoring #

All too often, startups consider website monitoring a luxury to buy once they get bigger. The reality is that bigger companies have enough resources to survive through downtime issues whereas the same problems for startups can become fatal. Here are a few of the reasons why startups need website monitoring:

• Myth of startup resilience: People think of startups as agile companies that can quickly adjust for any problems that arise. While it’s true that startups are agile, they also don’t have as much runway to adjust. That’s why startups need website monitoring that notifies them of downtime immediately so they can act right away. If it goes unnoticed, startups can run out of runway before they even get started recovering.
• First impressions are critical: We already touched on how website downtime can give customers a bad taste in their mouth. What we haven’t shared yet, though, is that according to Northern Arizona University, 88 percent of users won’t return after a bad user experience. And your website being down is absolutely a bad first experience. Website monitoring helps identify downtime as the issue as opposed to a different issue such as a poorly designed website.
• Launch timing: There’s a cruel paradox where website downtime occurs when it’s least welcome, like the launch of your product or a feature. You’ve spent countless hours and thousands, if not millions, on your launch. If your website’s down, you can’t capitalize on it. Website monitoring can help you predict downtime to avoid these circumstances.
• Investor confidence: When pitching your startup to VCs, you usually need to present a demo and let them try your product. If your network goes down during these meetings, you’ll be hard-pressed to get a VC to come back another time, let alone invest in your startup. Your odds go up if you can cite your downtime statistics to show the VC that this is an outlier and not the norm.

What else should you monitor on your website? #

Monitoring the binary of whether your website is up or not leaves a lot of data off the table. That’s why alongside website downtime monitoring, you should also monitor:

Performance metrics

Both users and Google care a lot about your performance metrics. Sure, your users don’t know how long it takes for your site to load, but they definitely know if it takes too long. And Google has figured out exactly what “too long” is. That’s why they use your website speed as a direct ranking factor. You should apply this to all customer-facing online services. An overwhelmed server slowing down your online service or website is different from downtime, though, so it requires separate monitoring.

Functionality testing

Website downtime monitoring won’t monitor for a broken user journey. That means when a user clicks a link or opens a menu, that link or menu doesn’t work. Services monitor for functionality by continuously running simulated user journeys identifying issues before they impact real users.

Third-party service integration

Every third-party service you use introduces a potential point of failure for your website or online service. Now, that’s not to say you shouldn’t use third-party services. Every business depends on at least some third-party services. It only means you need to monitor their integration. APIs get updated all the time and those updates can break your integration. Third-party service monitoring ensures you know what’s working and what needs work at all times.

Security monitoring

A study conducted by IBM looked at how long it takes the average company to identify a security breach. The results are a shocking 197 days. That’s over half a year before a security breach gets identified. This is why security monitoring is crucial and why modern website monitoring services integrate security monitoring into their downtime monitoring. Any efforts to reduce that time to identify a breach help you minimize the damage it can cause.

Recap: Why you need website monitoring #

Monitoring your website and online services is all about preventing you from jumping out of the frying pan and into the fire. That’s to say, without appropriately monitoring your website, you can incorrectly identify issues or not even realize an issue exists in the first place. Then, based on incorrect information, your attempts to fix the problem can make the problem worse.

For instance, if you notice a big uptick in your bounce rate after a marketing campaign, you might think the campaign flopped. But, it could be an issue with your site being overwhelmed causing it to slow down or go down completely for some users. With quality website monitoring, instead of scrapping an otherwise successful campaign, you can fix the core issue. That’s just one example of the value of website monitoring. Whether you’re a startup or an enterprise, website monitoring gives you the information you need to manage your website like the pros.

Oh Dear is the underdog in the website monitoring software space. We’re small fries in a market dominated by big, well-funded competitors. Yet somehow, Freek and Mattias managed to build a solid user base and created a profitable SaaS business. But where do you go from there? What was the eventual marketing strategy? We thought it would be cool to share with you guys our approach for Oh Dear, our lessons learned, and the strategies that helped us grow.

Started from the bottom, now we're here #

After launching Oh Dear, the boys were able to get some solid traction going thanks to their personal network. Both Freek and Mattias are well-known in the Laravel community, each running their own successful businesses—the cron.weekly newsletter (Mattias) and Spatie (Freek). Their developer-focused blogs and community presence helped spread the word about Oh Dear organically.

Thanks to word-of-mouth and strong community engagement, we scaled to about 2,000 users without spending much on marketing.

But they knew they had to expand their audience beyond their own network. This is when Brandimpact entered the picture, a teeny tiny marketing agency from Ghent, Belgium, to help the boys start experimenting and build a robust, overarching marketing strategy. Below is an overview of what we did to better market Oh Dear throughout 2024.

Phase 1: Getting the ball rolling #

The Brandimpact gang got work doing the following:

• Customer interviews to better understand Oh Dear's ideal users
• Competitor analysis & keyword research to refine our positioning
• A strategy workshop to set the priorities for the next six months

The goals? Increasing awareness, improving conversion rates, and exploring less obvious acquisition channels. Initially, we kept the personal networks of Freek and Mattias out of the picture, to see how independently the marketing efforts could run.

Since all of this was still very experimental, we limited our monthly media budget to approximately $5.000 per month for PPC (pay-per-click) advertising.

What worked

1. Google Search Ads (With Limitations)

Google Ads helped generate some free trial sign-ups, but at a pretty high acquisition cost. Since many competitors are obviously bidding on the same keywords (“website monitoring software”, “uptime monitoring software”), we were often outspent. While it brought in leads, it wasn’t sustainable for a bootstrapped SaaS like ours.

2. CRO (Conversion Rate Optimization)

We improved our website and trial experience by:

• Creating and adding a product video to the homepage
• Making our copy more engaging and clear for our target audience
• Extending the free trial from 7 to 30 days
• Collecting and adding more customer testimonials

Here's the video we ended up with, by the way. This was actually a lot of fun to do:

3. Reddit Ads — Better than expected

We didn’t expect much from Reddit Ads to be perfectly honest, but given our target audience we figured it was worth a shot. But as it turned out, Reddit ended up being one of the best-performing paid channels for us in terms of acquiring new trial sign-ups. We tested three different campaigns on Reddit:

• A feature-based carousel ad
• A product video featuring Mattias & Freek with a fun hook
• A series of memes using popular formats

Though we will say the quality of the traffic might be debatable—lots of clicks but not much else.

What didn’t work

1. LinkedIn ads – Too expensive

We targeted CTOs and developers, but the cost per click was too high. LinkedIn might work for enterprise SaaS, but for our niche, it wasn’t worth the investment.

2. Meta & YouTube ads – No significant impact

We briefly tested Facebook (Meta) Ads and YouTube Ads, but they didn’t generate enough quality leads. Developers don’t typically discover technical tools through these platforms.

3. Twitter ads – Garbage clicks

Arguably the worst advertising services among social media platforms. Lots of reach and clicks but absolutely abysmal quality. We're suspecting many among them were just bots.

Phase 2: Tuning our strategy #

All in all, we were driving traffic but conversions weren't exactly growing in a similar fashion, so we turned our attention to re-activating our audience, leveraging SaaS aggregators and content marketing.

1. Affiliate marketing – Activating our user base

We already had an affiliate program offering 25% commission per sale, but few affiliates were actively promoting us. To improve this, we:

• Reached out to existing customers
• Created a press kit with ready-to-use content
• Updated the affiliate landing page on the website
• Optimized our affiliate onboarding emails

2. SaaS review platforms – Leveraging G2 & Capterra

Like most people, developers tend to trust their peers, so we focused on building a strong presence on platforms like G2 and Capterra. It's kind of an SEO effort as well, since these platforms work similary to Google in terms of ranking search results.

• We added review badges to our site
• We launched campaigns to encourage users to leave reviews
• We paid for a Capterra CPC campaign (~€40 per free trial)

Results? So far, Capterra (Gartner) has been our best-performing paid "channel" for free trial sign-ups.

3. SEO & content marketing – Playing the long game

We invested in SEO-driven content, but competing for high-intent keywords (like “uptime monitoring software”) remains tough. To improve our rankings, we're:

• Publishing SEO-optimized blog posts (see our blog)
• Focusing on getting backlinks from SaaS review sites
• Reaching out to tech blogs that review monitoring tools

Example outreach targets:

• Middleware.io's blog on website monitoring tools
• PCMag’s Best Website Monitoring Services

4. Direct outreach with gifting – Taking things offline

We’re currently planning a gifting campaign targeting digital agencies in Belgium. The idea is to send over a little care package—as in, a couple of Belgian beers—to a series of target accounts. Custom packaging, a personalized message, nothing too sales-y either. Freek and Mattias were actually at a bar drinking said beer when the idea for Oh Dear first came up, so it's a fun little tie-in to the product.

Final Thoughts: What We Learned About Marketing a SaaS #

1. Personal networks & word-of-mouth are powerful, especially in the developer community.
2. Paid ads (safe for Reddit & Capterra) weren’t particularly effective.
3. SEO & review platforms can drive sustainable growth.
4. Don't be afraid to try something you're not familiar with. Trust is key, though.
5. There's no silver bullet, every audience is different.

Our marketing strategy is always evolving, and we’ll keep refining our approach as we learn. Keep you posted!

These tools are especially relevant in today’s digital landscape, where user expectations and search engine algorithms demand seamless navigation and impeccable website health. Whether you're a website owner, SEO professional, or student learning about digital optimization, this guide will equip you with actionable insights and best practices for maintaining a robust online presence.

How do broken links impact website SEO and user experience? #

Broken links negatively impact both website SEO and user experience. Firstly, they signal poor website maintenance to search engines, potentially lowering your search rankings. Secondly, they disrupt search engine crawlers, hindering their ability to index your content. Thirdly, broken links on pages with many inbound links diminish the value passed from other websites, reducing the page's authority.

Furthermore, broken links can frustrate users, leading to high bounce rates and short session durations, which send negative signals to search engines. From a user perspective, broken links create a frustrating experience, damaging your brand reputation and making your website appear unprofessional. This can disrupt user flow, prevent access to important information, and ultimately lead to missed opportunities for conversions and revenue.

How website monitoring software helps identify broken links #

Website monitoring software is an essential tool for efficiently identifying and managing broken links. These tools streamline the process by automating detection, providing actionable insights, and ensuring proactive website maintenance. Here's how they help:

Automated Crawling of Your Website

Website monitoring software scans your entire site, following internal and external links to identify any that are broken. This eliminates the need for manual checking, which can be time-consuming and prone to human error.

Real-Time Error Detection

Many website monitoring software continuously tracks your website and alerts you in real-time when a link becomes broken. This allows you to address the issue immediately before it affects SEO or user experience.

Comprehensive Reporting

These tools generate detailed reports that categorize broken links by type (404 errors, redirect loops, timeout issues, etc.) and highlight their location. This makes it easier to prioritize and fix the most critical problems first.

Integration with SEO and Analytics Tools

Many monitoring platforms integrate with SEO tools like Google Analytics and Google Search Console. This allows you to see how broken links are impacting site traffic and rankings, helping prioritize fixes that matter most to your audience and search engines.

Scalability for Large Websites

For websites with thousands of pages, manual link checking is impractical. Website monitoring software is built to handle large-scale link audits efficiently, ensuring no broken links are overlooked.

User-Friendly Dashboards

Most website monitoring software offers intuitive dashboards that make it easy to manage broken links without technical expertise. Filters and sorting options allow quick access to the most urgent issues.

What features should you look for in software designed to monitor links? #

When selecting a website monitoring software, it's important to choose a tool with the right features to ensure effective and efficient link management. Here are the essential features to look for:

• Real-time Monitoring: The ability to monitor link performance in real-time, is crucial for detecting issues as they occur. This allows for swift responses to potential problems, such as downtime or performance degradation.
• Automated Alerts: Automated alerts should notify users of any anomalies or threshold breaches in link performance. This feature ensures that administrators are promptly informed of issues that require attention, enabling quick action to mitigate risks.

How accurate are automated tools compared to manual link-checking? #

Automated link-checking tools generally offer high accuracy in identifying broken links on a large scale, significantly outperforming manual checks in terms of speed and efficiency. However, they may occasionally miss certain types of links or misinterpret complex situations, such as dynamic content or JavaScript-based links. Manual checks, while time-consuming, can provide a more nuanced understanding of link functionality and context, ensuring that all critical links are properly evaluated.

For optimal results, a combination of both approaches is often recommended. Automated tools can quickly identify the majority of broken links, while manual checks can be used to review critical links, investigate false positives, and ensure the accuracy of the automated results.

What common mistakes do businesses make when addressing broken links? #

When businesses attempt to address broken links, they often make several common mistakes that can exacerbate the problem or lead to further issues. Here are the key mistakes to avoid:

• Failure to Check Links Periodically: Many businesses do not regularly audit their websites for broken links. This oversight can lead to a poor user experience and negatively impact SEO, as broken links can diminish site credibility and authority.
• Ignoring Internal vs. External Links: Businesses sometimes treat internal and external links the same way. However, internal links can be controlled and fixed more easily, while external links may require different strategies, such as reaching out to the site owner for repairs.
• Failing to Revise Interlinking: When a website undergoes structural changes, such as URL updates, businesses often forget to update internal links accordingly. This can lead to numerous 404 errors if the old links are not redirected or corrected.

How can you proactively manage internal links to avoid breaks? #

Website monitoring software identifies and prevents time-consuming website issues, while time tracking software measures the time spent resolving them. Both tools provide valuable data that can be used to optimize website performance and improve employee productivity. By combining data from both, businesses can make informed decisions about website investments and resource allocation.

Proactive management of internal links is crucial for maintaining a healthy website and avoiding broken links. This involves a multi-faceted approach. Firstly, establish and adhere to consistent naming conventions for all files and folders on your website, making it easier to track and update links. Secondly, a version control system should be implemented to track changes to website files and easily revert to previous versions if necessary.

You should also conduct regular website audits to identify and fix any broken internal links promptly. Fourthly, a content management system (CMS) with robust features for managing internal links, such as automated link checking and version history, should be used. Finally, all team members should be involved in the process by providing clear guidelines and training on best practices for creating and maintaining internal links. By implementing these strategies, you can significantly reduce the risk of broken internal links and ensure a seamless user experience across your entire website.

Future-proofing your website against broken links #

Future-proofing your website against broken links involves a proactive approach that anticipates and minimizes potential issues. This includes implementing robust internal linking structures with clear and consistent naming conventions. Utilizing a version control system and website monitoring software allows for easy tracking and reversion of changes, minimizing the risk of unintended link breakage.

Regularly scheduled website audits and the use of a CMS with powerful link management features are essential for early detection and resolution of any broken links. Furthermore, fostering a company-wide understanding of the importance of proper link management through training and clear guidelines empowers all team members to contribute to a more resilient and user-friendly website.

Boost Your Website’s Credibility #

Detecting and resolving broken links is not just about fixing errors—it’s about safeguarding your website’s credibility, user experience, and SEO performance. By leveraging website monitoring software, you can automate the detection process, gain valuable insights, and proactively address issues before they harm your site’s reputation or search rankings.

Coupled with best practices for link management and a future-proofing mindset, these tools enable you to maintain a seamless, reliable website that meets the demands of both users and search engines. By taking these steps, you can ensure that your site remains a trusted, high-performing resource in today’s competitive digital landscape.

What’s New? #

With our latest update you can now customize your status page to match your brand's look and feel:

• Theming: Choose between Light, Dark, or System Mode to make your status page visually align with your website or user preferences.
• Custom Logos: Add different logos for each theme ensuring your brand is always visible.
• Logo position: Left or centered. You choose.
• Borders: Customize the borders and corners of your status page elements for a classic or modern look.
• Backgrounds: Change the header and main backgrounds independently.
• Colors: Choose text, information and button colors that complement your brand and ensure readability.
• Uptime Chart: Prevent the uptime graph from clashing with your brand - choose colors for 'ok', 'warning' and 'crtitical' data points.

Why Customize Your Status Page? #

Customizing your status page isn’t just about aesthetics - it also comes with several practical benefits:

• Brand Consistency: A status page that matches your brand helps users recognize it as an official communication channel, reducing confusion and enhancing trust.
• Improve User Experience: Custom colors and themes can make your status page easier to read and navigate based on familiarity with your existing website.
• Professionalism: A well-designed, on-brand status page shows that you care about every aspect of your service, even when problems occur

How it works #

Customizing your status page is quick and easy:

1. Click on the 'Status Page' tab in your Oh Dear dashboard.
2. Click on 'Display' in the left menu.
3. Select 'Logo' or 'Style' tabs.

You can manage light and dark mode colors under style > theme settings where you can match your brand to your status page.

Show it off #

Get started with the new customization features today and give your status page a fresh, on-brand look that users will recognize and trust. Head over to your settings and make it uniquely yours!

If you have any questions, need assistance or just want to let us know what you think, don’t hesitate to reach out to our support team.

Did you know? #

We also have status page update templates that you can use to quickly keep users informed while keeping your messages clear, consistent and on-brand.

Broken links monitoring crawls your entire website for internal and external links but we now take this a step further by expanding our monitoring to include CSS, JavaScript, and image links.

What’s New? #

With this update, our broken links check now scans:

• CSS Links: Verify that all your stylesheets are loading correctly and aren’t returning 404 errors or other issues.
• JavaScript Links: Ensure that all your JavaScript files are accessible helping to prevent issues that can break functionality or affect the user experience.
• Images: Confirm that all images on your site are loading properly, avoiding missing images that can make your site look unprofessional or incomplete.
• Open Graph Images: Your social previews are important - make sure they are loading correctly.

Why? #

Here’s why these new checks are important for your website:

• Comprehensive Monitoring: By checking CSS, JavaScript, and image links, you can catch issues that might not be immediately visible but could still impact your site's performance, SEO, and user experience.
• Prevent Styling and Functionality Errors: Broken CSS and JavaScript files can cause your website to look broken or behave incorrectly. Early detection helps you fix these issues before your users even notice.
• Maintain a Professional Appearance: Broken image links can make your website look unprofessional. Our enhanced check ensures that all visual elements are loading correctly, preserving your brand’s appearance.
• Boost SEO: Search engines penalize sites with broken links, including CSS, JS, and images. Keeping all your assets intact helps maintain your SEO ranking and keeps your site in good standing.

How it works #

The enhanced broken links check doesn't require any additional setup other than just enabling the options from your broken links settings. Here’s how it benefits you:

1. Automatic Scanning: As part of your regular monitoring, Oh Dear will automatically check all your website’s links, including CSS, JavaScript, and images.
2. Detailed Reporting: If we find any broken links, we’ll notify you immediately with detailed reports specifying which files are affected and the exact URLs that are broken.
3. Proactive Maintenance: Use the insights from our enhanced checks to quickly fix broken assets and keep your website running smoothly.

Ready to check your entire website? #

This enhancement makes Oh Dear’s monitoring more comprehensive and reliable, ensuring that every element of your website is working as intended. By proactively checking all types of links, you can stay ahead of issues and address them before they become a problem.

When paired with our other features such as Lighthouse you can get deep insights into how your application is performing from the user's perspective.

Oh Dear already has a flexible and powerful notification system and to date has performed over 38 billion checks and sent over 19 million notifications across Email, Slack, MS Teams, PagerDuty, webhook and more.

We respond to 30 different events across our services and all plans allow you to create an unlimited number of configurations (recipients) at the site, team and tag level!

What's new #

We are excited to introduce Business hours notifications! This feature allows teams to define specific business hours and tailor notification settings to ensure alerts are received at the right time by the right people. Whether you want to be notified during work hours, after-hours, or 24/7, you now have the flexibility to configure your notifications to fit your team's unique needs.

In this post we will dive into how it works, why it's useful and how it can help streamline your team's workflow.

Why? #

Not every alert needs immediate attention, especially if it occurs outside of your team’s active hours. By using Business Hours settings you can:

Reduce alert fatigue: by only receiving relevant notifications when needed.

Improve work-life balance: by reducing disruptions outside of scheduled hours.

Streamline on-call responsibilities: by distinguishing between notifications during business hours and those meant for after-hours or on-call teams.

Improve response times for critical issues: ensure the right notifications reach the right people as quickly as possible.

This new feature empowers your team to stay focused during working hours while keeping the after-hours alert volume in check. It also provides peace of mind by ensuring that critical issues are still flagged when necessary — whether inside or outside of business hours.

How it works #

When creating a new notification configuration you will now have the option for 'Notification timing'. You will see the following three options:

1. Any time
2. Within business hours only
3. Outisde business hours only

To give you a better idea of how business hours can be used across your team alongside existing features here are a few practical scenarios:

Your support team might be comfortable handling problems during work hours while an on-call team is responsible for handling critical issues outside these hours.

• Support team: email to a shared inbox only during business hours for broken link events only
• On-call team: SMS outside of business hours with negative events only (e.g. Site down, scheduled task not executed on time)
• Development team: all events enabled on low-priority Slack channel at all times

Snooze #

Are you receiving too many notifications? Are you working on fixing an issue and need to focus?

You can temporarily silence (or snooze) notifications. We will still perform all checks, but won't send any notifications when a snooze is active. A snooze is applied at the check-level (e.g. Lighthouse reports) for a particular site. It silences all notifications configured that would normally be sent.

If you decide a snooze isn't needed any more, you can end it from the 'snooze' tab on every check page.

Did you know? #

We recently released support for tag notifications! This feature allows you to keep your notification settings under control by assigning tags to sites and configuring your notifications to tags (or groups of tags).

The new business hours notifications feature is all about control and customization for teams of all sizes. Together with tag notifications, 'business hours' gives your team a granular but maintainable level of control over your monitoring alerts.

We can’t wait for you to try it out and see how it improves your workflow. Let us know your feedback, and as always, happy monitoring!

Not registered? Sign up for a free 30-day trial (no payment card required)

In addition to alerting you when you need it we have given our Broken Links feature a UI makeover! With this update it's now easier than ever to identify and resolve broken links across your site. Here’s a quick introduction of what you can expect from the new interface.

What's new? #

Streamlined results

We now show an overview of the crawl process where you can quickly see the total number of pages found, internal/external broken links, pages fixed from the last run as well as any links that have been removed since the last report.

Enhanced searching

You could always download your results in Excel or CSV format but you can now search all links by error code (404, 500, etc.), URL or parent URL in the UI. It's one less thing to have to do to find the pages you need!

Link Diffs

Any links that were found on the current and previous runs will now be compared to show any changes to status code, link text, or parent URL. In the screenshot below we can see an 'About' page was found on the homepage but responded with a 404. The 'fixed' tab now shows the new successful response code along with the updated link text.

Managing broken links is now more intuitive and efficient which means you can focus on fixing issues and optimising SEO. Whether you’re a solo developer or running a large e-commerce platform our revamped Broken Links crawler is designed to help you maintain a smooth and error-free browsing experience for your audience.

Don’t forget to check out our sitemap service! #

In addition to our broken links crawler we also offer powerful sitemap monitoring. This feature ensures the format of your sitemap is valid and any other issues that might prevent search engines from properly indexing your site. We also scan every link to ensure they are valid and accessible.

If you're already using the broken links service then the sitemap monitoring is a perfect complement. It ensures that every link on your site - whether it’s in your sitemap or found organically - meets the same high standards.

Try it out today and keep your site working perfectly from every angle with a free 30-day trial. Let us know what you think!

Why? #

For our larger customers using tags is an effective way to identify and manage multiple clients, projects, or environments. However, managing notifications by site or team can be too broad or too granular.

For example, some sites might be missed when creating/updating notification channels for a particular department or client meaning some sites might be notifying an out-of-date recipient.

With Tag Notifications you can now define notifications channels to a tag, ensuring new sites or updates to notification configurations are not missed. Your notifications will always be up-to-date.

How It Works #

Setting up Tag Notifications is simple:

1. Click 'Manage Tags' from the main user-menu.
2. You should see all tags defined for your team along with a summary showing the number of sites and notification channels associated with each tag.
3. Click on the 'Notifications' link to define the notification settings for each tag. You can specify the channels, recipients, and types of alerts for that tag just like you would for a site or team notification.

Now when a site is tagged it automatically inherits the tag’s notification settings so nothing gets missed :)

Tag groups

You can also create 'tag groups'. Tag groups are perfect for larger team - apply notification settings to multiple related tags at once. Tag group notifications are applied when a site has all of the tags in the group, for example:

Label: 'Client production sites' Tags: client, production

Only sites with both the client and production tags will receive the configured notifications.

Wildcards

Oh Dear also supports wildcard matching for tag groups. This is particularly useful when you have a naming convention for your tags and want to create rules that apply to a range of tags.

For example:

• A wildcard tag region-* would match tags like region-eu, region-us, etc.
• *-production would match tags like client1-production, project2-production, etc.

To use a wildcard:

1. When setting up a tag notification, enter your wildcard pattern (e.g., production*) in the tag selection field.
2. Oh Dear will interpret this as a wildcard and match it against your existing tags.

Tag notifications provide a powerful way to organize and manage your alerts, especially when dealing with a large number of sites with different requirements. By effectively using tags, tag groups, and wildcards, you can create a notification system that's both flexible and precise.

Examples

You can a arrange your tags in any way that suits your team's workflow. Here are some examples of how you might structure your tags, groups and notifications:

• Site 1: production region-eu client spatie app
• Site 2: production region-us client laravel app
• Site 3: staging region-us internal marketing project-a
• Site 4: staging region-us internal app project-a
• Site 5: staging region-eu internal app project-a

Client production: production client

Defines all 'client production' sites to send alerts to a high-priority internal Slack channel, email the account manager and the customer point of contact. This ensures your team responds quickly to any critical issues.

Client non-prod: development client

Set all 'non-prod client' sites to send alerts to an internal developer Slack channel only.

Marketing projects: internal production marketing project-*

Delivers all marketing projects to your marketing group email.

Internal important: internal app production

Send a PagerDuty message to your SRE team for internal production services and an SMS to your US-based on-call team.

API #

We have added new API routes to manage tag notifications via the Oh Dear API.

Keep notifications up-to-date #

Tag Notifications provide a more flexible and efficient way to handle alerts, especially for teams managing multiple sites across various clients or environments. By defining notifications at the tag level, you save time, reduce the risk of missed alerts, and ensure the right people are always informed.

Ready to get started with Tag Notifications? Head over to the 'Manage Tags' section of your team settings to start.

If you have any questions or issues feel free to reach out to our support team.

Why use a status page #

A status page is a dedicated, Oh Dear hosted site where you can communicate the current status of your website or service to your users by posting status updates. It's a simple yet powerful tool for transparency and trust-building. Here’s why you should consider having one.

• Keep Users Informed: Communicate issues, such as downtime, slow performance, or scheduled maintenance, directly to your users. Instead of leaving them guessing or frustrated, they’ll know exactly what’s going on.
• Reduce Support Overhead: Proactively provide information and reduce the number of support tickets when issues arise.
• Build Trust: Transparency is key. Being open about issues builds trust with your users - a status page demonstrates that you are committed to keeping them in the loop.
• Improve User Experience: Users are more understanding of problems when they know what's happening and what to expect. By managing expectations you show that you’re on top of the situation.
• Centralised Communication: During an incident, a status page acts as a single source of truth, where all updates are published in real time. This ensures consistent messaging across all your communication channels.

Why Use Status Page Update Templates? #

Things go wrong. While there is pressure to resolve the issue, there is also pressure to communicate quickly and accurately. With our new templates, you can:

• Ensure Consistent Messaging: Keep your communications clear and consistent, reducing confusion for your users.
• Save Time During High-Pressure Situations: Apply a pre-made template, fill in the specifics, and publish your update in moments.
• Reduce Stress: No need to worry about drafting the perfect message; simply use a template and modify placeholders as needed.

Key Features #

Here’s why we think Status Page Update Templates are awesome.

• Named Templates: Create templates that are easy to find and apply.
• Flexible Fields: Not all fields are required—you can save a template with just a description or any other combination that suits your needs.
• Quick Apply: Simply select a template when creating a new update then make any necessary adjustments before publishing.
• API Support: Manage your templates with new API endpoints for listing, creating, updating and deleting templates.

Create your first template #

Getting started with Status Page Update Templates is easy:

1. Go to the 'Status Pages' section in your Oh Dear dashboard menu and select a status page to edit.
2. Select 'Status updates' in the sidebar.
3. Select 'Templates' tab.
4. Select 'Create Template'.
5. Fill in the name and any title, description, text, and severity level you need to use.
6. Click 'Save Template'.

When an incident occurs, you can select a template from the list while creating a status update, and modify any placeholders as needed.

API #

If you're looking to automate your status updates, we’ve got you covered! The Oh Dear API now supports managing status page templates with the following endpoints:

• List Templates: Fetch all saved templates.
• Create Templates: Add a new template with the desired fields.
• Update Templates: Modify existing templates.
• Delete Templates: Remove templates you no longer need.

Read the full API documentation to help you start managing your template integrations!

Examples #

View our incident libray to find example status updates to copy into your templates.

A More User-Friendly Approach #

We believe this new feature will make it easier for you to communicate effectively with your users. Whether you’re a small team managing one site or a large team overseeing multiple domains, having a set of templates ready can make all the difference during critical moments.

We have put together a library of ready-to-use templates designed to keep your users informed with clear, concise and consistent messaging.

• Maintenance
• Incidents
• Performance
• Informational

Maintenance #

Maintenance - 1. Scheduled

Title: Scheduled maintenance

We will be performing scheduled maintenance on [date] from [start time] to [end time] UTC. During this period [services] may experience [brief outages/slower performance/limited access] in the following regions: [regions]. We apologise for any inconvenience.

Maintenance - 2. Started

Title: Maintenance In Progress

Scheduled maintenance has started as planned. [Service] may be temporarily unavailable during this time. We are working to complete the maintenance as quickly as possible. Thank you for your patience.

Maintenance - 3. Completed

Title: Maintenance Completed

The scheduled maintenance has been successfully completed. All services are now fully operational. Thank you for your patience.

Maintenance - 4. Delayed

Title: Maintenance Delayed

The scheduled maintenance has been delayed and will now occur at [time] UTC. We apologize for any inconvenience this delay may cause.

Maintenance - 5. Extended

Title: Maintenance Extended

The ongoing maintenance is taking longer than expected and will be extended until [time] UTC. We are working diligently to complete the process as soon as possible. Thank you for your continued patience.

Incidents #

Incident - 1. Under Investigation

Title: Investigating Issues

We are aware of an issue impacting [service] and are currently investigating. Updates will be provided as soon as more information is available.

Incident - 2. Issues Detected

Title: Service Issues Detected

We have detected issues affecting [service] and some users may be experiencing slower response times. Our team is working to identify the cause and will provide updates as more information becomes available.

Incident - 3. Identified

Title: Issue Identified

We have identified the cause of the issue affecting [service] and are working on a fix. We will provide an update once we have more information.

Incident - 4. Partial Outage

Title: Partial Service Outage

We are experiencing a partial outage affecting [service]. Our team is actively working to restore full service. Thank you for your patience.

Incident - 5. Major Outage

Title: Major Service Outage

We are currently experiencing a major outage affecting [service] in [region]. Our team is working urgently to restore service. We will provide updates as soon as we have more information.

Incident - 6. Monitoring

Title: Monitoring the Situation

A fix has been implemented, and we are currently monitoring the system to ensure stability. [services] should be operating normally, but we will continue to observe performance closely.

Incident - 7. Resolved

Title: Incident Resolved

The issue affecting [service] has been resolved as of [time] (UTC). All services are now operational. We apologize for any inconvenience caused and thank you for your patience.

You can view the full incident report here.

Performance #

Performance - 1. Degradation Detected

Title: Performance Degradation Detected

We are currently investigating reports of degraded performance affecting [service]. Our team is working to identify the cause and mitigate the impact. We will provide updates as soon as possible.

Performance - 2. Identified

Title: Performance Issue Identified

We have identified the cause of the performance degradation affecting [service] and are working on a fix. Updates will be provided as we make progress.

Performance - 3. Monitoring Improvement

Title: Monitoring Performance Improvement

A fix has been implemented to address the performance issues. We are monitoring the system to ensure performance is fully restored. Thank you for your patience.

Performance - 4. Resolved

Title: Performance Restored

The performance issues affecting [service] have been resolved. All services are now operating normally. We appreciate your patience during this time.

Informational

Info - 1. Service Update

Title: Service Update

We have rolled out an update to [affected services]. This update includes [brief description of changes or improvements]. All services are operating normally.

Info - 2. New Feature

Title: New Feature Available

We are excited to announce a new feature for [services]: [feature name/description]. This feature will [briefly describe benefit]. Thank you for using our services!

You can view the full release notes in our blog post.

Info - 3. Announcement

Title: General Announcement

[Service] announcement: [description]. This will not impact service availability. Thank you for your attention.

We hope these new status page templates improve your communication processes and enhance your users' experience during service updates, incidents, and more.

Ready to try out the new templates? Head over to your status page settings and explore the options available. As always, we’re here to help - if you have any questions or need assistance, feel free to reach out to our support team.

Happy communicating!

By default, you will get email notifications to the email address you used to sign up. But you can also choose to receive alerts to your preferred platform. A popular choice for many of our users is Microsoft Teams.

But with the recent announcement from Microsoft about retiring the Office 365 Connectors within Microsoft Teams we had to provide a new way for you to connect with minimal effort.

Why the Change? #

Microsoft is phasing out Office 365 Connectors in Teams, which many of you relied on to receive updates directly in your channels. To ensure you continue to receive real-time alerts and notifications about your website's status, we have deployed an updated integration tailored for Microsoft Teams workflow apps!

How to Set Up the New Integration #

This update does not contain any changes to Microsoft Teams notifications content but it will allow you to migrate easily from Office 365 connectors to workflow apps.

The new update is as simple as creating a new workflow app with a 'post to channel' webhook event and using that unique URL in your Oh Dear notification conifguration. That’s it! Now your team will receive all critical updates right where you work.

Your current Teams notifications will continue working until Microsoft removes support on December 31st, 2024. But you can configure a new notification channel in Oh Dear and run the two side-by-side until you are ready to switch completly. Then you can delete the old connector!

Head over to the documentation for a step-by-step guide on how to handle the migration :)

Stay Informed! #

We know how important it is for you to stay on top of any potential issues with your website. Our new integration ensures that even with the changes from Microsoft, you’ll continue to receive reliable, real-time updates.

Got questions or need help setting up the new integration? Reach out to our support team – we are happy to help!

What’s New? #

Site History Filters

Our updated History page now includes powerful filters that allow you to filter by:

• Time Period: Narrow down incidents to specific days, weeks, or months.
• Check Type: Focus on specific types of checks such as uptime, performance, sitemaps and more.
• Result: Quickly find all failures, warnings or successful runs.

These filters give you the flexibility to quickly find the information you need, helping you identify patterns or recurring issues more effectively.

Team History

For larger teams, seeing the big picture across all monitored sites is crucial. Our new 'Team History' view provides an overview of all check failures across the sites that your team has access to along with the same filter options as site history.

Why? #

• Streamlined Monitoring: No more sifting through irrelevant data  - get to the information that matters quickly.
• Better Team Collaboration: By ensuring each user sees only the sites they have access to, teams can focus on their responsibilities without distractions.
• Improved Incident Response: Quickly identify which sites were affected and what issues are recurring, allowing for more effective problem-solving.

How it works #

Getting started with these new features is simple:

1. Navigate to the History page from your Oh Dear dashboard to view team history, or the History component from a site's sidebar menu to view site history.
2. Use the new filter options at the top of the page to customize your view by time period, check type, or specific sites.
3. Copy the link to your team so you can share it with other members of the team.

Built with Larger Teams in Mind #

These enhancements are particularly useful for teams managing multiple websites where staying on top of all incidents is essential. The new filters and Team History View make it easier to find and understand previous check runs.

We hope these new tools will help make monitoring even more effective for your team!

If you have any questions or feedback, don't hesitate to reach out to our support team.

Whenever we detect a problem, you’ll be notified via one of our many supported notification channels.

What is a sitemap? #

Sitemaps play an essential role in SEO. Having sitemaps with no errors helps to ensure search engines index your web pages correctly. With sitemap monitoring, you are assured you will be informed when your sitemap(s) condition degrades.

Technically, a sitemap is a file where you can list the web pages of your site to tell Google and other search engines about the organization of your site content. Search engine web crawlers like Googlebot read this file to more intelligently crawl your site.

How Oh Dear monitors your sitemap #

We can monitor your sitemap by checking if it's available and if the structure is valid. We will also visit each URL in the sitemap to check if it's available and if it returns a response code in the 200 or 300 range.

We will check the following things when monitoring your sitemap. We will check if:

• the sitemap is available at the specified URL
• visit each URL in the sitemap to check if it's available and if it returns a response code in the 200 or 300 range
• all URLs are unique
• the sitemap doesn't contain more than 50,000 URLs
• the priority of each item is between 0 and 1
• the frequency of each item is one of these values: always, hourly, daily, weekly, monthly, yearly, never
• last modified of each item is not in the future

If you are using a sitemap index, we will perform all these checks for all sitemaps mentioned in the index file. We also support gzipped sitemap indexes and sitemaps

How to configure Oh Dear to monitor your site map #

When you create a new site in Oh Dear, you can toggle on the sitemap check. Let's try it out by monitoring the semrush.com domain

We’ll try to check the sitemap located at <your-domain>/sitemap.xml. If your sitemap is saved somewhere else, you can specify a custom URL in the sitemap check settings.

Oh Dear will now check the structure of your sitemap and crawl all links. When the checking process is finished, you’ll see a report like this one.

Recently, we encountered degraded performance with our crawler service due to a breaking change in an underlying library called Guzzle. This caused HTTP 505 responses on the first page of each site, blocking further crawling and resulting in false positive reports. Although our uptime service showed everything was okay, some customers were incorrectly informed about unreachable pages in their broken links report.

Making sure this problem does not happen again #

We have over 1,200 tests that run on GitHub Actions with every pull request. To make sure all these tests are executed fast, we mocked all requests that happen inside our broken links and mixed content tests. Although this results in fast tests and consistent results (no network or external conditions), it missed this particular issue because that particular issue only occurred when making real network requests.

We added tests that perform real HTTP requests using our crawler service to validate end-to-end functionality under real-world conditions. This way, we'll make sure we don't hit this particular bug again.

Additonally, we posted a status update and responded to support tickets to inform users of the issue and began our investigation.

Up until now, you could configure these notification channels in our UI, but now you can do this via our API as wel.

What's new? #

Our comprehensive API documentation provides all the details you need to start managing your notification channels along with example payloads for each type of channel and event.

With this update it is now easier than ever to automate the applications you manage. For example, you could ensure a client email address or phone number is added to each site created and trigger a test notification once setup is complete.

The request payload is the same as the response body which makes it easy to copy your existing configurations across sites.

Examples #

Create a new email configuration for site siteId and send a test notification. It will respond to only two events (site down and recovered).

/api/sites/{siteId}/notification-destinations

{
  "test": true,
  "channel": "mail",
  "destination": {
      "mail": "example@example.com"
   },
  "notification_types": [
      "UptimeCheckRecoveredNotification",
      "UptimeCheckFailedNotification",
   ]
}

Update an existing team-level configuration (teamId and destinationId) to now use webhooks and respond to all Oh Dear events. This example will not send a test notification.

/api/team-notification-destinations/{teamId}/destination/{destinationId}

  "channel": "webhooks",
  "destination": {
    "url": "https://your-webhook-url"
  }

Did you know? #

You can also manage maintenance periods, post a status page message, enable/disable checks and much more using the API. There is also a PHP SDK and many third-party integrations ready to help you get started.

We’re excited to see how you’ll leverage this new feature to enhance your monitoring experience. Let us know what you are building or if you have any questions.

How it works #

1. As the team owner select 'Manage team' from the main menu
2. Navigate to the 'Security' tab and toggle 'Require two factor authentication' and hit 'save'
3. All users will now be required to enable MFA before continuing to your team's sites, status page and team admin pages

If you have not yet enabled enabled two factor authentication you can still access your other teams that do not have this requirement as well as your personal settings.

Did you know #

Even if you do not require MFA for your team you can still see which users have it enabled. See our other recent updates for more information.

1. View Your MFA Secret Key

Previously, users could set up MFA by scanning a QR code, which seamlessly integrates an authentication app. Now, in addition to the QR code, we provide the ability to view and copy the secret key directly.

This is especially useful if you prefer to manually input the secret into your app or need to back up your MFA details for safekeeping.

2. Check MFA Status of Team Members

Team owners can now view a list of all team members with their MFA status clearly displayed. This feature allows for better security management and helps ensure that all accounts have an added layer of protection. This is a great tool for identifying compliance with internal security policies requiring MFA.

We hope you find these new features useful in managing your team’s security more effectively. As always, we are dedicated to improving your experience and welcome any feedback or suggestions you may have!

Did you know you can add notes to downtime periods?

Measuring reduced CPU usage #

An easy riddle: can you guess when we were running on Ubuntu 20.04 and when we were on 22.04? The spikes in the middle were during the upgrades (when this server was taken out of rotation).

For the exact same workload, here's how the numbers work out:

• Avg CPU (user) on Ubuntu 20.04 LTS: 22.9%
• Avg CPU (user) on Ubuntu 22.04 LTS: 13.2%

That's a whopping 42% reduction in CPU usage just by upgrading the OS. 🥳

And this wasn't an isolated server, this was measured across multiple servers, across multiple (independent) cloud providers.

Purposefully simple workload #

Our satellite servers are spread worldwide and act as mere proxies for HTTP(s) requests. They are, on purpose, simple by design.

Each server has Nginx & PHP-FPM running, nothing more. It just takes in requests from our dispatcher, processes them by calling out to an external service (aka: our client website to monitor) and then returns the response.

After the upgrade;, we observered a significant increase in context switches for each server.

Because the workload has remained constant, I can only assume this dramatic speed up of context switches/interrupts is the direct cause of the performance improvements we're seeing. Happy to hear thoughts/theories on this!

Measured across dozens of servers #

Just for dramatic effect, here's the CPU usage of a few other servers, but without the fixed y-axis scale. Sorry data scientists, I couldn't resist skewing the scale to our advantage here.

Exhibit 1: a drop from ~16% CPU usage to ~10.3%.

Exhibit 2: a noticeable reduction in the CPU load as well:

On average, the CPU load went from 0.7 to 0.4.

Your mileage may vary #

Obviously, our setup isn't yours. We run pure PHP processes here, no databases/caches/file storage/... It may be a rather exceptional setup, as most environments would at least have some kind of persistence in the form of a database in the mix here.

But, the performance improvements are noticeable!

If you're still on Ubuntu 20.04 LTS - which gets support until 2025 - you might want to consider upgrading to the next LTS to get some noticeable speed improvements.

We should note: there's a lot of ways to upgrade servers, and the safest approach is to setup a brand new machine, move over your data, test things & then migrate your DNS records to the new server. Our cloud providers however do not allow the existing public IP addresses to move from one server to another. Since a lot of clients have whitelisted our IPs to get (unrestricted/un-ratelimited) access, we have to preserve them. For this reason, we're preferring in-place upgrades, where the IPs stay the same.

Backup the server first #

A lot of things can go wrong with in-place upgrades obviously, so it's best to be safe. You'll be installing a new Linux kernel, replace just about every package on the system (including glibc and openssl), and if anything goes wrong, your machine won't boot.

Ensure you have a back-up or a snapshot in place that you can restore from. This is also a good opportunity to test some of your disaster recovery practices, since you'll be taking snapshots & rolling back to them.

Updates first #

I always like to ensure that the machine we'll be upgrading is in the best state possible, before the update. That's why I'll update & reboot the machine first, to get a fresh system.

$ apt update
$ apt upgrade
$ reboot

After that, you should be running the latest Kernel on your Ubuntu 20.04 LTS.

Perform the upgrade to Ubuntu 22.04 LTS #

This is the type of step that is safest to perform through a console screen or VNC display. Ideally, you head over to your cloud provider of choice and open up the console there and login to the system as the local root user. This way, even if your SSH session(s) disconnect, you still have server access.

Because this process went incredibly smooth with our servers (and we have the fallbacks in place of snapshots/backups), we opted for the SSH approach instead.

Step 1: open a screen/tmux via SSH

Your SSH session might disconnect throughout the upgrades, so it's safe to start the process in a separate shell that you can (try to) reconnect to later, should it disconnect.

$ screen -S ubuntu_grade

You can detach yourself from the shell by hitting CTRL+A and then D.

Step 2: start the upgrade

In your shell, type:

$ cat /etc/issue
Ubuntu 20.04.6 LTS

This will confirm you're on Ubuntu 20.04 LTS.

Next, start the upgrade:

$ do-release-upgrade

In this process, you'll be prompted to make several decisions. I'll mark some of these below with a little explainer to each.

Third party sources disabled

Some third party entries in your sources.list were disabled. You can
re-enable them after the upgrade with the 'software-properties' tool
or your package manager.

To continue please press [ENTER]

You likely have 3rd party repos (ie: to get the latest PHP or Python versions). To avoid any interference of packages, those specific repos will be disabled during the upgrade. This is fine.

You might, as one of the first steps, encounter this message:

Invalid package information

After updating your package information, the essential package
'ubuntu-minimal' could not be located. This may be because you have
no official mirrors listed in your software sources, or because of
excessive load on the mirror you are using. See /etc/apt/sources.list
for the current list of configured software sources.
In the case of an overloaded mirror, you may want to try the upgrade
again later.

This happened to us for the Digital Ocean VMs. I believe it's because Digital Ocean includes some of their own reposities with their mirrors in the distributions, and by default those get disabled during the upgrade. To avoid that, restart the command with:

$ RELEASE_UPGRADER_ALLOW_THIRD_PARTY=1 do-release-upgrade

Once done, the upgrade will restart.

14 packages are going to be removed. 145 new packages are going to be
installed. 893 packages are going to be upgraded.

You have to download a total of 826 M. This download will take about
2 minutes with your connection.

Installing the upgrade can take several hours. Once the download has
finished, the process cannot be canceled.

 Continue [yN]  Details [d]

Obviously, we'll install new packages, so hit y to continue.

 Restart services during package upgrades without asking?                                                                                   
     <Yes>     <no>

In our case, each server we're upgrading gets taken out of rotation temporarily for us to perform the maintenance on. We're fine having the upgrader auto-restart services when needed, so we choose <Yes>.

Throughout the process you're going to get a lot of questions like these;

Configuration file '/etc/crontab'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** crontab (Y/I/N/O/D/Z) [default=N] ?

You made modifications to a file that the system upgrade would like to overwrite. These have to be decided upon on a case-by-case basis. After all, you know your system best. In the above example, we have custom cronjobs per server, so we'll choose N (the default value) to keep our version of the file.

Whenever possible, I'll opt for answer I where the default package version can get used, but you need to know the scenario's in which you can use that.

One of those scenario's for instance is sysctl.conf;

Configuration file '/etc/sysctl.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** sysctl.conf (Y/I/N/O/D/Z) [default=N] ?

If you've not made any changes there (and it's unlikely you did), best to pick option I here for the package defaults. This is the file that is used to override default kernel parameter values. And since you'll be upgrading several kernel versions higher, I find it safest to take whatever the package maintainer opted to include in there. They probably know kernel tuning more than I do.

Note: some of these prompts will be pure text/cli, some will be in an ncurses-like UI. The UI might be different, but the questions/answers and logic to deal with them are the same in all scenario's.

System upgrade is complete.

Restart required

To finish the upgrade, a restart is required.
If you select 'y' the system will be restarted.

Continue [yN]

Now's the moment of truth: hit y to reboot!

Step 3: verify the upgrade

Once the server has rebooted, log in and verify the upgrade is completed:

$ cat /etc/issue
Ubuntu 22.04.4 LTS

Step 4: cleanup obsolete packages

There might still be a few packages on the system that you can now cleanup.

$ apt autoremove

This will prompt you to uninstall packages that seem obsolete, but the decision is ultimately yours.

Have a look at the installed packages and see if any of these are no longer needed (think: old PHP versions).

$ apt list --installed

You're good! #

If all went well, you've now upgraded your machine successfully to the latest LTS version (at time of writing).

Now it's up to you to validate that your application(s) are still functional.

Technically these badges are svg's, so they are very lightweight to embed.

The default badge #

The default badge shows the name of a site and its uptime status.

Here's the actual badge for freek.dev

Hopefully, freek.dev is up while you are reading this. Should freek.dev be down, the badge will be colored red.

The small badge #

The small badge is a smaller version of the default badge that only shows the status of a site.

Here's the actual small badge for freek.dev:

Where to find the badges #

For each site and status page in your account, you can find the badges in the "Badges" tab. On that screen, you can easily copy the HTML code to use the badge you want.

The malware targets apps with APP_DEBUG set to true. When enabled, Laravel will give detailed error messages, and some security features will be disabled. In production, you always want this value to be set to false.

You can make sure it's always set to' false' using Oh Dear’s application monitoring feature. We can notify you whenever someone should set it to true. Let’s go through the steps required to set this up.

Installing Laravel Health in your Laravel app

The spatie/laravel-health package can monitor the health of your application by registering one of the available checks. Out of the box, it can monitor if your application is in debugging mode.

Using Laravel Health, you can check many other things, such as used disk space, whether or not Horizon is running, and [much more]!

You can install the package using composer.

composer require spatie/laravel-health

You’ll find full installation instructions here.

To register the debug mode check, you can put this code in a service provider.

// typically, in a service provider

use Spatie\Health\Facades\Health;
use Spatie\Health\Checks\Checks\UsedDiskSpaceCheck;

Health::checks([
   DebugModeCheck::new(),
   
   // other checks can come here
]);

Adding a health check endpoint to your Laravel app

Oh Dear’s application health check works by sending an HTTP request to your application to a specific endpoint to get health check results. Your application should respond with JSON containing the result of health checks.

The spatie/laravel-health package can add such an endpoint to your Laravel app. To do this, must configure the ohdear_endpoint_key in the health config file.

You can publish that health with this command:

php artisan vendor:publish --tag="health-config"

These are some of the default values in the published health config file.

// in app/config/health.php

/*
 * You can let Oh Dear monitor the results of all health checks. This way, you'll
 * get notified of any problems even if your application goes totally down. Via
 * Oh Dear, you can also have access to more advanced notification options.
 */
'oh_dear_endpoint' => [
    'enabled' => false,

    /*
     * When this option is enabled, the checks will run before sending a response.
     * Otherwise, we'll send the results from the last time the checks have run.
     */
    'always_send_fresh_results' => true,

    /*
     * The secret that is displayed at the Application Health settings at Oh Dear.
     */
    'secret' => env('OH_DEAR_HEALTH_CHECK_SECRET'),

    /*
     * The URL that should be configured in the Application health settings at Oh Dear.
     */
    'url' => '/oh-dear-health-check-results',
],

To get started:

• set the enabled config option to true
• add a secret (we recommend putting it in the .env file, just like you would do for any application secret or password)
• optionally customize the url where the health check endpoint will be registered.

Configuring the health check at Oh Dear

At Oh Dear, you can create a new site to monitor and enable the application health check.

In the application health check settings screen at Oh Dear, you should fill in the URL and secret that you specified in the health config file.

And with this set up, Oh Dear will send you a notification whenever somebody should set APP_DEBUG to true.

In closing #

Oh Dear’s application health check can be used to warn you whenever somebody turns on debugging mode of your app, but also a lot more other things can be checked:

• disk space is running low
• the database is down
• Redis cannot be reached
• mails cannot be sent
• a reboot of your app is required
• ...

Next to this application health check, we also offer a scheduled jobs check. You can sync your application's schedule to Oh Dear using the spatie/laravel-schedule-monitor package. We can notify you whenever a scheduled task is not running on time or not running at all.

Laravel Pulse is a first party package that can display a dashboard with information surrounding usage and performance of your Laravel app. Here’s how a default installation looks like.

Discovering the cards #

The first Pulse card one displays if you site is up, and recent response times.

This card, and also the other two, also support dark mode.

Oh Dear can monitor if the scheduled jobs of a Laravel app run on time. Using the spatie/laravel-schedule-monitor package, you can sync the schedule of your app to Oh Dear.

The cron Pulse card displays when your scheduled jobs have run for the last time, and if they ran on time. Very powerful stuff if you ask me.

The last card can display any broken links of your app. This card is powered by Oh Dear’s broken links check, which crawls your entire site.

Installing the cards #

To use these cards, you have to pull in the package in your app via Composer.

composer require ohdearapp/ohdear-pulse

In your config/services.php file, add the following lines:

'oh_dear' => [
    'pulse' => [
        'api_key' => env('OH_DEAR_API_TOKEN'),
        'site_id' => env('OH_DEAR_SITE_ID'),
    ],
],

You can create an API token on the "API Tokens" page at Oh Dear. You'll find the site ID on the "Settings" page of a site on Oh Dear.

You can add the cards to your Pulse dashboard, by first publishing the Pulse's dashboard view:

php artisan vendor:publish --tag=pulse-dashboard

Next, add the cards to the resources/views/vendor/pulse/dashboard.blade.php file:

<x-pulse>
    <livewire:ohdear.pulse.uptime cols="4" />
    
    <livewire:ohdear.pulse.cron cols="8" />

    <livewire:ohdear.pulse.brokenLinks cols="8" />
    
    {{-- Add more cards here --}}
</x-pulse>

You’ll find the code in this repo on GitHub.

So, when our users have feature requests that make sense to add to Oh Dear, we can move fast. In the past month, we implemented two smallish feature requests for our DNS check we got through support.

Here’s what our new DNS settings screens look like. The first option, monitoring different CNAMES, was already added a few months ago.

We now added the ability to disable the check whether all of your nameservers are in sync. Under normal circumstances, DNS nameservers of a domain are in check. But in advanced setups, this might not be the case. That’s why we added the option to disable that aspect of our DNS check.

The second option is the ability to monitor the DNS of your main domain. This option is only available if the site you’re monitoring is on a subdomain. Some of our users wanted to simultaneously monitor the site on the subdomain and the DNS records of the main domain.

We hope you like this improvement. Should you have any ideas or feature requests to improve Oh Dear, let us know!

Oh Dear can run this check frequently for your site, informing you when SEO-related problems arise. Our check may suggest optimizing images or minifying JavaScript to improve performance. By implementing these suggestions, a website can become faster, more accessible, and more secure, improving its ranking in search engine results.

In our UI, you can watch how your key metrics evolved over time.

By upgrading to v11, many more audits have been added. You can learn more in this announcement post of Lighthouse v11.

We hope you like this improvement. Should you have any ideas or feature requests to improve Oh Dear, let us know!

Whenever we detect problems with your DNS records or when one of the DNS records changes, we can notify you. By default, we only monitor the DNS records of the domain you are monitoring. So when you're monitoring example.com, we'll only monitor the records of that hostname.

A CNAME record is a special kind of DNS record. It can be looked at as an alias or - in Linux terms - a symlink to another record. That record has a name, e.g., mycname, and a value it points to e.g. someotherdomain.com.

In the example above, the hostname of the record is not example.com but mycname.example.com. That is why we don't monitor it by default: it's not part of the main domain, and DNS query responses don't return these records by default. They are hard to discover.

We've now added the ability to specify the CNAMEs of your domain. You can do that in the DNS settings of your site. Here's an example where we want to monitor the technical CNAME record of freek.dev

When you've added these CNAMEs, Oh Dear will monitor these records too, and notify you whenever they change or disappear.

CNAME records are vital to most modern web apps, and we are glad we can now monitor these as part of our DNS check.

By default, this check will notify you when your site returns a non-2xx response, but you can greatly customize that behavior.

You can check if the response has certain headers, if the response contains a particular string, and more!

Some of our users requested a new behavior: checking the absence of a string on the response. We're happy to share that we've now added that feature.

This way, you can ensure that a string like "An error occurred" does not appear on your page. As soon as it does, we'll send you a notification.

We hope you like this little improvement. Should you have any ideas or feature requests to improve Oh Dear, let us know!

One thing that needed to be added was the ability to read all notification settings in your account. A few of our users requested this; it made sense to add this, so we did just that. A benefit of choosing a smaller company like Oh Dear (we're only two people) is that we can move very fast and quickly add features when customer requests come in.

Because the results of these API calls can contain sensitive values, only admins and team owners can use the new endpoints.

Let's try out one of the news endpoints. The /API/team-notification-destinations URL will return all notification destinations defined on the team level for all your teams.

{
  "data": [
    {
      "id": 123,
      "team_id": 1,
      "channel": "mail",
      "destination": {
        "mail": "john@example.com"
      },
      "notification_types": [
        "UptimeCheckFailedNotification",
        "UptimeCheckRecoveredNotification",
        ...
      ]
    }
  ]
}

If you want to know more about the new endpoints and our API in general, head over to our extensive API docs.

Using this program, you can generate a link (like https://ohdear.app?via=your-name) that you can include in your blog posts, tweets, or anywhere on the web. If somebody clicks that link and subscribes to Oh Dear in the next 30 days, you'll get 25% of the revenue of the first year of that subscription. The more people subscribe via your link, the more money you earn.

When you create your affiliate account, you'll get access to a nice dashboard showing you a clear overview of all your clicks, conversions, and money your links generated.

You'll find more info on all of this on our brand new (and beautiful) affiliate program page.

Behind the scenes, Oh Dear uses Postmark to send out mails. Postmark will inform us whenever a notification mail results in a hard bounce. A hard bounce means that the mail won't be delivered. The most common reason for this is that the mailbox doesn't exist (anymore). This can occur when somebody changed jobs and the work email address doesn't exist anymore.

Whenever Postmark informs us about a hard bounce, Oh Dear will determine which team that email belongs to. It wil send a mail to the owner of the Oh Dear team asking to correct the email address or to remove the member from the team.

For most cases this is fine, but what if it is the email address of the team owner itself that bounced? In this case we obviously can't mail the team owner anymore.

As of today, whenever an users logs in who's email has bounced (team owner and other members), we'll display a warning to update their email address. Here's how that looks.

We hope that this will be let people understand faster why they didn't get an alert they were expecting.

Today, we've launched our social login. This feature allows you to use your Google or GitHub account to log into Oh Dear.

You'll see these two new buttons on the registration and login page.

When clicking one, we'll use your Google or GitHub account to log in. When logging in, we'll search for an Oh Dear account whose email matches the email used for your Google / GitHub account.

Using this feature, you can log into your Oh Dear account with a single click.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry, and more. We send notifications when something's wrong. All that paired with a developer-friendly API and kick-ass documentation.

In the "Responses" section of the uptime settings page, you can specify which headers we should verify.

You could add this expectation to ensure your page uses gzip compression.

If you want to verify that a particular header is set on the response, regardless of its value, you can use the "matches pattern" condition and the * wildcard as the value. In this example, we'll verify that the response contains a header named laravel-responsecache with any value.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry, and more. We send notifications when something's wrong. All that paired with a developer-friendly API and kick-ass documentation.

Today, we are launching our PagerDuty integration. PagerDuty is a cloud-based incident management platform that helps organizations improve operational reliability by providing real-time alerts, on-call scheduling, and incident tracking.

Once the PagerDuty integration is set up, Oh Dear will automatically open and close incidents at PagerDuty when we detect problems. PagerDuty will then notify the right people that are on call through email, SMS, phone calls, and iOS & Android push notifications.

Getting started with our PagerDuty integration is straightforward. Go to the team or site notification screens, and create a new notification destination of type "PagerDuty."

You'll find all the details on getting the values to fill out the form in our docs.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry, and more. We send notifications when something's wrong. All that paired with a developer-friendly API and kick-ass documentation.

Today, we've deployed a redesign of these status pages. In this iteration, everything is more polished. We picked a new font and colors and added some icons to make the status page a bit more visually interesting.

In addition to the cosmetic upgrade, we also added a significant new feature. We can now display 60 days of uptime history for your sites. Here's what that looks like (taken from the Flare status page).

Every bar in the graph is a day. It's colored green when uptime is above 99% and orange when it's below that threshold. Of course, you can configure that threshold for your particular status page.

When you hover over a bar, you can see the exact amount of downtime.

We'll show the uptime history by default for a newly created status page. For the old status page, you'll need to manually enable it in your status page's settings.

We hope that you like this addition to Oh Dear! If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer-friendly API and kick-ass documentation.

We've made a nice quality-of-life improvement to that Broken Links Report. In addition to displaying the broken link URL and the page on which that broken link was found, we now also display the link text of that broken link.

That link text will greatly help you to pinpoint the exact location of the broken link on the page where it was found.

This improvement was suggested by one of our users. We're always open for feature requests. If we think a feature might be useful for most of our users, it usually gets implemented pretty quickly.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

When the uptime check detects that your site is down, it will notify you via one of our many available channels.

The check will also create a downtime period visible on the uptime check results page. Here's what those downtimes might look like.

The screenshot above shows the new little feature we introduced: you can now add notes to downtime periods. You could use these notes to add extra details on why the downtime happened or what actions you took. Examples could be: "Process X was overloaded" or "We've contacted our hosting partner, and they said they had connectivity issues in their data center."

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

Today, we are launching our Opsgenie integration, a modern incident management platform.

Opsgenie’s on-call scheduling allows you to set up escalation policies, so that if a notification isn’t handle within a certain timeframe, it will automatically be escalated to the next person in the on-call rotation. This ensures that critical notifications are always being addressed, even if the first person notified is unavailable or unable to resolve the issue.

Here's an example of such an escalation policy and on-call schedule.

Oh Dear can now automatically open and close alerts at Opsgenie when we detect problems with your site. Opsgenie will then notify the right people that are on call as specified by the escalation policy.

Here's how an alert that was created for an incoming Oh Dear notification looks like in Opsgenie. As you can see we send extra information about the particular issue we detected. In this case we added some information on the expired notification.

Configuring Oh Dear to send notifications is pretty easy. All you need to do is to get an Opsgenie API key on the team level and use that in the a newly created notification destination.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

Our broken links report had two main categories:

• external broken links: these are links on your site that point towards a page on another site
• internal broken links: these are links on your site that point towards a non-existing page on your own site

In both categories, the problem is caused by something related to the site's content. In most cases, a page you're linking to was removed or archived. The solution is often letting the content manager of the site fix this.

Today, we're introducing a third category in our report: internal broken links that resulted in a 5xx status code. This 5xx range of status codes signifies that the URL is correct but that the application could not respond appropriately because of an internal error. In most cases, this problem should be solved by a developer.

Because page visits that result in a 5xx response are more noteworthy, we decided to put these on top of our report.

Here's what our broken links report now looks like.

We hope that you like this little addition to our UI. It might not be a revolutionary feature, but getting many of these small details right can make a big difference.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

When heading over a site's settings, you'll see the new "notes" field.

Here you can add some important information to the site, for example, some details on the SLA or technical details, ...

When you saved notes on a site, we'll show it when hovering over the site on the site list.

Of course, you can also get to these notes via the API.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

On their site, they published an in-depth case study on how they rewrote marketing copy, chose new colours and redesigned entire pages.

Check it out: https://digitalwithyou.com/cases/oh-dear

In the past, we've seen users reach out to support to change the owner of a time for a variety of reasons.

You can now change the owner of the team without contacting support. Just head over to the team settings and scroll down. As the owner of a team, you can move ownership to another member of your team.

Because this action cannot be reversed, it needs to be confirmed.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

The audio quality is not perfect, but it should still be understandable.

To do that, we've introduced the ability to add tags to a site.

Tags can be used for instance how important it is to fix a problem with the site immediately. Possible tags could be important or has support contract. Another use case would be to add the technology used, tags could be named wordpress, laravel, js.

When adding a site to Oh Dear, you can now create or pick tags for that site.

Picked tags will be visible across our UI.

We will also display the tags in all notifications for a site.

Finally, we'll also add the tags to the response of any API call that returns a site, and [all webhook notifications](You can use tags to for instance visually mark them as important.).

Should you want to change the tags of a site, head over to the site settings, and take a look at the "Tags" section.

You'll also find a "Tags" page in the team settings.

On this screen, you'll see an overview of all tags used across your sites. When you edit or delete tags here, they will be edited or deleted for all sites they are associated with.

In closing #

Tags is very handy when you want to add a little bit of information about a site.

We very much try to keep our UI simple. Tags are very easy to easy, and if you don't need tags, they won't get in your way.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

Some of our users have a global, multi-lingual audience. That's why we now added support for a status page to be displayed in multiple languages.

If you want to translate your status page, all you need to do is activate some of the languages at the new "Languages" screen on your status page.

As soon as a status page has more than one active language, it will display a drop down where a visitor can select a language.

Of course, you can also add a message in multiple languages on your status page. When multiple languages are activated for a status page, you'll see a language dropdown when creating an update. This will allow you to add a translation for the new update in any language your status page supports.

We hope that you like this new feature.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

To use the API, you first need to create an API Token in the Oh Dear UI. Previously, such a token could be used to make API calls to any site or status page in your Oh Dear account.

We noticed that some of our users are agencies that use Oh Dear to monitor their clients' sites. When such an agency passes an Oh Dear API Token to one of their clients, then that client could potentially use the broadly scoped token to view the results and settings of other clients of that agency.

In general, it's best practice to scope down the abilities of the token to the bare minimum it needs to do in the integration where it will be used.

Today, we're launching the ability to scope an API Token by site or status page. When creating a token, you can pick the sites and status pages it should have access to.

We hope that you like this nice addition.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

What is Lighthouse #

Lighthouse is a tool provided by Google for improving the quality of web pages. It has audits for performance, accessibility, progressive web apps, SEO, and more.

One of the key benefits of this check is that it provides specific, actionable suggestions for improving the quality of a website. For example, it may suggest optimizing images or minifying JavaScript to improve performance. By implementing these suggestions, a website can become faster, more accessible, and more secure, improving its ranking in search engine results.

When the Lighthouse check is enabled for your site, it will be run on a daily basis.

Seeing Lighthouse results at Oh Dear #

When the Lighthouse SEO check is enabled for a site, you can see the results for your site on the Lighthouse check page. This page contains the scores, key metrics, and a graph picturing the trends of results

Here's how it might look like.

When you scroll a bit down, you'll see the full report as it was generated by Lighthouse, that contains the results and recommendations by all Lighthouse audits.

Get notified when Lighthouse detects issues #

Oh Dear can send you a notification when one of the scores or metrics are not within expectations. On the settings page of the lighthouse check you have fine-grained control of when we should notify you.

Here's an example notification.

In closing #

We think that the Lighthouse SEO check is a very powerful addition to our feature set. It will help you rank better on Google and get notified whenever an update to your site hurts SEO ranking.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

We feel that our new design should speak for itself, so we highly recommend visiting the home page, browsing a bit around, register an account, or log in, and discover the redesigned app yourself.

If you've been using Oh Dear before, you'll notice that we polished everything, and the UX should be much better.

To read more about why and how we redesigned the service and want to read some technical details, head over to this extensive blog post on Freek's blog.

We hope you like the redesign as much as we do!

We're currently targeting the end of September timeframe to launch our redesign. In this blog post, we'd like to give you a preview of the redesign.

The marketing site #

One of the most important pages is, of course, the homepage. Here's what our current one looks like.

And here's the redesigned one:

You can see that together with redesigning our site; we're also updating our logo.

On the redesigned homepage, there's a lot of content below the fold that's not shown in the screenshot above. We explain which features there are, show some testimonials and explain our pricing. Here are some more screenshots of the stuff below the fold.

You can't see in these screenshots that there are a lot of subtle animations.

We're also updating our docs section. Here's what it currently looks like.

And here's what the redesigned docs look like.

This is just a small preview of the new marketing site. I hope it's clear that we're not just updating details but are rebuilding it from the ground up.

The Oh Dear application UI #

The public marketing pages are important for us as we hope they'll convince more people to use our service. But we didn't stop at the marketing site. We've also totally redesigning the app itself, solving long-standing usability issues in the process.

The sites list

The current app UI is now almost five years old. We designed it when Oh Dear only offered its initial four checks. At the moment of writing, we offer nine checks. Here's what our current site list looks like.

You can see that, with nine checks, it's a bit busy.

Here's what the redesigned list looks like. Don't mind those red dots at the performance checks, that's just because of seeded data.

You can see that this list is much calmer. We only show the issues that we find. If no issues are found, the dot before the site will be green.

When you click those three dots at the end of a row, you'll see a little submenu that allows you to navigate to common pages for that site.

Let's take a look at the old site overview page.

Not too bad, but it's much better in our redesign. We'll show a lot more helpful information by default.

Again, those three dots allow you to take relevant actions or pages for a check.

Notifications preferences

Let's go to another important part of our application. Oh Dear can send you notifications whenever we detect something wrong with your site. There are many notification channels: mail, Slack, Telegram, Discord, ... On the team notifications screen, you can configure for which events we should send on a particular channel.

Here's what the current screens look like. We have screens per channel, and on the list of a channel you can see all the possible notifications we can send.

The problem with this setup is that it's hard to see which channels you have configured. To do that, you'll have to click "Mail", "Slack", "Discord", ... in the sidebar and check if you have something configured.

In the redesign, we've revamped this screen. Instead of screens per channel, we only have one screen that shows all notification configurations.

On the list we don't show all those notifications toggles anymore. Instead, we show how many notifications are configured for the channel. If you want to see which notifications, you can edit a configuration.

Configuring status pages

In addition to monitoring sites and applications, Oh Dear also offers beautiful status pages. The status pages allow you to communicate the health of your service to your audience. Here are some Oh Dear powered status pages for the Laravel organization and Flare.

We almost didn't dare to share a screenshot of how the UI now looks to set up a status page. It's kind of messy.

Sure, you can do a lot here, but it isn't pleasing to the eyes. In our redesign, we've vastly simplified this list. Here's what it looks like.

If you click on of the status pages, you'll see this status page overview.

Notice how similar this all looks to the site list and site overview. This is a benefit to us: if you are already familiar with sites, you'll immediately feel at home when working with status pages.

In closing #

We hope that you liked this preview of our upcoming redesign. Currently, we're styling all of the separate settings screens. It's still a lot of work, but we'll get there. As mentioned above, we aim to launch this around end-of-September.

At that time, we'll also write some blog posts with technical details on the redesign. I can already share that we've built this using Laravel, Livewire, Alpine and Tailwind.

Oh Dear is the all-in-one monitoring tool for your entire website. Now is the perfect time to start monitoring your site using our ten-day free trial. When we launch our redesign, we'll also increase our prices. Old customers will always keep the current prices.

We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer-friendly API and kick-ass documentation.

In a production environment, you want to cache these things. Laravel makes this easy by offering a couple of Artisan commands that you can use in your deployment procedure.

php artisan optimize # will cache routes and config
php artisan event:cache # will cache events

By caching these things, you'll improve the performance of your Laravel app

Using our application health check, you can get notified when things are not cached in production.

Oh Dear will not run any code inside your application or server. Instead, you should perform the checks yourself. Oh Dear will send an HTTP request to your application to a specific endpoint. Your application should respond with JSON containing the result of health checks.

Spatie's Laravel Health package can build up the JSON the Oh Dear expects. Here are the docs on how to do that.

Laravel Health is a package that can detect various problems that are going on with your application and server. It can check disk space, cpu usage, if Horizon is running, and much more.

The package has a new check that makes sure wether routes, config and events are cached.

This is how you can use it. Check in the package can be registered via Health::check() function.

// typically in a service provider

use Spatie\Health\Facades\Health;
use Spatie\Health\Checks\Checks\OptimizedAppCheck;

Health::checks([
		// other checks...

    OptimizedAppCheck::new(),
]);

This check will pass if the config, routes and events are cached.

If you only want to check certain caches, you can call the checkConfig, checkRoutes and checkEvents methods. In this example, we'll only check for cached config and routes.

use Spatie\Health\Facades\Health;
use Spatie\Health\Checks\Checks\OptimizedAppCheck;

Health::checks([
		// other checks,

    OptimizedAppCheck::new()
       ->checkConfig()
       ->checkRoutes(),
]);

With that OptimizedAppCheck in place and Oh Dear app configured, this is what it looks like when something is not cached.

This is a Slack notification, but it will look similar on all notification channels we offer.

Oh Dear's new Domain check can send you a notification days before your domain expires. This way, you still have time to renew it.

Introducing RDAP #

To monitor domain names, we rely on RDAP, which stands for Registration Data Access Protocol. It is a standardized protocol managed by IANA, the non-profit organization that manages IP address allocation, DNS, and more... RDAP is the successor of WHOIS. The most significant improvement is that all information in RDAP is standardized, whereas information in WHOIS is available as unstructured text.

Registry operators of most TLDs (.com, .net, .org, ...) send information about the domains they manage to RDAP so anyone can query the information. Unfortunately, not all TLDs are supported.

Most notably: .be and .nl domains are not supported, but they will be in time.

How we monitor your domain #

Using RDAP, we can determine important dates of a domain, such as the registration and expiration date. When you turn on domain monitoring for your domain, we'll check RDAP several times a day. We'll send you a notification when your site is not listed in RDAP or if your domain expires in the next 10 days. The number of days can be configured in the domain settings of a site.

We will not spam you with domain check notifications: we'll only send you one per day.

Additionally, we'll also fetch the domain status codes. These are special attributes that can be set on a domain name. You'll find a list of all codes and their meaning on the EPP status codes page of Icann.

One of the most important ones is clientTransferProhibited, which signifies that your registry will automatically reject domain transfer requests, significantly preventing domain theft.

Here's what the domain check results look like in our UI:

As mentioned above, our domain check is not available for all domains because not all domains are supported by RDAP. We expect each domain to be supported in the next couple of years.

You'll find an up to date list of each supported domain in our docs.

In closing #

We hope that you will like this new check. If you already have an Oh Dear subscription, you can now enable it for any site that you are monitoring.

Behind the scenes, we're working on a couple more improvements to our service. And later this year, we'll launch a total redesign, of which you can already see a preview in this blogpost.

If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.

From Sketch to code #

One of the tasks that needs to be done to go from design to code is extracting the colours used in the design. In our case, the designer already put together a specific palette of colours and defined it within the Sketch file. We copied over those colours and renamed them a bit so they fit nicely in our tailwind.config.js.

extend: {
	colors: {
		'bg-blue': '#...',
		'darkish-blue': '#...',
		divide: '#...',
		whiteish: '#...',
		green: '#...',
        ...
	},
	...
}

Not all colours were named

While implementing the design, more and more colours kept popping up that were defined in the inspector as a plain hex code, instead of a named color.

As we already had to rename the tracked colours, I didn’t think it would be helpful to ask to designer to go through the document and give every specific color a name. We would have to know the desired naming pattern and we didn’t know what would be the best approach.

The design is also very complex with a lot of gradients and nuances created by use of different opacities. Going through all the layers and track all those colours would be very time consuming. We decided to leave the document as is and look for another alternative.

Tailwind to the rescue, or not?

The first solution we ended up with was using tailwind classes with arbitrary values like text-[#0C0515] or bg-[#0C0515], which is supported since [JIT mode]. This made it really easy to give an element a very specific color without the need to think of a name and having to define it in the tailwind config file. This felt like a real time-saver.

Although this worked well at the beginning we started to discover more and more colours that kind of looked the same but had a different hex code. As hex codes can vary a lot, while looking visually the same, and vice versa, it wasn’t easy to search occurrences of previously used hex codes that were close to a specific color.

This also resulted in code that was flooded with arbitrary values that didn’t make the use of color much consistent. Dark mode was also on the list of features to implement, and adding dark mode specific hex codes wouldn’t make it any cleaner.

Difficulty of going a shade lighter or darker

Another difficulty we faced was the ability to play with a slightly lighter of darker shade. Sometimes a different colour would look better on the web compared to what was used in the design. To do that we adjusted the hex code, which then turned into yet another unique arbitrary value. We figured that having all those arbitrary values would lead to more inconsistencies and a bigger than necessary css bundle housing all those colours.

At this point we thought it would be great if we could use Tailwind’s colour system. Going a shade lighter or darker is as easy as lowering or increasing the number in the class. For example text-blue-500 is lighter than text-blue-600. There was only one problem, the standard colours didn’t match the used colours in the design. So we had to extend the existing set of colours.

Creating our own color palettes #

We created our own color palettes through a series of easy to reproduce steps.

1. Index all colours

The first step we took was index all colours used in the design. And put them in a separate art-board in Sketch. We ended up with something like this:

2. Group the colours

Next we grouped them by color, and we could already spot different colours that were almost similar and could be consolidated into a single color:

3. Fill in the blanks

After grouping them we started to order them from light to dark. As we didn’t have step-based shades for each colour yet we filled in the blanks where needed. We ended up with five base colours and a few specific colours with fewer shades:

As you might notice we ended up with a higher resolution palette than the standard 9 shades per base color. This is because the design contained many colours that were slightly lighter or darker. We tried to replace a specific X50 for a X00 instead, but the difference in color was often too big. So we needed those subtle variations in shades and decided to create shades of the base colours in steps of 50 instead of 100.

But you won’t be using all those colours!

That’s true, but with Tailwind that’s not a problem. Thanks to the ability to purge all unused styles the final CSS bundle will be small no matter how much colours we define in the config.

The only downside is that your tailwind config can grow pretty large while having so many colours. If you would really dislike that you can always extract the colours to a separate file and then include that in the config file.

4. Import and replace

After having all the hex codes imported in the tailwind config we replaced all the hex codes in the html with the newly available color classes. The code now looked cleaner as the color + a number was more familiar than a hex code. It’s now also easier to play with the shades as we only need to increase or lower the number in the color class at the end by 50.

In conclusion #

The best way of exporting colours from design to code is very dependant on the tools and frameworks you use. In our case we use Tailwind as a CSS framework and we were already familiar with its color system. If you don’t use Tailwind a different approach might be better, although I could still see how the method described in this post can be applied on any project.

Creating the system was a bit tedious and time consuming. Most time was spent on ordering the colours and filling in the blanks which was done by hand. However, many weeks have been passed by now since implementing the color system and we are still very happy with it. It’s definitely an investment worth doing.

In the next post I will go into more detail on how we are implementing dark mode.

Do you have a question or feedback? Feel free to send a reply via Twitter.

When you click that, it opens up a nice command palette. You can use this to navigate to anywhere in our service quickly.

If you want to go to the performance graph of your site, just type "performance", ...

... and type the site's name you want to see the performance results of.

When selecting the site, you'll get taken to the performance results.

In many cases, this is much faster than clicking on the site and then going to the right check results yourself.

The command palette has commands to navigate to almost anywhere in our UI, and tasks like logging out, and switching teams.

If you want to know more details on how this works under the hood, check out this blog post on freek.dev.

We hope that you'll like this addition to our UI.

Today, we added the ability to view the status page as JSON (or XML if that is your thing). You just have to append /json (or /xml to the status page URL. So for the Laravel status page, you'll find the JSON at status.laravel.com/json.

Here's what the response looks like:

{
  "title": "Laravel Service Health Dashboard",
  "timezone": "America\/Chicago",
  "pinnedUpdate": null,
  "sites": {
    "Ungrouped": [
      {
        "label": "envoyer.io",
        "url": "https:\/\/envoyer.io",
        "status": "up"
      },
      {
        "label": "forge.laravel.com",
        "url": "https:\/\/forge.laravel.com",
        "status": "up"
      },
      {
        "label": "laravel.com",
        "url": "https:\/\/laravel.com",
        "status": "up"
      },
      {
        "label": "vapor.laravel.com",
        "url": "https:\/\/vapor.laravel.com",
        "status": "up"
      },
      {
        "label": "nova.laravel.com",
        "url": "https:\/\/nova.laravel.com",
        "status": "up"
      }
    ]
  },
  "updatesPerDay": {
    "1652245200": [],
    "1652158800": [],
    "1652072400": [],
    "1651986000": [],
    "1651899600": [],
    "1651813200": [],
    "1651726800": []
  }
}

By offering JSON (and XML), your users can integrate the status of your service better in their systems. If you forget the exact URL, you can access the JSON (or XML) version via "Subscribe to updates" dropdown in the header of a status page.

Alternatively, your users can also subscribe to updates of your status page via Slack. You'll find more info about that in this blog post.

It all started with Sketch #

Before we started the build process we had every page redesigned upfront by the talented team of DWY. They have been instructed to design something unique that would make Oh Dear look and feel next level. We think they did a perfect job. The result was a Sketch file containing approximately 25 pixel perfect page designs. Each containing about 5 to 10 sections that exist out of multiple components and unique design elements.

This resulted in approximately 100 components to be build. Many of those components contain a unique visual sub-component which ideally should become interactive in many cases.

That’s not all, besides light mode all pages should also support dark mode and of course look perfect and be interactive on any screen size. It’s lot of work but nevertheless very exciting to see if we can pull it off!

Setting up the project #

After setting up the project we started scaffolding the page layouts one by one. We had to decide with which one to start. We chose to start with the most complex page, the homepage. The idea behind this was that we had to overcome the hardest challenges first. By doing the hard things first we would gain knowledge on how each component could be structured best, making the lesser complex pages easier to build.

Using the traditional approach

Each page has the traditional setup of a base layout, a header, a main and a footer section. All public facing pages use the same base layout. They are built with blade, and are structured through blade components as much as possible. Therefore our base layout is located in views/components/front/layout as index.blade.php. This allows us to start each page with <x-front.layout>.

a note: the front folder contains all public facing components. We also have an app folder which contains all application frontend components. You can read more about this in our previous blog post.

The base layout contains two sub components a <x-front.layout.header> and <x-front.layout.footer> with a $slot variable in between. Resulting in something like this:

<!DOCTYPE html>
<html lang="en">
	<head>
	... head tags
	</head>
<body>
	<x-front.layout.header>
	
	{{$slot}}

	<x-front.layout.footer>
</body>

Using blade components

The result of using this approach combined with blade components is a very clean markup which makes it perfect for reuse. For example this is how the homepage is structured:

<x-front.layout
    title="Oh Dear - The all-in-one monitoring tool for your entire website"
>
	<x-slot name="header">
		... all custom header things specific to the homepage 
	</x-slot>
	
	<!-- homepage sections -->
	...

</x-front.layout>

Blade components and slots provide handy means to customise the components for each specific use case. Note the title attribute which sets the <title> within the base layout. Or the header slot which we use to add specific markup for the hero section of the homepage.

Lets build #

Now we have the basics covered it was time to start building. But how do you approach building 25 pages consisting of 100 components. Well, you do it one bit at a time. Before we started with the pages we built the base layout, including the header and the footer first.

Next we started with the homepage. We first determined the homepage sections:

Next, we took the first section and split that section into smaller components:

We then start building the components one by one. Building each component goes through several stages. They basically come down to:

1. Deconstruct the design

First we need to understand the design before we can build it. For us it meant diving into the Sketch file and checkout all layers and their properties like colours, fonts and font sizes. Once we identified the ingredients we continued with the markup.

2. Start building

Next we replicate each layer and its properties. We write the markup and style it at same time thanks to Tailwind CSS. This combined with Browsersync or a tool like Sizzy is seeing magic happening in front of you.

It allows us to have the design, the code and the end result in front of us without having to toggle between windows or files too much.

3. Refine

When having built a specific section we constantly refine them which basically means repeating step 1 and 2 up to a point where the end result matches the design.

4. Add interactivity

We try to go the next mile by adding interactivity to many components. As we build most visuals in html we can make them interactive with Javascript. To make our lives a lot easier we use help of AlpineJS.

AlpineJS fits perfectly with the strategy of using blade components as much as possible. For example on the homepage we have this counter component:

Of which the markup in home.blade.php looks like: <x-front.home.counter :count="$publicMetrics['runCount']" />

We often pass an initial values via the component attributes to reuse them in the component itself.

When we take a look at the counter component it is structured as follows:

<div x-data="counter">
	... all counter markup
</div>

@once
    @push('scripts')
        <script>
            document.addEventListener('alpine:init', () => {
                Alpine.data('counter' => ({
                    count: {{ $count }},
                    digits: [],
                    init() {
                        this.recalculateDigits();
                        setInterval(() => {
                            fetch('/api/public-metrics')
                                .then(response => response.json())
                                .then((data) => {                      
                                    let key = `${this.type}_count`
                                    this.count = data[key];
                                });
                        }, 5000);    
                    },
                }));
            });
        </script>
    @endpush
@endonce

As you can see we set the x-data property to what is defined below the markup. We create a specific script which is scoped to this component. This setup allows us to set initial values and get it all going in the init() hook. In this case it fetches an API endpoint every five seconds and updates the count.

By using this approach together with toggling tailwind classes we can create slick animations and add interactivity. Big shoutout to Seb who initially set up this structure as well as the whole redesign structure. It turned out to be very effective for all other components as well.

5. Make it responsive

We often build the design for the desktop viewport first. The reason we don’t develop mobile first (which is a popular approach) is because the designs have been made (mostly) for desktop only. So in many cases we don’t know upfront what the mobile version should look like of a specific page. Therefore making the desktop version first and then see what needs to be adjusted when making the browser smaller is a better approach.

Rinse and repeat #

When having a specific component or section built we then cleaned it up as much as possible. Refine the code, cleanup any log statements, rename variables and components if needed. Then we just repeat the whole process for the next section or component.

Using components and make them easy to work with #

As mentioned before, working with components can cleanup your markup a lot. Another benefit of using components is its flexibility. For example variables within a component can be either populated through setting the attribute on the parent, like so:

<!-- counter component -->
<div>
	{{ $counter }}
</div>

Use it like: <x-counter count="12" />

Or you can add specific markup within the component tag:

<x-counter>
	<x-slot:count>
		<span class="text-white font-mono">12</span> notifications
	</x-slot>
<x-counter>

This comes in very handy for components that must show a description. In some cases the description can be a single paragraph. It can then be passed to the component as follows:

<x-feature-highlight
	title="Have piece of mind"
	subtitle="that things are running smooth"
	description="This is what your dashboard looks like when all your websites are up. Oh Dear is running checks every minute, so you can sleep on both ears. Happy days!
/>

However, we can’t use this approach if we need to pass more than one paragraph and expect it to look good in the browser.

We can then do:

<x-feature-highlight
	title="Have piece of mind"
	subtitle="that things are running smooth"
>
	<x-slot:description>
		<p>This is what your dashboard looks like when all your websites are up. Oh Dear is running checks every minute, so you can sleep on both ears. Happy days!</p>

		<p>Another paragraph can go here</p>
	</x-slot>
<x-counter>

In conclusion #

Implementing the design has been challenging, but having a process like described above felt being key in what we completed so far.

The homepage, the docs and almost all feature pages have been completed. So far there are 71,307 lines to be added to the main branch while we still need to start with the work the app side. We’ve done a crazy amount of work and yet there is still a lot to be done.

We keep on building and aim to provide our users with a renewed kick-ass product somewhere this year. Would you like to see more frequent product updates make sure to follow us on Twitter.

Check out the next post in this series on why and how we created a color sytem.

Subscribing to status pages updates #