Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hestia Control Panel (VestaCP Fork)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hestia Control Panel (VestaCP Fork)

Hey Guys,

I just found Hestia Control Panel recently which is a VestaCP fork but I think it's far more stable and secure. I've been using it for last few days and everything has been working great.

Now that everyone is looking for alternative control panels so I thought I would share this finding here.

Note: I'm not related to Hestia anyhow and also I'm not saying that they're great for production / long-term usage based on my little experience.

Thanks.

«13

Comments

  • Sorry I only speak DirectAdmin, we don't like your kind round' here.

    Thanked by 1Kwoon
  • YmpkerYmpker Member

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    What?

    Thanked by 2wa44io4 Falzo
  • @Ympker said:

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    What?

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

  • alexvolkalexvolk Member
    edited July 2019

    @Ympker said:

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    What?

    It's almost Friday. Fox is on the drugs. /probably

  • williewillie Member

    I've been playing with Hestia a little. It's nice except for the very slow dovecot installation which may be fixed in debian 10. I posted some comments here:

    http://forum.hestiacp.com/t/new-user-installation-experiences/120

  • @alexvolk said:

    @Ympker said:

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    What?

    It's almost Friday. Fox is on the drugs. /probably

    No, thirsty Thursday good sir.

    Then blow Friday.

    And heroin Saturday.

    Two of these things are true.

    Thanked by 2alexvolk dahartigan
  • @SirFoxy said:

    @alexvolk said:

    @Ympker said:

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    What?

    It's almost Friday. Fox is on the drugs. /probably

    No, thirsty Thursday good sir.

    Then blow Friday.

    And heroin Saturday.

    Two of these things are true.

    If you smoke like I smoke then you high like every day..

    Thanked by 1SirFoxy
  • @dahartigan said:

    @SirFoxy said:

    @alexvolk said:

    @Ympker said:

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    What?

    It's almost Friday. Fox is on the drugs. /probably

    No, thirsty Thursday good sir.

    Then blow Friday.

    And heroin Saturday.

    Two of these things are true.

    If you smoke like I smoke then you high like every day..

    Nah bro I used to be dabbing like a g of Colorado wax everyday but I'm in the system now so I gotta do shit outta ya system in a week or less u dig? 🤣

    Thanked by 1dahartigan
  • Well, speaking of truth, hestiaCP looking good and slick!

    Thanked by 2Falzo Ympker
  • LeviLevi Member

    Hm, their changelog does not include any secusrity patches. Does this mean that it is the same as vestacp in security terms?

  • @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    To whom "we" represent to?

  • @kyawhtun2012 said:

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    To whom "we" represent to?

    ur mom

  • LeviLevi Member

    @SirFoxy said:

    @kyawhtun2012 said:

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    To whom "we" represent to?

    ur mom

    This troll is unseen previously... Hm, another twisted child of @WSS ?

  • @LTniger said:

    @SirFoxy said:

    @kyawhtun2012 said:

    @SirFoxy said:
    Sorry I only speak DirectAdmin, we don't like your kind round' here.

    To whom "we" represent to?

    ur mom

    This troll is unseen previously... Hm, another twisted child of @WSS ?

    stop

  • FalzoFalzo Member
    edited July 2019

    @LTniger said:
    Hm, their changelog does not include any secusrity patches. Does this mean that it is the same as vestacp in security terms?

    no. it depends what you would expect to be listed there as 'security patch' :-)

    we started off with forking it to our own infrastructure and changed a lot in terms of how the whole stuff is deployed/installed - which was one of the biggest problems in vesta to begin with (and which lead to the incidents with vesta last year because the fileservers had been compromised).
    there also have been a lot of changes in what versions of software for the stack are installed and where these come from (official repos, sury, etc.)

    however, while this all is security related and intended to harden the structure, I would not consider this a 'security patch' as this usually is more something to fix an open issue ;-)

    there is obviously still a lot of vesta codebase inside and the devs are working hard to optimize or replace things, but that's nothing to be achieved over night.

    I can only encourage people to try and participate. let us know your thoughts, idealy open issues on github if you find something or comment on the open ones if you are willing to help.

  • The fact that it doesn't and wont have support for softaculous makes it not a viable alternative for commercial hosting control panel.
    Also no file manager.

    VestaCP is more viable alternative in this case.

    Hestia is good for personal project or something like that. But not really a viable alternative for commercial hosting control panel. I mean what are you supposed to answer when your client asked how to install wordpress ? Do you expect them extract and upload wordpress source code manually ? creating database and setting up wordpress ?

    Most of our client don't even know where to download wordpress. How do you expect them to install it manually.

    Thanked by 1kyawhtun2012
  • FalzoFalzo Member
    edited July 2019

    @yokowasis said:

    But not really a viable alternative for commercial hosting control panel.

    true. luckily, that's not our goal ;-)
    we don't intend to be an alternative or competition to solutions like cpanel or direct admin.

    Most of our client don't even know where to download wordpress. How do you expect them to install it manually.

    that's the thing... we don't expect anything from your clients or think about what you are answering to your clients on their requests. :-D :-D

    we only expect you to be able to see if hestia might be the right solution for your use case or not. it's your business model and target group and no one ever promised you a complete fit for that.

    obviously developers of any free / open source solutions have their own agenda and priorities and if that's not matching your use case - then it's probably not made for you.
    commercial solutions on the other hand need or at least should focus much more on customer requests because they need or want to generate revenue from you...

    that said, ofc, the above does not mean we won't listen or reject any feedback or request just like that. we might offer additional features in the future if we feel that they are going to be beneficial for the most of us. however this might either take a while or never happen, only 8-ball knows ;-)

    if anyone wants additional features hestia does not provide yet, best way to get them fast is finding devs willing to create and integrate it and push it on github so it can be merged. it's open source after all...

    Thanked by 2Coffee Ympker
  • williewillie Member

    Falzo are you involved with Hestia? That's great to hear. I have a maybe-radical idea which is to repackage all the shell scripts as ansible playbooks, allowing running the panel on a separate server from the machine being controlled. That way one Hestia instance can manage any number of targets. It also allows more isolation of Hestia from attackers and maybe from itself (since it becomes a front end for Ansible).

    As for Softaculous, I think we need a FOSS replacement for it. I know there are already Ansible installer playbooks for the more important stuff like Wordpress. So it would just be a matter of creating some blurbs and icons. There wouldn't be any immediate need of supporting 100s of more obscure packages with so much duplication, but stuff could always be added.

  • Though, I have not used Hestia, wondering how is it safer when it is a fork on VestaCP. VestaCP does have some reported security issues.

    From the looks, Hestia seems like a frontend makeover of VestaCP, but with basic ingredients from VestaCP.
    Today, I stumbled upon few control panels hepsia and aapanel.

    I guess, there will be germination of more control panels.

  • FalzoFalzo Member

    bountysite said: VestaCP does have some reported security issues.

    feel free to point directly to what you think is of concern and unfixed and I can try to comment on what may already be handled different in hestia in that regard.

    willie said: Falzo are you involved with Hestia?

    yes, kind of ;-) due to not having enough time to spent on development I consider myself more a hardcore user, tester and bug hunter. If I do find more time, I probably will comment more in the official forum in the future to help building our own small community and take over a bit of the support part.
    however I am in direct contact with the core developers and try to give my feedback and vote on all important decisions.

    to be honest I am not convinced of ansible at all but also probably don't have enough experience to have an opinion yet. the idea to centralize the management or control from a seperate instance does sound good, however I think this really radically changes a lot and the effort of implementing or changing towards that approach is too much right now.

    I am willing to bring it up as a topic and get more in-depth arguments pro or contra from the others involved.

    Thanked by 1Ympker
  • AlwaysSkintAlwaysSkint Member
    edited July 2019

    @Falzo said:
    to be honest I am not convinced of ansible at all ..

    Why KISS when you can add another layer of complexity/bloat/overhead? ;-)

  • FalzoFalzo Member

    @AlwaysSkint said:

    @Falzo said:
    to be honest I am not convinced of ansible at all ..

    Why KISS when you can add another layer of complexity/bloat/overhead? ;-)

    I am confused by that sentence... do you consider ansible KISS or the other layer? ;-)

  • Nice to see HestiaCP having a discussion here... it is still work in progress as @Falzo already mentioned. Well the first phase was to have immediate concerns (security, pkgs and UI) fine tuned a bit to the taste of Sysadmins who like to manage their servers with a standarized webstack. VestaCP or HestiaCP... none of them was/is ready for reseller features and hence never intended to be used where Plesk,cPanel,DA would suffice. For personal server management... it rocks.

    Please also do not presume it is insecure just because it is fork of Vesta, even VestaCP was never that insecure. The security issues that cropped up last year were because of the infrastructure server compromised where VestaCP stores its config files which are pulled while installation. The fact that VestaCP dev team never bothered to reveal the final vector of attack and point of entry, as well as lack of interest in upgrading it for betterment made the few deeply involved people to try and move the otherwise excellent project live good.

    Also all the admins were either Debian or Ubuntu users only... so rather than focusing on compatibility, it was decided to stick to perfect it for certain platforms first where the devs/admins had their forte.

    That said... it is still being pruned for bugs and is open to suggestions. There was a big update last June. Having used it for production last 7 months now I can definitely say the project looks better than VestaCP in functionality, UI as well as stability. Give it a try, you won't be disappointed. Pls contribute your observations, improvements and suggestions on GIT issue tracker

    Thanked by 1ITLabs
  • AlwaysSkintAlwaysSkint Member
    edited July 2019

    @Falzo said:
    I am confused by that sentence... do you consider ansible KISS or the other layer?

    Was being facetious; nothing wrong with just scripts - looked in your WHM /scripts directory (not a f'kin folder) at all? Fair enough adding a pretty front-end GUI but not just some layer of complexity for the hell of it. IMHO
    Keep it lean & mean!

  • I still have difficulty understanding your post @AlwaysSkint

  • niceboyniceboy Veteran

    I felt that hestia is better than Vesta.. but currently don't support cent os :-(

  • @niceboy said:
    I felt that hestia is better than Vesta.. but currently don't support cent os :-(

    You as written earlier... the team is focusing on perfecting it for Debian/Ubuntu first.

  • williewillie Member
    edited July 2019

    AlwaysSkint said: Was being facetious; nothing wrong with just scripts - looked in your WHM /scripts directory (not a f'kin folder) at all? Fair enough adding a pretty front-end GUI but not just some layer of complexity for the hell of it. IMHO Keep it lean & mean!

    I don't use WHM and don't know how it works. Hestia's front end GUI is already there, so my suggestion was just to repackage the back end scripts as playbooks. I would have thought that was leaner and meaner than the current setup, since it puts the entire install on one server instead of 50 different ones. If a target script changes you click a single button and every target is updated automatically, if the panel itself is updated you only have to install the update in one single place, etc. It also means the target can be a super low end VPS, like some of the 64MB NAT plans that are out there. It also becomes easy to use ansible roles for different semi-standardized server configs, etc. In fact you no longer need to run a web server on the target: you can use it to set up email-only servers or whatever.

    Another useful thing (I think the forum mentions this might be in the works) would be to package Hestia as a .deb so that it can be apt-get installed instead of doing a weird one-off download and run.

    It occurs to me that if you go the Ansible route, you might want to make the license Affero GPL rather than plain GPL, since it creates the possibility/opportunity of running a hosted Hestia service, meta-hosting if you will. It occurs to me that maybe cPanel etc. are written the way they are to prevent that possibility, but a libre program doesn't need to limit its functionality like that.

  • ^ Sounds (to me) like someone wants to make Hestia into a SolusVM/Proxmox sibling, rather than a suitable WHM replacement. Perhaps I've got it all wrong.

  • williewillie Member

    AlwaysSkint said: SolusVM/Proxmox sibling, rather than a suitable WHM replacement

    It is currently more of a cpanel replacement, though much simpler. WHM is different.

Sign In or Register to comment.