All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Building a modern alternative to cPanel – looking for feedback from the LET community
Hello LET,
I’ve been working on a project called HPanel over the past year. The goal is to build a modern, lightweight hosting control panel for Linux servers as an alternative to cPanel.
The idea originally came from the increasing cost of cPanel and the number of add-ons hosting providers often have to install to get a complete stack.
HPanel tries to integrate many of those features directly into the panel itself.
Some of the things we focused on:
• Nginx + PHP-FPM stack
• Redis caching support
• Built-in WAF (ModSecurity + OWASP rules)
• Fail2Ban security integration
• Resource isolation (CPU / RAM / IO limits)
• cPanel migration tool
• Git deployments
• Docker support
• Multi-cloud backup storage
• Admin / Reseller / User panels
The panel is built using Node.js + Express.js for the backend and React for the UI.
Right now we’re testing it in production on a few servers and continuing to improve stability.
I’d be curious to hear from the LET community:
What are the biggest pain points you have with current hosting control panels?
And if you were switching away from cPanel today, what features would matter the most?
Website:
https://hpanel.net
Appreciate any feedback or suggestions.
Comments
What is differentiating between your offering and current alternatives ?
The main idea behind HPanel is trying to reduce the number of separate tools you normally have to install when setting up a hosting stack.
For example, the panel uses an Nginx-first setup instead of Apache and includes things like ModSecurity (with OWASP rules), Fail2Ban integration, and real-time malware scanning for user files built directly into the panel.
It also includes features that usually require external tools, like Git deployments, Docker support, multi-cloud backups (S3 compatible), and resource limits per account (CPU, RAM, IO).
Another thing we focused on was supporting more than just traditional PHP hosting. It works with multiple stacks including PHP (multiple versions), Node.js apps, and Python apps like Flask, FastAPI, or Django.
The performance stack is mainly based on Nginx + PHP-FPM with Redis and FastCGI caching.
Overall the goal is simply to make it easier to run a full hosting environment without having to piece together a lot of separate components.
"Great to see more alternatives popping up. The cPanel licensing mess has been a headache for everyone lately, and most of the current 'lightweight' panels still feel like they’re stuck in 2010.
From a technical side, my biggest gripe with most panels is the bloat. I’ve seen panels that consume 1GB+ of RAM just idling before a single site is even deployed. If HPanel stays truly lightweight with that Nginx/PHP-FPM stack, you're already winning.
A couple of things that would matter most to me if I were switching today:
Solid API: How's the documentation looking? For anyone running automation or custom billing integrations, a robust API is a dealbreaker.
Security Isolation: You mentioned resource limits (CPU/RAM)—is this handled via CloudLinux/LVE or are you doing something native with CGroups?
The Migration Tool: cPanel-to-HPanel migration needs to be flawless. If it breaks the databases or symlinks during the move, people will give up on it immediately.
Keep it up, man. Looking forward to seeing how this handles a real production load."
Thanks appreciate the detailed questions.
HPanel has a full REST API (Express.js + JWT auth). Every feature in the panel — domains, emails, databases, DNS, SSL, files, backups — has API endpoints. We also have a working WHMCS module for billing integration (auto-provisioning, suspend, unsuspend, terminate). Public API documentation is on our roadmap — we know it's critical for anyone doing automation.
No CloudLinux dependency. We use native Linux CGroups v2 via systemd slices for per-user CPU, RAM, and IO isolation. Each user gets their own PHP-FPM pool, so one account can never starve another. Disk quotas are enforced at filesystem level. We also run Fail2Ban (SSH, FTP, mail jails), ModSecurity WAF with OWASP rules, and ClamAV for malware scanning — all built into the admin dashboard.
Our migration tool does full account transfers:
- MySQL databases (dumps + user grants)
- Email accounts + mailboxes
- DNS zones (auto-converts to BIND format)
- SSL certificates
- Cron jobs
- Full file tree with permissions preserved
We've tested it extensively. If something breaks, the migration
rolls back cleanly.
The entire stack (Node.js backend + React frontend + Nginx +
PostgreSQL) idles at ~80-120MB RAM. No Java, no Ruby, no bloated
frameworks. We built everything from scratch — backend is Node.js
with Express, frontend is React with TailwindCSS. Nginx handles
all web serving with PHP-FPM per-user pools.
databases, admin accounts, SSL
Hetzner SFTP, local disk)
Free trial available — would love your feedback on a real workload.
We're actively developing and shipping features weekly.
The panel site claims
How does the panel ensure this metric is met.
What happens if there's any downtime beyond the 99.9% claim
Do clients get SLA?
cPanel is in a Death-Spiral, under a relentless enshittification process, once a credible non-enshittified alternative arrives cPanel will be gone forever.
HPanel is a control panel software, not a hosting service. The 99.9% uptime figure refers to the hosting provider or infrastructure where the panel is installed (server hardware, network, datacenter, etc.), not the panel software itself.
HPanel runs on the server and manages services like Nginx, databases, email, etc., but the actual uptime ultimately depends on the server environment and provider.
So there isn't an SLA tied directly to the panel in the same way a hosting provider would offer one.
That said, the panel includes built-in monitoring tools and service management — administrators can quickly detect issues, auto-restart services, and receive alerts if something goes wrong.
I think a lot of people feel that way lately.
The idea with HPanel isn't really to replace cPanel overnight, but to offer another option for people who want something lighter and easier to manage.
We're still early and improving things step by step, so feedback from the community is really helpful. If anyone has feature suggestions, feel free to submit them here: https://hpanel.net/feature-requests.php
Building a credible alternative to cPanel will take a lot of effort, time and resources, it will not happen overnight that's for sure it's multiyear effort. Meanwhile cPanel's private equity owners will keep pumping up their enshittification efforts milking every penny's worth until there's nothing of value left in it. That's what private equity does, cPanel is headed to the junkyard.
Exactly. You should review the site content. This makes it look like your panel improves uptime magically.
You're right that wording was misleading and we've updated it. The 99.9% uptime figure has been removed from the site.
Thanks for the feedback — we appreciate it.
Not sure if it’s a bug or not, but if an admin suspends a hosting account and you click manage it then shows the suspension message, but as an admin they should still be able to see the account and login as the user.
How will HPanel be better than Direct Admin?
Go with caddy and you’ll have a USP.
Unless your target audience is going to be hobby sites, or customers that just have 1 server, you need to be sure that every piece of configuration can be done from the command line.
It's nothing to throw 20+ commands to 50+ servers all at once through the command line. But if I have to log into a GUI admin area for 50+ servers to conduct a task... that's a no go for me.
And separate your "control panel" from the software stack used on the server.
By that I mean you have a control panel, i.e. what's on port 2082, 2087 for cPanel and port 2222 for DirectAdmin. The software stack is the web server, the MTA, MDA (which is now almost exclusively Dovecot), database (MariaDB vs. MySQL?), PHP, etc.
Custom event hooks are also a huge plus for me. "When this event happens then... run this command."
I've made the allusion before, a web hosting control panel is basically just a big series of event hooks, they just may not be customizable. When you're in the WHM on cPanel or the reseller panel of DirectAdmin and you fill out the domain name, username, password, package to create a new account and click submit - this is essentially an event hook. When that is submitted, you build a VirtualHost through a template for the web server. You add the domain to the necessary lists for MTA access. You do all of the stuff to "create" the account. This is the symbiosis between the "control panel" and the "software stack".
You mention using nginx as the webserver, and that's fine. The control panel can't build a VirtualHost entry for Apache if it's designed to build a VirtualHost entry for nginx. BUT... if all of the relevant information is made available to an event hook for "on create account" then you could theoretically create an Apache VirtualHost with that information.
As for the MTA, I'd vote for Exim, but I know Postfix is the hot commodity right now. I've spent way too many years configuring Exim servers, the Postfix configuration setup is just so foreign to me. I've never been able to figure it out, nor have I really dedicated a lot of time trying to learn. But when looking for a cPanel alternative one of the things I quickly discovered, I can't operate on a control panel that uses Postfix. Maybe some day. This is just a personal preference for me.
It's nice to see some alternatives, but
At least give it a unique name, good luck.
Yes, this is expected behavior and we support it. When an admin suspends a hosting account and then clicks "Manage", the admin can still access and manage the account. The admin can also Login as User to see the suspended user's panel. The suspension only affects the end-user's website (shows suspended page) and blocks the end-user from logging in. Admin access remains fully functional.
DirectAdmin Older tech stack, limited modern app support, basic UI, fewer automation features.
HPanel Modern hosting control panel for 2026 with developer tools and enterprise features.
That’s actually really useful feedback, appreciate you taking the time to write that.
Right now HPanel is more focused on being simple to deploy and manage, especially for smaller setups, but I completely agree that for larger environments CLI/API access and automation become critical.
We do have an API internally and exposing more CLI / automation tooling is something I’m planning to expand.
The point about separating the control panel from the underlying stack also makes sense. At the moment the panel is more opinionated (nginx-based), but making things more flexible over time is definitely something I’m considering.
Event hooks are a really interesting idea as well — being able to trigger custom actions on things like account creation, domain changes, etc. would make it much more powerful for advanced users.
Still early in development, so feedback like this is genuinely helpful.
The UI will probably feel familiar because most hosting panels end up following similar layouts (accounts, domains, services, etc.), but the goal wasn’t to copy anything — just to keep it simple and usable.
Appreciate the feedback 👍
Here is clarification
https://hpanel.net/hostinger-hpanel-vs-hpanel.php
So, they claim to be HPanel, while hostinger is hPanel. But their logo is hPanel... As soon as hostinger would see this - cease and desist will be sent.
AI gened crap also does not look good :-/ https://hpanel.net/blog
In your demo if I suspend someone and the click manage button I don’t get logged in, it shows the website is suspended message. That’s why I thought it was a bug.
I've fixed it now
"Appreciate the deep dive into the stack.
Going with CGroups v2 via systemd slices is a smart move. It’s much cleaner than hacky LVE wrappers and keeps the overhead minimal. Also, the idle RAM usage (80-120MB) is impressive—most modern panels choke on anything less than 1GB.
A few more things for the roadmap/feedback:
Imunify360 or Alternative? Since you're not on CloudLinux, are you planning a deep integration with something like BitNinja or a custom UI for the ModSecurity logs? High-traffic production servers live and die by how easy it is to whitelist false positives in the WAF.
External DB support: Can the panel manage remote PostgreSQL/MySQL instances, or is it strictly local-only for now?
The Migration Rollback: That's a life-saver feature. Does it handle incremental rsync for files to keep downtime low during the final switch?
I'm definitely interested in the free trial. I’ll throw a heavy WordPress site with some custom cron jobs at it and see how the resource isolation holds up under stress.
Will shoot you a PM for the trial keys. Keep up the solid work."
Thanks for the detailed feedback — really appreciate it, these are solid questions.
WAF / security stack
Right now it's built around ModSecurity (OWASP CRS), Fail2Ban, and a custom real-time malware scanner (inotify-based). It covers most common attack vectors pretty well.
The WAF UI is still basic though — improving false-positive handling and adding a proper “whitelist this rule” flow is already on the roadmap. I agree that’s essential for production environments.
External DB support
Currently everything runs locally (PostgreSQL for panel, MySQL/MariaDB for users). Remote DB support isn’t implemented yet, but the provisioning layer is already abstracted, so adding external DB nodes later should be straightforward.
Migration / rsync
Yes — rsync is used, so it’s incremental by design.
Typical flow is: initial sync → TTL lower → final delta sync → DNS switch.
Rollback keeps the source server untouched until you confirm, so it’s safe.
In most cases, downtime during cutover is under a minute.
Sounds good — feel free to PM me and I’ll get you set up.
If you prefer, you can also request a trial here:
https://store.hpanel.net/freetrial.php
Long story, short. EXPENSIVE
$62/mo Unlimited Accounts
Not cPanel is your competitor, you cant beat a monster, you can steal some DirectAdmin customers.. so the pricing should be more DA competitive.
My 1c.
Make it work without JS please
Appreciate the feedback.
$62/mo for unlimited accounts — that's a flat server license, no per-account fees. For comparison, cPanel starts at $29.99/mo for just 1 account and goes up to $69.99/mo for 100. So the value proposition is there once you're hosting more than a handful of accounts.
DirectAdmin at $29/mo — fair point on pricing. DA is a solid panel. The difference is what comes built-in: HPanel ships with real-time malware scanning, CGroups v2 resource isolation, multi-cloud backups, Docker/Node.js/Python app managers out of the box. With DA, a lot of that is either third-party plugins or manual setup.
We're not trying to beat any monster — just building something modern with a different approach. Whether it's worth the price difference depends on what you need.
The move to CGroups v2 to avoid the 'CloudLinux tax' is a solid play for a cPanel alternative. However, the 'HPanel' branding is a massive legal risk—Hostinger’s trademark could wipe out your SEO overnight. On the technical side: does the WHMCS integration support real-time resource feedback (CPU/RAM/IO) from CGroups, or is it just for basic provisioning?
the demo version is not working what is the username/password?
can the dashboard be customized?
what happens if you ever close the business someday will the software keep running on active servers?