Customers, domains, mail, DNS and backups — an open-source control panel that thinks ahead. Every customer isolated, every action audited. On your own server, set up in a single command.
The familiar admin / reseller / customer hierarchy — but built on Go, Next.js and PostgreSQL instead of a PHP-cron mess.
Runs on your server, under your control. AGPLv3, signed packages, no cloud dependency, no tracking.
Unprivileged API, separate root agent, isolated Linux user per customer, mandatory 2FA and a complete audit log.
From the Linux user to DKIM-signed mail — every module interlocks, each isolated per customer.
nginx or Apache per domain, a PHP-FPM pool per customer (8.2–8.4), sub- & alias domains, .htaccess editor.
Postfix/Dovecot, DKIM/SPF/DMARC, Rspamd + ClamAV, webmail, Sieve filters & autoresponders.
Own PowerDNS with auto-zones, DNSSEC, every record type and secondary nameservers via AXFR.
MariaDB or PostgreSQL per customer, isolated users, phpMyAdmin & Adminer, sizes & password reset.
Automatic via HTTP-01, wildcards via DNS-01 (local, Cloudflare, Hetzner) and custom certificates.
Privilege separation, SO_PEERCRED, fail2ban UI, mandatory 2FA, audit log, AES-256-GCM secrets.
restic-based, local or S3/B2, schedule & retention, snapshot browser with single-file restore.
Admin → reseller → customer with package templates, impersonation, approval workflow and onboarding wizard.
The web-facing API runs unprivileged. Anything that needs root is handled by a separate agent over a local socket — secured with group permissions and SO_PEERCRED.
Tidy, dark, fast — every module in its place. Click through a few views.
| Login | Domains | Storage | Status |
|---|---|---|---|
| mueller-gmbh web0001 | 4 | active | |
| schmidt-shop web0002 | 2 | active | |
| weber-design web0003 | 7 | active | |
| becker-it web0004 | 1 | suspended | |
| hoffmann-media web0005 | 3 | active |
| Address | Used | Quota | |
|---|---|---|---|
| info@mueller-gmbh.de | 1.2 GB | Autoresponder | |
| accounts@mueller-gmbh.de | 3.7 GB | ||
| team@mueller-gmbh.de | 0.4 GB | Catch-all | |
| no-reply@mueller-gmbh.de | 0.0 GB |
| Name | Type | Value | TTL |
|---|---|---|---|
| @ | A | 198.51.100.10 | 3600 |
| www | A | 198.51.100.10 | 3600 |
| @ | MX | 10 mail.mueller-gmbh.de. | 3600 |
| @ | TXT | v=spf1 a mx ~all | 3600 |
| default._domainkey | TXT | v=DKIM1; k=rsa; p=MIIBIj… | 3600 |
| Domain | Issuer | Valid until | Status |
|---|---|---|---|
| mueller-gmbh.de | Let's Encrypt | 2026-09-14 | valid |
| *.mueller-gmbh.de | Let's Encrypt | 2026-09-14 | valid · wildcard |
| schmidt-shop.de | Let's Encrypt | 2026-08-02 | valid |
| weber-design.de | Let's Encrypt | 2026-06-21 | renews soon |
| Time | Size | Retention | Status |
|---|---|---|---|
| today 04:00 | 312 MB | daily | ok |
| yesterday 04:00 | 308 MB | daily | ok |
| Sun 04:00 | 1.1 GB | weekly | ok |
| Name | Size | Modified |
|---|---|---|
| 📁 wp-content | — | 2026-06-12 |
| 📁 wp-includes | — | 2026-06-12 |
| index.php | 2.4 KB | 2026-06-12 |
| wp-config.php | 3.1 KB | 2026-06-10 |
| .htaccess | 412 B | 2026-06-10 |
A fresh Debian/Ubuntu VM, one call — the installer pulls the signed packages, configures nginx, systemd, Let's Encrypt and all services, and starts the panel.
$ curl -fsSL https://get.hp.iphost24.net | sudo bash
With your own hostname (for Let's Encrypt TLS): sudo HP_HOSTNAME=panel.example.com bash
Go · Next.js · PostgreSQL · AGPLv3. Reproducible .deb packages from a signed APT repo — transparent, self-hostable, no lock-in.
Yes. Hostpilot is open source under the AGPLv3. You host it on your own server — no license fees, no cloud dependency.
Debian 12 & 13 and Ubuntu 24.04. The one-command installer sets up all services, systemd units, nginx and Let's Encrypt automatically.
Hostpilot mirrors the familiar Confixx hierarchy (admin/reseller/customer) and supports either nginx or Apache per domain to absorb legacy setups.
No. Hostpilot is built for single-server operation — one host runs the whole panel. Multi-node is on the roadmap.
You can add external secondary nameservers that pull your zones via AXFR (e.g. a free secondary DNS service) — or manage zones through external providers like Hetzner/Cloudflare.
The web-facing API runs unprivileged; privileged actions go through a separate root agent over a peer-checked socket. Plus Argon2id, mandatory 2FA for admin/reseller, isolated customers and a complete audit log.