Feature set

Everything modern hosting needs

Every module is live-verified and interlocks with the others — isolated per customer. Here's the full catalog.

Multi-tenant Users & roles

  • Three-tier hierarchy admin → reseller → customer
  • Package templates owner-scoped, limits enforced (quota, domains, DBs, mailboxes, FTP)
  • Impersonation "view as user" with root tracking
  • Approval workflow for profile self-edits
  • Onboarding wizard on first login (MFA → profile)
  • Move customers between resellers

Web Web hosting

  • nginx or Apache per domain (Confixx-migration friendly)
  • PHP-FPM pool per customer + version 8.2 / 8.3 / 8.4, open_basedir
  • Subdomains with own vhost + auto A-record
  • Alias domains onto the same webspace, own zone
  • .htaccess editor per domain
  • Real disk usage per customer, quota warnings

Mail Email

  • Postfix / Dovecot 2.4, IMAP/POP3/Submission
  • DKIM, SPF, DMARC with live status from the DNS zone
  • Rspamd + ClamAV (reject chain)
  • Mail TLS automatic via Let's Encrypt
  • Webmail (SnappyMail) in the cockpit look
  • Autoresponder, catch-all, Sieve filters per mailbox

DB Databases

  • MariaDB or PostgreSQL per customer (engine choice)
  • Isolated DB users with rights only on their own DB
  • phpMyAdmin (MariaDB) & Adminer (both engines)
  • Size display + password reset per DB

DNS Nameservers

  • Own PowerDNS with auto-zone on domain creation
  • All record types (A, AAAA, CNAME, MX, TXT, SRV, CAA, NS)
  • DNSSEC per zone (CSK + DS for the registrar)
  • Secondary nameservers via AXFR (single-server redundancy)
  • External providers (Cloudflare / Hetzner) for DNS-01

SSL Certificates

  • Let's Encrypt automatic (HTTP-01 webroot)
  • Wildcards via DNS-01 — local, Cloudflare or Hetzner
  • Manual DNS-01 flow (enter TXT yourself, guided)
  • Auto-renewal via certbot timer + deploy hook
  • Custom certificates uploadable (PEM, pair-validated)

FTP File access

  • FTP via pure-ftpd (virtual users, FTPS enforced)
  • SFTP chroot per customer + SSH key auth
  • File manager in the UI (browse, upload, edit, download)
  • Multiple FTP sub-accounts per customer (package limit)

Security Security

  • Privilege separation + SO_PEERCRED peer check at the agent socket
  • fail2ban UI (jails, bans, unban)
  • Argon2id, mandatory 2FA, session hashing, login lockout
  • Rate limit on the public password reset
  • Audit log across all privileged actions incl. login/MFA
  • Secrets AES-256-GCM encrypted at rest

Backups Data protection

  • restic-based (encrypted, deduplicated)
  • Local or S3 / B2 (R2, Wasabi, AWS)
  • Schedule + retention per customer
  • Snapshot browser with single-file restore

Monitoring Monitoring & logs

  • Monitoring dashboard — load, RAM, disks, services, uptime
  • Alert mails + Telegram (service down, disk, load, quota)
  • Log viewer per domain (nginx/Apache + mail)
  • GoAccess statistics per domain

UI/UX Experience

  • Cockpit design (dark + cyan), webmail/phpMyAdmin in the same look
  • i18n DE/EN + font-size switcher (accessibility)
  • Collapsible sidebar with capability gating
  • Toast notifications + ⋯ action menus
  • Auto password generation + copy for customers/mail/DB/FTP

Ops Operations & distribution

  • One-command installer for Debian 12/13 & Ubuntu 24.04
  • GPG-signed APT repo, stable & beta channels
  • systemd hardening for all Hostpilot services
  • Reproducible .deb packages (Go API, agent, Next.js UI)

Ready to try it?

A fresh VM and one command — the rest runs automatically.

See installation Back to home