Anyone who has managed a website in the recent past has likely used or heard of cPanel. Largely revered as the gold standard in web hosting management, cPanel has a solid reputation for its robust features and user-friendly UI. If you work in Accounts Payable for a web hosting service, you are probably also well acquainted with its paralyzingly hefty price tag. Because of this drawback, rolling out cPanel just doesn’t always make sense.
Perhaps you wish to host your own website on a VPS or dedicated server, and due to budget constraints, you want to learn more about the long list of free cPanel alternatives. Perhaps you may even be interested in running your own web hosting company or reseller service.
I’m about to provide an in depth review of three highly popular, free cPanel alternatives: VestaCP, Webmin, and ISPConfig. In my review for each choice, I will provide a breakdown of some of the features I thoroughly enjoyed, as well as the frustrating issues I encountered while using them. Let’s jump into it!
Disclaimer: A basic familiarity with the following is an absolute must for this article to offer the maximum value to you:
- Using the Linux Command Line
- Configuring web servers like Apache & Nginx
- Creating a database with MySQL
- Changing PHP settings in php.ini
3rd Place (Fail): VestaCP, an Open Source Web Hosting Control Panel
What I noticed immediately upon installing Vesta via command line, is that the process was almost entirely automatic (or so I thought). I smacked the Enter key, typed in a hostname, and walked away to grab a cup of coffee. When I returned, VestaCP was installed. I was shown (and emailed!) a login URL with a port number to access it. For this example, I used panel.[mydomain].com and was assigned port 8083 when accessing my server control panel.
Upon accessing the Vesta control panel page, I received an error from Chrome telling me I was using an insecure HTTPS connection. Note: This was ok and entirely expected, because the server was a blank install of Ubuntu just moments before. My browser was using the server’s self-signed SSL cert to access Vesta instead of a proper CA-signed cert. I went ahead and clicked through the warning and caught my first glimpse of Vesta:
A little simple, but not bad! Now, back to fixing that Chrome security warning… I thought a simple Let’s Encrypt certificate would get the job done without a hitch. I was halfway right.
Though Let’s Encrypt did eventually work, it didn’t work with the standard copy-paste command line instructions found across the web. After receiving an onslaught of error messages, I thought there had to be an easy solution for why this was occurring. Sure enough with a quick google search, I found this awesome Let’s Encrypt installation script made specifically for Vesta, developed by Interbrite. Vesta used the webroot directory a little different than stock Ubuntu and actually ran websites out of the /home directories for each user.
Next up, I found the self-signed certificate files Vesta was using when I logged into the control panel. I changed their file extensions to .bak and created symbolic links to the Let’s Encrypt certificate files. No more SSL error messages in the control panel and a green lock in the upper left corner…sweet!
As much as my first impression was “wow!” I had no idea what was coming in terms of unnecessary headaches and roadblocks. I was about to encounter a number of problems over the next few days while using VestaCP that would eventually push me away from using it completely. The deal breakers are fleshed out below:
PHPMyAdmin was installed by Vesta in a completely broken state.
Broken configuration files combined with a lack of a user agent for PHPMyAdmin to run counted as a double kill. The fixes for both of these issues were scattered across forums and places like Stack Overflow (which I unfortunately cannot find again) and included steps like:
- Adding an extra underscore to all the tables in PHPMyAdmin’s config file, and
- Logging into MySQL as root, creating a new user and password for PMA, then putting it in the corresponding config file
The mail server (which I never used) was somehow always doing stuff.
I had no idea what it was doing, but it resulted in a ton of messages being built up for me to clear out periodically. I had a hunch that these were cron job notifications or administrative emails getting stuck or being returned, but the fact that these got backed up like a Krogan toilet became a real concern.
Apache and MySQL ate excessive RAM and required fine tuning to NOT choke up and die.
The title is self-explanatory. I wasn’t sure if those particular software builds Vesta came packaged with were to blame, or if Vesta’s resource management/failsafes were the problem. I eventually made a cron job to restart Apache and MySQL every day at 3AM. If I never bothered to set this up, visitors would get 500 errors within a day or two of uptime.
Changing the Apache or Nginx templates had a 50% chance of breaking your web server.
This was really the final straw. What if you wanted to switch between “caching” or “hosting” or “default”? May the Emperor’s divine light guide you if you do. Switching back to the last template will not undo the bad nginx.conf file. Apparently this was caused by Vesta’s automatic template changer forgetting a closing tag for the vhost changed. Because all the vhosts were in one file, the missing tag took the whole service down.
Conclusion: Nope, and next.
2nd Place (Pass): Webmin, a web-based interface for system administration on Unix
Webmin immediately felt more professional in comparison to the 3rd place choice. Though its UI was undoubtedly much more complicated to use in the beginning, it was clear to me that a significant amount of work and TLC went to make this cPanel alternative into what I saw on my screen:
Let’s Encrypt certs installed just fine using the same standard commands from Digital Ocean’s step-by-step guide. I just had to replace the self-signed certificatess with symbolic links for the Webmin panel to show a green icon in the upper left:
Once I got the hang of Webmin and its overall feel, simple tasks like creating new vhosts or new MySQL databases became a straight breeze. I absolutely loved how it made me feel like a one-man IT department. But that was exactly the issue. I could easily create more Webmin/Unix users with a few clicks and keystrokes, I needed a better way to give clients, subcontractors, and employees the access level they each required. Nothing more, and nothing less. I would be lying if I said Webmin wasn’t extremely powerful in terms of features and productivity. However, this user management issue led me to keep searching until I found our 1st place contender.
1st Place (Choice Award): ISPConfig, Hosting Control Panel
ISPConfig sold me a long list of highly useful features, and by “sold” I mean they convinced me that this was the gold standard of free cPanel alternatives. From 4 different access levels including reseller and client login, capabilities to manage multiple servers from one panel, easy vhost & database setup, this truly sounded like the magic charm I was searching for. I installed ISPConfig by tapping Enter, carefully following a few Y/N prompts, and then finally logging in on port 8080. I chose the LEMP stack instead of the default LAMP stack (Nginx over Apache) to keep me on my toes. A decision I wouldn’t exactly regret moving forward, but it would cost me more time while I familiarized myself with the Nginx directive syntax (this was my first time using Nginx exclusively).
ISPConfig has a jaw-droppingly gorgeous, easy to use UI. Take a look for yourself:
Same deal as the first two cPanel alternatives: I had to install Let’s Encrypt first, then make symbolic links to fix the green lock icon. Github Gist user denvers had me up and running in no time.
One thing I saw advertised that I didn’t have a good experience with (eventually I did; see update), was the file transfer component, PureFTPD. I set up an account from ISPConfig and tried to connect, but I kept getting “connection refused” until finally Fail2Ban locked me out.
[Update: I needed to connect FTP > Explicit Encryption > Port 21, otherwise too many failed attempts would result in a lockout]. After I brushed off my own embarrassment, I decided to go the WebFTP route and stumbled across a Web-based FTP tool called Pydio.
This was an interesting solution because I was able to easily create users from Pydio’s Dashboard and give/revoke access to any directory or subdirectory I wanted. Imagine all the benefits and features of FTP, such as chroot jail, but with a gorgeous UI. You can give your sub-users read/write access to whatever directory they need, and that’s it. You’re done:
Please bear in mind that this review of three free cPanel alternatives is based purely on my own opinions and experiences, but do not necessarily represent FissionBlue Creative. I did my absolute best to ensure all of the information provided was as accurate as can be. If I brought value to you in any way, missed anything important, or stated something wrong you wish to correct, please feel free to comment below and tell me!