[deanhills]

This discussion follows on from @xdude's thread about VestaCP whether it's a good Web Panel to use.

I've just learned tonight from @Sohamb03 that VestaCP is no longer actively supported by the developers.  I then went to the VestaCP Discussion Forum to check this out and looks like the last time there have been any updates to VestaCP has been as far back as September 2019.  That means that the original VestaCP project has become a security risk.

What I also learned from sohamb is that there is a Belgian fork that works with CentOS 7:
https://github.com/madeITBelgium/vesta

BUT - then when I did my research at the VestaCP Forum, I discovered this detailed discussion there and another fork that is actively developed for Debian 10:
https://github.com/myvesta/vesta#myvesta-control-panel

The above VestaCP Debian Fork now has my attention - particularly because of what the author of the fork says his reason is for using Debian 10:

Debian has LTS releases every two years - https://en.wikipedia.org/wiki/Debian_ve ... ease_table - with LTS support for 5 years.
Debian10 was released in summer 2019.
So, if you installed Debian10 last year - you don't need to do dist-upgrade until 2024-2025... it will be covered with security fixes.
That's why I choosed Debian.
You are in total peace for 5 years per installed server.

He was comparing this with Ubuntu that is always a headache when it has to go through an upgrade.  Obviously the more up to date the configuration that is used with VestaCP the less risky it will be to use.

I'll probably try Sohamb's CentOS fork first.  As I'm a CentOS user.  But then again, maybe this is an opportunity to change to Debian.  Also, the guy responsible for developing the Debian Fork has just started a discussion forum, so may be worthwhile trying it out.  There may be some active support available.

In the discussion at VestaCP about whether the VestaCP Project is dead, one of the Administrators recommended the following alternative for VestaCP that may also be worthwhile pursuing - looks like it's a Project that is being developed by some of the original VestaCP staff - it has a dark theme and looks very much like VestaCP otherwise:

https://www.hestiacp.com/

I also checked up on the regular Admin at VestaCP that used to take the lead.  Skurudo and Imperio.  Skurudo seems to have disappeared towards end of 2019.  Imperio's last English posts were participation in the thread below in which hestiacp is mentioned:
https://forum.vestacp.com/viewtopic.php?f=10&t=19531

So bottom line, VestaCP has always been risky, but probably now more than ever before.  It hasn't been updated since September 2019.  However, Imperio - a lead Admin of the original VestaCP (maybe the owner?) says it's still a going concern - or maybe he is just dreaming about making changes that he doesn't have time to make nor staff left to complete:

the project is not abondoned, but team is very busy in last time. Now we are rewriting the front-end interface of the panel. Front-end of FM already done. Also we are working under support of CentOS 8 & Debian 10

Imperio is still supporting the Forum but all of his posts since January have been written in Russian.  His last support related post was made a week ago.  So he is still around but VestaCP is lacking security updates.  Possibly the author of the security updates is no longer active at VestaCP any longer and Imperio has to find a new team to start from scratch again.

[ikk157]

This discussion follows on from @xdude's thread about VestaCP whether it's a good Web Panel to use.

I've just learned tonight from @Sohamb03 that VestaCP is no longer actively supported by the developers.  I then went to the VestaCP Discussion Forum to check this out and looks like the last time there have been any updates to VestaCP has been as far back as September 2019.  That means that the original VestaCP project has become a security risk.

However, what I also learned from sohamb is that there is a Belgian fork that works with CentOS 7:
https://github.com/madeITBelgium/vesta

BUT - then when I did my research at the VestaCP Forum, I discovered this detailed discussion there and another fork that is actively developed for Debian 10:
https://github.com/myvesta/vesta#myvesta-control-panel

The above VestaCP Debian Fork now has my attention - particularly because of what the author of the fork says his reason is for using Debian 10:

He was comparing this with Ubuntu that is always a headache when it has to go through an upgrade.  Obviously the more up to date the configuration that is used with VestaCP the less risky it will be to use.

I'll probably try Sohamb's CentOS fork first.  As I'm a CentOS user.  But then again, maybe this is an opportunity to change to Debian.  Also, the guy responsible for developing the Debian Fork has just started a discussion forum, so may be worthwhile trying it out.  There may be some active support available.

In the discussion at VestaCP about whether the VestaCP Project is dead, one of the Administrators recommended the following alternative for VestaCP that may also be worthwhile pursuing - looks like it's a Project of some of the original VestaCP staff - it has a dark theme and looks very much like VestaCP otherwise:

https://www.hestiacp.com/

I've just checked up on the regular Admin at VestaCP that used to take the lead.  Skurudo and Imperio.  Skurudo seems to have disappeared towards end of 2019.  Imperio's last English posts were participation in the thread below in which hestiacp is mentioned.  Looked like hestiacp may have been started by VestaCP staff:
https://forum.vestacp.com/viewtopic.php?f=10&t=19531

Any way, VestaCP has always been risky, but probably now more than ever before.  It hasn't been updated since September 2019.  However, Imperio - a lead Admin of the original VestaCP (maybe the owner?) says it's still a going concern - or maybe is is just dreaming about making changes that he doesn't have time  nor staff left to complete:

Imperio is still supporting the Forum but all of his posts since January have been written in Russian.  His last support related post was made a week ago.

I should say, this is your perfect opportunity to try out CyberPanel, I’ve used both VestaCP and CyberPanel, and I’ve found CyberPanel to be a hell of a lot better than VestaCP. Plus, CyberPanel is still active by its own developers.

Sure you can go with a maintained fork of VestaCP, but honestly those aren’t very promising in terms of how long they’d remain active. 

And to be fair, i find no reason to go with VestaCP over CyberPanel. CyberPanel has everything VestaCP offers plus a hell of a lot more... and it supports both CentOS and Ubuntu! 

Speaking of Ubuntu, you mentioned that it’s a headache when it comes to upgrades. I strongly disagree, upgrading Ubuntu is insanely straightforward and hassle-free. No offense to anyone, but only someone lazy would call the Ubuntu upgrade task a headache.

And since you’ve used CentOS throughout, you will probably struggle when switching to Debian as there are many differences... only way to get yourself fully accustomed to it is to fiddle around with it and experiment, which as you’ve already emphasized, is not a great idea on a VPS 9, which happens to be the one you have.

In summary, I suggest sticking to CentOS (since that’s what you’re accustomed to) and moving to CyberPanel. If you need any help with that, ill be glad to assist you with the entire process (which is quite simple).

If you want, I can make you an account on my CyberPanel installation so you can try it out (it obviously won’t have everything the admin account would have, but it’ll give you an idea on what CyberPanel is like)

[Sn1F3rt]

Actually yeah it's very sad that the VestaCP project is slowly moving to it's last days. It's only the forks that'll be maintained, cuz the owner Serghey-rodin seems no longer interested in the project. He's ignoring the calls of his close friends and developers. He was last seen in September, yeah the time the latest build of Vesta was released and is gone since. Read more about it here - https://github.com/serghey-rodin/vesta/issues/2006

Also, if you go ahead and read this https://github.com/serghey-rodin/vesta/i...-650321268 you'll discover that the apt and rpm build files are exclusive to the owner, he didn't share it with anyone and that's what is keeping the Devs from creating an unofficial release.

Lupul and Rapel presently are into the Hestia project, dpeca is the maintainer of MyVesta, and MadeIT takes care of the Vesta fork for CentOS. Also, it's mainly dpeca who still updates the main repo.

Slowly, the main project will fall apart. If you see the GitHub, >300 issues and ~66 PRs isn't a joke. The Devs have continuously complained that the issues and PRs are ignored and it's Serghey that everyone is waiting for, in the hope that helps run the build for Vesta patched with bug fixes and security patches.

I'm into CentOS too, and I must say that this fork of Vesta for CentOS has all the bug fixes and security patches we'd need. I just ditched CyberPanel from my VPS for a variety of reasons. I'm gonna stay at Vesta for now, all the more I've a paid license for the Vesta file manager.

One last word on the types of OS - just a personal opinion nothing else. I've talked to a variety of people, regarding OS, and what each one said is that Ubuntu is the worst one, CentOS is okay as it's lightweight but the repos are quite old so you gotta build everything from source (a reason why I don't recommend it to beginners), and Debian is the best cuz it's much more updated and packed with latest version of applications, besides quite light if not as much as CentOS.

Regards,

[deanhills]

Thank you for contributing to the discussion and providing the links below @sohamb03.  The one below referring to Serghey Rodin is particularly informative:

Actually yeah it's very sad that the VestaCP project is slowly moving to it's last days. It's only the forks that'll be maintained, cuz the owner Serghey-rodin seems no longer interested in the project. He's ignoring the calls of his close friends and developers. He was last seen in September, yeah the time the latest build of Vesta was released and is gone since. Read more about it here - https://github.com/serghey-rodin/vesta/issues/2006

Also, if you go ahead and read this https://github.com/serghey-rodin/vesta/i...-650321268 you'll discover that the apt and rpm build files are exclusive to the owner, he didn't share it with anyone and that's what is keeping the Devs from creating an unofficial release.

Lupul and Rapel presently are into the Hestia project, dpeca is the maintainer of MyVesta, and MadeIT takes care of the Vesta fork for CentOS. Also, it's mainly dpeca who still updates the main repo.

Correct.  I picked up on that too at the VestaCP Forum discussion.  Also that it was dpeca who was maintaining the updates at the original VestaCP up to September.  His main objective for moving outside was because he was worried about the security of the project because he has instances installed on 120 different servers.  He probably wanted greater control.  And maybe that's a good sign for users of the Debian fork.  He has a vested interest in keeping the fork alive.

To be honest, reason for myVesta is to have total control of code and builds because I don't want to wake up one morning and realize that 120 servers of my company is down because something went wrong during auto-update of hosting panel.
I know how my servers are configured, and I'm careful with commits.

When someone other is pushing new releases... well... everything can be expected... at least because he don't know if I'm using something specific on my servers.

So, it's subjective reason - specific to me and my company.

Slowly, the main project will fall apart. If you see the GitHub, >300 issues and ~66 PRs isn't a joke. The Devs have continuously complained that the issues and PRs are ignored and it's Serghey that everyone is waiting for, in the hope that helps run the build for Vesta patched with bug fixes and security patches.

I saw the issues too, but then when discussions stopped on those issues I thought they had been solved.  I guess with the forks there were no longer a need for the discussions.  Also, I picked up in the VestaCp Forum that some of the discussions have been deleted at VestaCP Forum.  These must have been the discussions referred to, and also resulting in conflicts with the VestaCP Forum staff, the development of forks and creation of HestiaCP.

I'm into CentOS too, and I must say that this fork of Vesta for CentOS has all the bug fixes and security patches we'd need. I just ditched CyberPanel from my VPS for a variety of reasons. I'm gonna stay at Vesta for now, all the more I've a paid license for the Vesta file manager.

Thank you for this valuable feedback.  I picked up in the VestaForum discussions that that is the reason for other users to stick with VestaCP too because of their subscription with the File Manager.  It seems to be working very well.  If I may ask, what extra features does one get with the File Manager?  Can one edit codes, zip and unzip folders?  Like with cPanel File Manager?

One last word on the types of OS - just a personal opinion nothing else. I've talked to a variety of people, regarding OS, and what each one said is that Ubuntu is the worst one, CentOS is okay as it's lightweight but the repos are quite old so you gotta build everything from source (a reason why I don't recommend it to beginners), and Debian is the best cuz it's much more updated and packed with latest version of applications, besides quite light if not as much as CentOS.

Sadly, that is true about the VestaCP Ubuntu saga and also possibly the reason for losing interest as well, as many of the users were waiting for an Ubuntu version of the original VestaCP that got promised to them all of the time, and never materialized in the end.  Nice to hear your explanation about why it hasn't been working so far, and possibly never will unless someone has lots and lots of time and complete access to the core of the original project to make a version that works with Ubuntu.  Dpeca had a good point however about focusing only on one configuration as it's too much of a problem for security codes to maintain more than one configuration at a time.  He probably knew well as he was the last one to work on the security updates for the original VestaCP.

In one of the discussions that you linked to your response, I found these words that echo my main reason for sticking with VestaCP, which is Nginx and it being a super light panel.  He said it very eloquently:

I love VestaCP because it has the lowest system requirement amongs other web control panels. You can install it on a server less than 1GB RAM. The UI was fast and I really like it. I remember last time, I bought a complete set of addons feature just to support devs even that time I knew that VestaCP was not ready for production because of many security flaws. So I gave my trust and time to devs but I was surprised they couldn't make it on time until people started to talk deep about security in VestaCP and that issue went viral over the internet.

That time I even felt sad, when he said that he is not gonna rewrite codes for basic security practice because of thousand line of codes. That was the time when I felt VestaCP is dead. As a server administrator I still want VestaCP because of the system requirement, the UI and I do like the marketing team in VestaCP. He should have gave his project to somebody else and let others to rewrite the codes. Now even this project is alive, the bad reputation from the past has damaging the brand name. If security in VestaCP has improved a lot, they should rebrand and I believe many customers from DA and Cpanel will not hesitate to move into "Brand New Vesta CP"

@ikk157 Thank you for your suggestion about CyberPanel.  I don't think I'm in total agreement that VestaCP forks are going to die soon.  Problem is VestaCP is really popular as a free cPanel alternative.  Particularly with how light it is with Nginx.  It's only lacking feature has been security coding and looks as though these are getting updated in the forks, and also with the new HestiaCP that some of the original VestaCP staff who left VestaCP are in process of developing.  Although when I studied all of the discussions looks like HestiaCP no longer is connected with the core of the original VestaCP and has become a panel with its own ID.  May be interesting to see how well it works.  For now I'm checking their discussion Forum first to see what the support requests are and the feedback is like.

[ikk157]

Thank you for contributing to the discussion and providing the links below @sohamb03.  The one below referring to Serghey Rodin is particularly informative:

Correct.  I picked up on that too at the VestaCP Forum discussion.  Also that it was dpeca who was maintaining the updates at the original VestaCP up to September.  His main objective for moving outside was because he was worried about the security of the project because he has instances installed on 120 different servers.  He probably wanted greater control.  And maybe that's a good sign for users of the Debian fork.  He has a vested interest in keeping the fork alive.

I saw the issues too, but then when discussions stopped on those issues I thought they had been solved.  I guess with the forks there were no longer a need for the discussions.  Also, I picked up in the VestaCp Forum that some of the discussions have been deleted at VestaCP Forum.  These must have been the discussions referred to, and also resulting in conflicts with the VestaCP Forum staff, the development of forks and creation of HestiaCP.

Thank you for this valuable feedback.  I picked up in the VestaForum discussions that that is the reason for other users to stick with VestaCP too because of their subscription with the File Manager.  It seems to be working very well.  If I may ask, what extra features does one get with the File Manager?  Can one edit codes, zip and unzip folders?  Like with cPanel File Manager?

Sadly, that is true about the VestaCP Ubuntu saga and also possibly the reason for losing interest as well, as many of the users were waiting for an Ubuntu version of the original VestaCP that got promised to them all of the time, and never materialized in the end.  Nice to hear your explanation about why it hasn't been working so far, and possibly never will unless someone has lots and lots of time and complete access to the core of the original project to make a version that works with Ubuntu.  Dpeca had a good point however about focusing only on one configuration as it's too much of a problem for security codes to maintain more than one configuration at a time.  He probably knew well as he was the last one to work on the security updates for the original VestaCP.

In one of the discussions that you linked to your response, I found these words that echo my main reason for sticking with VestaCP, which is Nginx and it being a super light panel.  He said it very eloquently:


@ikk157 Thank you for your suggestion about CyberPanel.  I don't think I'm in total agreement that VestaCP forks are going to die soon.  Problem is VestaCP is really popular as a free cPanel alternative.  Particularly with how light it is with Nginx.  It's only lacking feature has been security coding and looks as though these are getting updated in the forks, and also with the new HestiaCP that some of the original VestaCP staff who left VestaCP are in process of developing.  Although when I studied all of the discussions looks like HestiaCP no longer is connected with the core of the original VestaCP and has become a panel with its own ID.  May be interesting to see how well it works.  For now I'm checking their discussion Forum first to see what the support requests are and the feedback is like.

VestaCP (and its forks) is actually missing a lot of stuff.

The most obvious is a file manager... they actually charge you for that! (Unless the forks dont). It’s insanely convenient having a web file manager as it’s a hell of a lot faster than ftp. Sure you can use ssh for that, but it’s not as convenient.

Next up CyberPanel has a built in docker manager... which VestaCP does not have at all. This one really depends on whether you use docker or not (I do, but mostly in the command line).

Furthermore, CyberPanel has excellent mobile-compatibility.... while VestaCP is almost unusable on mobile due to elements hiding under others making them impossible to click. (I know this isn’t a big deal because you’re always on desktop).

Moreover, it uses OpenLiteSpeed as its web server, which is hella light. VestaCP uses both nginx and apache, which is very unnecessary and adds a lot of bloat.

And the list goes on.

I really suggest giving it a try, i’ll make you an account to try it out and I’ll be DMing you the details shortly. Trust me, it’s worth having a look at.

[tiwil]

This is not related directly to VestaCP, but to its fork, HestiaCP. I was setting up some configuration in my new VPS with HestiaCP. I have installed HestiaCP before in another VPS and all run perfectly but I didn't dive in too much at that time. All are smooth and I enjoyed how the installation progress, the UI, and many more. I'm impressed that the community changed VestaCP this much.

But today is different, I have no idea why it's so much confusing when using HestiaCP. Install was fast, thanks to Limitless Hosting's VPS. When I jumped in to the control panel it's much-much different. I cannot assign SSL certificate from Let's Encrypt, which I figured out because I'm using Cloudflare. I turned off the Cloudflare SSL, then Let's Encrypt let me get the SSL certificate, nice. I uploaded my files to the server with their file manager, can do upload, unzip, all good. But when I tried to open my website, it's all broken. I cannot figure out what happened, I tried to turn-off SSL from Cloudflare but it does nothing. I think, it's because of my ISP not cached the website correctly, so I went to proxy site, but still the same.

This issue never happened when I'm using VestaCP. I just cannot open my website if Cloudflare enabled but there is no Let's Encrypt SSL. The solution is easy, just generate SSL from Let's Encrypt or our own, hassle free. Right now, I cannot even generate if the Cloudflare SSL is on. I need to turn it off. In VestaCP, after installing Let's Encrypt, I don't need to do anything else, everything will run correctly. But right now as I said before, it's all broken. Weird!

I'm changing to Cyberpanel right now.

[fitkoh]

Have you tried clearing your browser cache? Sometimes your browser tries to look up a site at its old dns. I've had very strange issues when moving an old site to a new location.

Also you can try to ping your web site to see if the server responds. That would give you an indicator that your dns is properly working and maybe the issue is on the client side.

I personally don't use cloudflare. It gave me some big headaches because of the way it proxies traffic. I think because off  .htaccess redirecting http requests to https it caused a redirect loop on cloudflare.