# ServerPilot - new hosting control panel for hosting PHP sites on VPSes



## Justin-ServerPilot (Nov 20, 2013)

Hi everyone,

After years of managing VPSes running Plesk or cPanel for developers who wish they had a secure, lightweight alternative, we've created ServerPilot. ServerPilot is a new control panel that is optimized for running websites on VPSes.

https://serverpilot.io

It's free for the basic control panel and has paid extras like stats and monitoring.

I hope you find it useful. If you have any questions, just let me know.

Thanks,

Justin


----------



## shovenose (Nov 20, 2013)

Curious to know if your company is incorporated. Thank you. Other than that somewhat odd question, looks interesting and potentially useful.


----------



## Justin-ServerPilot (Nov 20, 2013)

shovenose said:


> Curious to know if your company is incorporated. Thank you. Other than that somewhat odd question, looks interesting and potentially useful.


Hi, yes we are.

And, Mike, is that you?? We spoke about a year ago when Kevin and I were doing early customer development, talking to people about their workflows, their software, their customers, and the problems they run into. We met over in the WHT forums. We were called FreedomCP at the time but thankfully Kevin came up with a better name before we launched. 

Shoot me an email sometime. We'd love to chat again.

Justin


----------



## shovenose (Nov 21, 2013)

Justin-ServerPilot said:


> Hi, yes we are.
> 
> 
> And, Mike, is that you?? We spoke about a year ago when Kevin and I were doing early customer development, talking to people about their workflows, their software, their customers, and the problems they run into. We met over in the WHT forums. We were called FreedomCP at the time but thankfully Kevin came up with a better name before we launched.
> ...


wow, the internet is a small place!


----------



## shovenose (Nov 21, 2013)

Anyway, just signed up for an account. I will add the first server tomorrow but I have a question - do you offer some sort of either


-API


-Downloadable version of ServerPilot that I can run on my own master server, if you will? I'm planning on using this to deploy a Point of Sale system but while its not that I don't trust you guys, I would feel better being in control of the infrastructure.


----------



## shovenose (Nov 21, 2013)

Sorry to triple post but do all servers need to be on the same plan? Or could I have some on the free and some on the $10 plan?


I'm done asking questions now, I swear!


----------



## nunim (Nov 21, 2013)

No demo?

So your "Master" server holds all SSH passwords?

How much memory does this use as a default install?


----------



## DeanClinton (Nov 21, 2013)

shovenose said:


> Sorry to triple post but do all servers need to be on the same plan? Or could I have some on the free and some on the $10 plan?
> 
> 
> I'm done asking questions now, I swear!


I'd like to know aswell please, also does the SSL one support multiple-cert single IP (I've forgotton the technical name)


----------



## InertiaNetworks-John (Nov 21, 2013)

DeanClinton said:


> I'd like to know aswell please, also does the SSL one support multiple-cert single IP (I've forgotton the technical name)


SNI


----------



## scv (Nov 21, 2013)

InertiaNetworks-John said:


> SNI


I'm having deja vu!


----------



## Justin-ServerPilot (Nov 21, 2013)

Thanks for the feedback and questions, everyone. I'll respond to everything here in a couple of hours. I just wanted to respond to this question first:



nunim said:


> So your "Master" server holds all SSH passwords?


We don't store plaintext SSH passwords at any time.

When a user sets an SSH/SFTP password in ServerPilot, on our side we immediately hash the password. We then transmit the hashed password over SSL to your server. On your server, the hashed password is then used as an argument to the command "usermod --password HASHEDPASSWORD USER", which is a way you can set a password on Linux using a already-hashed password.


----------



## marlencrabapple (Nov 21, 2013)

So this is a remote control panel? I've always wanted make something like that. I was thinking of putting together a little panel that ran locally on your PC or phone so you wouldn't have to worry about others even having a chance to compromise the panel.


----------



## Justin-ServerPilot (Nov 21, 2013)

shovenose said:


> do you offer some sort of either
> 
> 
> -API
> ...


We do have an API, but it's in beta and we aren't letting too many people use it yet. We're in the middle of changing our API and don't want to break things people have written. We should have it public in the next few months.

We don't have a version of our centralized component that you can run on your own infrastructure. It's something we're keeping in mind for the future.



shovenose said:


> Sorry to triple post but do all servers need to be on the same plan? Or could I have some on the free and some on the $10 plan?


Right now the only way we have to handle different servers on different plans is to have users create separate accounts for each plan. We do get this request a fair bit and we'll be working on a better solution. We greatly value simplicity in our interface and we need to figure out a way to do this but keep things very simple.


----------



## jhadley (Nov 21, 2013)

The concept (a remote CP) is great and an idea I've been pushing with a few of the companies I work with for some time since Parallels dropped theirs (or at least since I can't find many companies using it).

However, your website is quite basic and the plans don't really seem to work ($49/month just for logs?!)

I also can't find any terms etc. on your site, nor any business information.


----------



## Justin-ServerPilot (Nov 21, 2013)

nunim said:


> No demo?
> 
> How much memory does this use as a default install?


We don't have a demo because we have a free plan that comes with a free trial of the paid plans. Signing up is quick and easy (no credit card is required). So, we encourage users to sign up, spin up a new server at their host, connect it to ServerPilot, and really see ServerPilot in action. It only takes about a minute to connect a new server.

The ServerPilot agent uses 20MB of memory. Other than that, there's some usage by services we install: Nginx (2MB), Apache (10MB), MySQL (45MB), and PHP-FPM (35MB).


----------



## Justin-ServerPilot (Nov 21, 2013)

DeanClinton said:


> I'd like to know aswell please, also does the SSL one support multiple-cert single IP (I've forgotton the technical name)


Yes, we do support SNI. While we're talking about SSL, I should mention we also support SPDY.


----------



## Justin-ServerPilot (Nov 21, 2013)

marlencrabapple said:


> So this is a remote control panel? I've always wanted make something like that. I was thinking of putting together a little panel that ran locally on your PC or phone so you wouldn't have to worry about others even having a chance to compromise the panel.


Exactly, it's a remote panel. We sometimes call it a SaaS (Software-as-a-Service) hosting control panel, but that only resonates as a good explanation to people very familiar with SaaS software.

The security benefit of not having a control panel frontend running on each server is one of the main motivations for this architecture. I was a security researcher (e.g. Survivable Key Compromise in Software Update Systems, Attacks on Package Managers) before I founded ServerPilot. Over the years, I've been managing Plesk and cPanel servers for dev agencies and hosting companies and I just knew that if I put together an amazing team, we could revolutionize the control panel industry. We're one year in and it's been going great so far. We've got huge plans for the next five years.


----------



## Justin-ServerPilot (Nov 21, 2013)

jhadley said:


> The concept (a remote CP) is great and an idea I've been pushing with a few of the companies I work with for some time since Parallels dropped theirs (or at least since I can't find many companies using it).
> 
> However, your website is quite basic and the plans don't really seem to work ($49/month just for logs?!)
> 
> I also can't find any terms etc. on your site, nor any business information.


It's definitely the case that our paid plans are missing many features that some users need. We just launched a few months ago and we wanted to launch as soon as our system was production ready. We'll be adding a lot more features over the next couple of years. In the mean time, we try to talk to every user to find out what features they'd like to see and how ServerPilot could make their life easier and their business more profitable.

Here are our terms of service, which are linked at the bottom of every page.

https://serverpilot.io/tos.html

It's also linked from the account creation, which makes me think you didn't create an account yet.


----------



## Adduc (Nov 21, 2013)

Do you have a public list of IPs that ServerPilot is expected to connect from, for those who have a whitelist policy for sensitive ports?


----------



## DeanClinton (Nov 22, 2013)

Justin-ServerPilot said:


> I hope you find it useful. If you have any questions, just let me know.


I have to say I am impressed with it; and replies to emails are pretty quick too and fixes implemented!

+1 from me!

Wishlist:


Quotas for sites
Not needing multiple accts for different server levels (for example I may need SSL now but not in 6 months which means i'd need to delete the server and lose control of it)
Dedicated IP options
Customization of the default pages uploaded (for example I have a skeleton directory i'd like to have automatically copied in with every new acc)
WHMCS module
Ability to add SFTP and ServerPilot users and assign to specific sites (so that can backup sites without need main acc login).
A version I can install on my own server.
Affiliate scheme so I can refer people in and earn some cash if they upgrade from free ;-)
Concerns:


If you guys get hit with a DDOS/hardware failure, I can't add/remove sites.
If you guys disappear, I can't get to the panel.


----------



## nunim (Nov 22, 2013)

DeanClinton said:


> .. Concerns:
> 
> 
> If you guys get hit with a DDOS/hardware failure, I can't add/remove sites.
> If you guys disappear, I can't get to the panel.


If they get hacked, they have access to all ServerPilot servers.


----------



## scv (Nov 22, 2013)

nunim said:


> If they get hacked, they have access to all ServerPilot servers.


Hopefully there's some sort of separation of privileges going on behind the scenes.


----------



## Justin-ServerPilot (Nov 22, 2013)

Adduc said:


> Do you have a public list of IPs that ServerPilot is expected to connect from, for those who have a whitelist policy for sensitive ports?


Actually, we designed our architecture so that no extra ports need to be open for ServerPilot.

When you run the ServerPilot installer (a.k.a. "connect a server to ServerPilot"), the installer adds our signed apt repository and installs our agent via apt. The agent opens a TLS-encrypted connection to us and keeps it open all of the time. We use that secure communication channel to let the agent know when there's work it needs to do because you've made changes (e.g. created a database) through ServerPilot.


----------



## Justin-ServerPilot (Nov 22, 2013)

DeanClinton said:


> I have to say I am impressed with it; and replies to emails are pretty quick too and fixes implemented!
> 
> +1 from me!


Thank you! That's great to hear.



DeanClinton said:


> Wishlist:
> 
> 
> Quotas for sites
> ...


*Quotas.*

We don't get many requests for this so it's not high on our priority list. Before we do quotas, we'll be implementing better stats about website resource usage.

*Not needing multiple accts for different server levels.*

We're working on the best way to do this without adding complexity for users who don't want this functionality. For now, people who need this create separate accounts. If you need to move a server between accounts that are on separate plans, just email support.

*Dedicated IP options.*

I assume this means assigning a dedicated IP addresses to a specific website. The main reasons users have wanted that in the past is to run a site with SSL. As we enable SNI so that multiple SSL sites can share the same website, we don't get many requests for this. And the result is a much simpler experiences where users don't have to think about the IP address. Our current approach also fits very well with many cloud providers (e.g. Amazon EC2) where you only have one IP address, and in Amazon's case your server doesn't actually know the public address of the server.---All that said, it's a feature we'll consider in the future if there is enough demand for it.

*Customization of default files on sites.*

We'd like to enable this and similar post-site-creation actions via a hooks/plugins systems. That is, possibly some time next year you'll have the ability to define a script to run on your server after a new site is created. That script could install your custom default files.

*WHMCS module.*

The first step there will be us releasing our API.

*Ability to add SFTP and ServerPilot users and assign to specific sites.*

We are working on both of these. For SFTP users, we will make it so that websites can belong to users other than the "serverpilot" system user. For ServerPilot control panel accounts, we're working on figuring out the best way to handle a variety of needs ranging from development teams to resellers.

*A version I can install on my own server.*

This may be on the horizon, but it would probably be a few years before we work on it. For now, we want to put all of our development efforts into making ServerPilot even better than it is.

*Affiliate scheme so I can refer people in and earn some cash if they upgrade from free ;-)*

We love this idea and discuss it occasionally, but it adds enough complexity for us that it would distract us from our main focus: building a great product and spreading through word-of-mouth of happy customers. It's certainly something we'll consider adding next year.



DeanClinton said:


> Concerns:
> 
> 
> If you guys get hit with a DDOS/hardware failure, I can't add/remove sites.
> If you guys disappear, I can't get to the panel.


Both of these are correct. However, we're building our systems to be very reliable. In fact, I believe you'll find us to be more reliable than running your own control panel locally. If your local control panel breaks (e.g. due to a failed update), then your control panel is down until you can fix it. If our control panel is down, we have a team of people working quickly to get it back up.

As for if we disappear, that is certainly a risk of any SaaS software. We hope that as we build our reputation and as our value to you increases or becomes clearer, you'll decide that we deserve your trust and that the best way forward for your business is to use our service.


----------



## Justin-ServerPilot (Nov 22, 2013)

nunim said:


> If they get hacked, they have access to all ServerPilot servers.


We've architected our system so that if we are compromised, an attacker can't gain root access to your servers.

All of the code that runs on your servers is signed by us. And none of this signed code enables arbitrary execution of other unsigned code as root. So, the best an attacker could do if they fully compromised our servers is perform the same actions through ServerPilot that you yourself can do. (You'll notice that things like "set the root password/keys" are not things you can do through ServerPilot.)

All that said, we also put an enormous amount of effort into keeping our systems secure. Security is a passion of ours and we take pride in being the most secure control panel. However, that's a reputation we'll need to earn over time. We believe it to be the case, but we want others to come to that conclusion, as well.


----------



## Justin-ServerPilot (Nov 22, 2013)

As a new user just ran into this, I want to mention that we do not work on OpenVZ servers. The host kernel used by OpenVZ systems is very old and there are networking and firewall issues for modern Ubuntu versions that expect to be run on newer kernels.

Luckily, most providers don't use OpenVZ and those that do often offer KVM. KVM works great with ServerPilot.


----------



## DeanClinton (Nov 24, 2013)

If anyone finds anything like the above service that works on OpenVZ, let me know... in the mean time i'll go back to VirtualMin


----------



## adavila78 (Jul 27, 2014)

Hi guys, after reading this thread about a month ago, I took the bait and decided to switch to servers at Digital Ocean after playing around with server pilot.

What I wanted was getting rid of paying cpanel licenses as well as having a cheaper monthly hosting bill.

Initially server pilot seems so simple compared to whm/cpanel that you fear maybe there is something missing... to be honest, nothing is missing.

I was previously hosting my sites at Storm on Demand as well as Digital Ocean with Centos/cpanel servers.

I decided to test the waters and boy... am I impressed with server pilot!

Setting up a cpanel centos server took me about one hour with practice, with serverpilot you are ready to host websites in less than 5 minutes.

The SP Control panel is very very light and optimizes your server from the very beginning, thus, my websites are now being served via nginx instead of apache, that coupled with SSD makes it a very very noticeable difference.

Besides, what I really like is the ability to change php runtime from 5.4 to 5.5 or viceversa on the fly, without having to reboot.

My advice for you would be to learn a little bit about ubuntu commands, since if you are a total terminal newbie, (as I was once) you will be having trouble setting up some things you might want like automated mysql backups, server backups, etc.

But after my very short learning curve, I can create a brand new and very feature-loaded server in about 30 minutes beggining with a blank ubuntu droplet.

What do I mean by feature-loaded?

A server that can host many sites, and for peace of mind back them up automatically each night at 03:00 am to amazon s3, also able to make a dump of all databases too, and reboot it all one hour later at 04:00 just in case.

Plus I have found that a digital ocean $10 droplet managed via Serverpilot, really goes a long way and since you get server stats almost in real time, you can always check if you are stretching your resources too much before scaling-up.

Long story short: with serverpilot and digital ocean droplets, I am saving lots of money because I no longer need to pay cpanel licenses ($45 / month) or heftly SSD Hosting bills for 3 servers.

Besides, I can now split sites between several droplets instead of 3 SSD servers, thus in case a server overloads due to a website or wordpress plugin going wild, it wont take the other websites down.

My hosting bill has gone from $345 (3 cpanel licenses plus $99 each SSD server at SOD) to $125 (7 Digital Ocean droplets ranging from $5 to $20 plus $50 server pilot plan). Keep in mind that I could lower this expense another bit by taking a cheaper Serverpilot plan or even the free tier, but I love the stats and monitoring my servers and the error logs they provide.

Yeah I know I might seem like a paid shill, but honestly I really really love how this setup works and the big amount of money they are saving me... who would not want these guys to succeed? hence my testimonial here for you guys, keep providing such a great service! I am more than happy saving about $220 USD per month thanks to your services.

Let me know if you have any question about my setup, hope this guys stay for the long-run, they really have a nice product.


----------



## DigitalPure (Jul 31, 2014)

I have been using this for a few months now and have to say I am overly impressed.   The best part is support.  I am sure that some of my questions to support have been annoying, but they are always willing to help and get it resolved asap.  

Pros:

Fast setup

Automated basic security

WordPress with Nginx works out of the gate

Nothing really stored in their system, rather on your server

Setup multiple servers in the same gui

Easy to setup applications (sites) and it auto sets file structure and permissions

Cons:

Ability to mod nginx config with a gui (can via command line)

Since MySQL setup is via web gui, would be nice if phpmyadmin (or alternate script) worked via web interface

Search and display of applications setup is confusing

Removing an application from the gui (where you had to set it up) does not remove the files or mysql

Wishlist:

Replace MySQL with MariaDB (or at least an option on setup)

Ability to have some servers on different levels (already mentioned)

Replace Apache with Hiawatha as the web servers, and use nginx as a reverse proxy only

Replace ufw with csf

So, overall I am VERY VERY happy with this service.  I currently use the free version only because I have a few servers setup and the cost to upgrade them ALL would be more then I want to use.   It really though is a great service, and has forced me to learn alot more admin and know where to hire someone vs just installing cpanel and assuming all is good as cpanel is setup.   Looking forward to seeing where serverpilot goes in the future.  I know that I am a customer for the long term.


----------



## kalenjordan (Aug 8, 2014)

Hey guys - great discussion here.  I'm looking into using serverpilot myself - so far it looks pretty awesome and Justin's been super helpful in dialogue via email.

One thing I've been trying to wrap my head around is level of support.  They don't offer 24/7 support it seems.  It sounds like everyone has been very happy with support though.  

Has anyone had any outages or urgent issues during off hours?  Were they handled promptly?  Do you have concerns in general about hosting management not having 24/7 support?

Thanks!! 

Kalen


----------



## DigitalPure (Aug 8, 2014)

kalenjordan said:


> Hey guys - great discussion here.  I'm looking into using serverpilot myself - so far it looks pretty awesome and Justin's been super helpful in dialogue via email.
> 
> One thing I've been trying to wrap my head around is level of support.  They don't offer 24/7 support it seems.  It sounds like everyone has been very happy with support though.
> 
> ...


The nice thing is that they are not hosting the server so the uptime and such is related to your provider and not them.  To date I have not had any outages, or issues related to using their setup, and panel system.    Once the server is setup, the only real function that you need to use their panel for is to add virtual hosts, mysql db.  The higher up levels you would use their system to see logs and stats, but that would not have any bearing on the up/down time on your server.

As for support, while they are not 24/7 I have personally not had a single issue that could not be addressed by the time they came back.


----------



## amnesia (Aug 9, 2014)

Here's my story:

A few weeks ago, I've began moving 37 websites from Media Temple (I've been their customer for 7 years and they became so horrible I can't stand them anymore) to Digital Ocean. The plan was set, the first server up and running, zpanel was my choice. After moving two websites to the new server, I've stumbled upon this thread. Made a test server, connected the ServerPilot and... I was blown away. It's just fantastic. Digital Ocean + ServerPilot = Dream Come True. I've sent them quite a few questions and they replied to all of them in less than 24 hours (I can post my questions and their answers if anyone is interested).

As soon as I finish moving all websites to Digital Ocean, I will switch to Business plan. Those guys definitely deserve my money.

Here's a video I found on Youtube (some kind of interview), it's quite interesting:

http://youtu.be/J4KW-Ko1rxM

I, too, am afraid that I'm going to look like a paid shill (like adavila78 said), especially because this is my first post, but I am truly not. ServerPilot is a brilliant service and I've never been more happy with my server setup than I am now.

Cheers


----------

