My quick review of HestiaCP (a popular fork of VestaCP).
- What I liked.
- What I didn’t like.
- Who should use this.
Short background on HestiaCP
HestiaCP is a fork of VestaCP, which was the first popular GUI control panel for NGINX. Before VestaCP…NGINX was pretty much a CLI-only server (used by admins). Thing is NGINX was so awesome, so much leaner and faster than Apache that the world was waiting for its first native-NGINX control panel. (At the time the way you could use NGINX with a GUI control panel what to do hacks like Engintron to put cPanel on NGINX.)
VestaCP came in and did a “good-enough” job that it quickly got a lot of attention. The only problem was it wasn’t mature. Full of bugs and little issues. Early support was only in Russian. As the years passed, it seemed the VestaCP team supporting it much. If I remember correctly, I think the lead developer was poached by a bigger company.
What followed next in the industry was a ton of rapid growth in the control panel industry. A ton of cloud-based control panels came out….the big name ones you hear nowadays like RunCloud and GridPane, as well as many other DIY open-source panels. What was one unique about VestaCP was no more.
But despite all its issues, VestaCP still had a loyal fanbase. The only issue was it wasn’t maintained. (NOTE: some people do argue with me that VestaCP is still maintained. I’ll let you check their release log and support forums, then judge for yourself.)
Luckily, somebody forked VestaCP into HestiaCP. It’s supposed to be better maintained, and even some added features and UI improvements. That’s what we’ll cover today.
What I liked about HestiaCP
From my short testing, it really is an improved and better version of VestaCP.
- Cleaner UI. Very clean and simple.
- Easy to use.
- Things work. Less buggy.
- 1-click install for WordPress.
- Still feels like VestaCP (if you care about that).
- Has a File Manager (hooray!). This was formerly a paid feature on VestaCP.
- Well-maintained and active forum support.
- Has email and DNS features – if you still want that.
- I like the admin/user aspect of the control panel. While I don’t think the control panel is designed more for admins than end-users, it’s nice that the option is there. (What else do you want from a free panel, damn it?!)
- WHMCS integration – if you use that for billing. (NOTE: choose VestaCP in the module dropdown.)
What I didn’t like:
- HSTS enabled by default. I hate this. It’s a total UX breaker. You can’t log into the admin unless you manually generate SSL from CLI. This step should be more noticeable on the quick start documentation.
- Can’t auto-login into phpMyAdmin. I had to get the mysql root pass.
- The UI looks a little retro. Not a dealbreaker, but I’d like something more modern looking.
- The hybrid NGINX-Apache setup. And I’m not sure this is a fair opinion. Because I do like .htaccess feature for some clients. But I also think pure-NGINX feels more modern and better performance nowadays. You can read the support forum to disable Apache backend but it’s be great if you could do that from the installation.
Suggestions for improvement:
- I think the post-installation notes could be more useful. Put the mysql root pass and hostname SSL command in there.
- Simpler option to make it pure-NGINX would be so awesome!
- Please don’t enable HSTS by default.
Difference between HestiaCP and VestaCP:
- They both use mostly the same core code and structure, HestiaCP is a fork of VestaCP.
- Their UI looks a little different although everything is mostly structured and located in the same place.
- I feel HestiaCP is more stable, and comes with more free features. Also seems more active in support.
Who should use HestiaCP
HestiaCP is great for admins wanting a free simple control panel, with options for email hosting and end-user accounts.
- Is it the fastest thing in the world? Not with the hybrid-setup, probably not. But it’s more than fast enough. It’s lightweight and free! C’mon!
- The UI is admin-centric and probably won’t be as simple to end-users as it is for admins.
- Has email features, since most free panels don’t allow that.
- Allows end-user accounts, many panels are solo-admin only.
- While organized more for admins, it’s still simple enough for end users.
Try HestiaCP (it’s free and installs in only 10 minutes)
Resham Panth
Hi Yin,
Great review as always! Two Quick questions:
Does it only support NginX and Apache or is it possible to set up Litespeed as well?
Which control panel would you prefer and find more stable – Hestia, Cyberpanel or any other and why?
Yin
LS is not an option. I’m not going to answer control panel comparison questions for you here. Please read my full control panel review post for that. I personally use cPanel for my critical sites but do like many others.
Resham Panth
Thank you, Johhny. I don’t know how I missed that post on Control Panel review.
Yin
No problem. Do leave a comment if that post doesn’t answer all your questions. 🙂
Jaap
When installing with bash hst-install.sh append –apache no and Apache2 won’t be installed. So it becomes:
bash hst-install.sh –apache no
See: https://docs.hestiacp.com/getting_started.html
Yin
Thanks for pointing this out for me! Very much appreciated.
Raphael S.
Hi Yin
Thanks for your review, I’m Raphael, a project manager of Hestia. Your to 100% right with the UI, the based problem there is the still used vesta based code – we would need to do a full rewrite to gain a new, modern looking and responsive design, for this, we do currently not have enough ressources :).
About the other parts:
HSTS – Will only be enabled for the hostname itself, when you add v-add-letsencrypt-host to generate a let’s encrypt certificate and install it for the backend services (hestia, exim, dovecot). As soon as you create a ssl certificate for a “normal” web domain, hsts did not get activated by default, you have to do it manualy under the web domain section.
NGINX only – Please checkout the installation flags, if you want to have nginx only, you can just switch the install flag “–apache no” – works also for other services -> https://docs.hestiacp.com/getting_started.html#all-available-options-of-install-script
If you want to get directly in contact, just use our email address or discord group – we would love to discuss any feature requests or changes.
Once again, thanks for the review!
Raphael S.
Sorry for my grammer, just working on my first coffee (TM), not able to edit my post and correct the mistakes I wrote :).
Yin
Hey Raphael, thanks for stopping by. I’m aware HSTS is only for the panel hostname but still I found it annoying to be on by default. Hahaha. Either way you guys did a great job, so congrats on improving upon VestaCP’s faults and makings yours even more open-source friendly. I’d love to migrate over one of my old panels from VestaCP to your HestiaCP. Just scared of what might break. It’s only used as email server, too.
Raphael S.
There should nothing break, we fully support the restore of VestaCP-Backups – if it doesnt work, just reach out on github issues, discord or forum – we usualy answer fast :).
Yin
Will do! Thank you for the offer.
Nick
I just found out about Hestiacp, looks interesting. How to enable gzip/brotli in hestia running on ubuntu 18.04/20.04? Thanks!
edit: thanks for your other articles too
Yin
From what I see… this guide was recommended often: https://www.majlovesreg.one/adding-brotli-to-a-built-nginx-instance
But an easier way for you is simply to enable Cloudflare proxy and then Brotli in Cloudflare’s speed settings.
Battery
Does you got the whmcs working?
Mert
using hestia at least for a year with hybrid setup i can just say that it is awesome, never seen that light weight nginx-apache hybrid panel before you should give it a chance