Centos Web Panel vs Vestacp

Moebuntu · Jan 8, 2017

I want to have a free option beside paid hosting panel is plesk which I am using for my blog sites. I checked some suggestions on this forum and selected two free hosting panels are Centos Web Panel and Vestacp but I don't know which is better and stable, no bugs or issues. Can you share me your thoughts or what are pros or cons of Centos Web Panel and Vestacp?

energizedit · Jan 8, 2017

I have set up centos web panel for a customer, and I think it would work good for what you are looking for. It is not ideal for using it as a web hosting company but for an individual with multiple sites it would work well. I did not like the way you had to create a site and then a user account, it is not very straight forward. Vestacp looks pretty good but I've never used it.

RDO Servers · Jan 8, 2017

I have never used either personally, but have head good things about both.

I don't think there is a real "_____ is better". Simply compare their features, try both, betermin which is better for you.

fwh · Jan 8, 2017

I installed and used bot Centos Web Panel and Vestacp for somedays and I found that they had issues. As Centos Web Panel, it didn't have a file manager or I have to upgrade php and mysql to newer version. it likes a product that not be updated by its developers. For Vestacp, it is hard to use if you see its control panel for the first time and it has some issuses that users are complaining about it.

I saw a person reported the problem that he faced when installed Vestacp here https://forumweb.hosting/14383-the-httpd-service-does-not-start-automatically-in-vestacp.html
Seem you will have no support or problems can not be solved on free hosting panels thus I would recommend going with a paid panel as Plesk, cPanel or Directadmin.

eva2000 · Jan 20, 2017

one of my clients had VestaCP installed and migrating him to my Centmin Mod LEMP stack instead and had an opportunity to delve into VestaCP on CentOS 7 and I'm not too impressed for web server side. I wrote a full review on my site. But the gist of it is

1. nginx installed uses system openssl 1.0.1e so no support for openssl 1.0.2+ which means no ALPN protocol support and no HTTP/2 based HTTPS support
2. Apache 2.4.6 installed is actually a custom VestaCP provided 2.4.6-118 labeled yum package set. But it's based on 30+ month old 2.4.6-18 built on Dec, 2014 missing 30+ months of security and bug fix updates compared to Apache 2.4.25 latest and CentOS 7.3 Apache 2.4.6-45 built Nov 2016 !

nginx -V
nginx version: nginx/1.10.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-file-aio --with-threads --with-ipv6 --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'

httpd 2.4.6-18 which is a custom installed built VestaCP package named 2.4.6-118. Redhat 7.3/CentOS 7.3's httpd package is 2.4.6-45

Code:

httpd -V
Server version: Apache/2.4.6 (CentOS)
Server built:   Dec 15 2014 17:32:43
Server's Module Magic Number: 20120211:23
Server loaded:  APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/run/httpd/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

CentOS 7 Apache 2.4.6 change log last change July 23, 2014 with server build date Dec 15, 2014. Compare to Apache 2.4.25 latest change log http://www.apache.org/dist/httpd/CHANGES_2.4.25

Code:

rpm -qa --changelog httpd | head -n30
* Wed Jul 23 2014 Johnny Hughes <johnny@centos.org> - 2.4.6-18.el7.centos
- Roll in CentOS Branding

* Thu Jul 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-18
- mod_cgid: add security fix for CVE-2014-0231 (#1120607)
- mod_proxy: add security fix for CVE-2014-0117 (#1120607)
- mod_deflate: add security fix for CVE-2014-0118 (#1120607)
- mod_status: add security fix for CVE-2014-0226 (#1120607)
- mod_cache: add secutiry fix for CVE-2013-4352 (#1120607)

* Thu Mar 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-17
- mod_dav: add security fix for CVE-2013-6438 (#1077907)
- mod_log_config: add security fix for CVE-2014-0098 (#1077907)

* Wed Mar 05 2014 Joe Orton <jorton@redhat.com> - 2.4.6-16
- mod_ssl: improve DH temp key handling (#1057687)

* Wed Mar 05 2014 Joe Orton <jorton@redhat.com> - 2.4.6-15
- mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy certificate (#1071276)

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.4.6-14
- Mass rebuild 2014-01-24

* Mon Jan 13 2014 Joe Orton <jorton@redhat.com> - 2.4.6-13
- mod_ssl: sanity-check use of "SSLCompression" (#1036666)
- mod_proxy_http: fix brigade memory usage (#1040447)

* Fri Jan 10 2014 Joe Orton <jorton@redhat.com> - 2.4.6-12
- rebuild

and compared to CentOS 7.3 and Redhat 7.3 default 2.4.6-45 yum package which has last update Nov 3, 2016 and build date of Nov 14, 2016

Code:

httpd -V
Server version: Apache/2.4.6 (CentOS)
Server built:   Nov 14 2016 18:04:44
Server's Module Magic Number: 20120211:24
Server loaded:  APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/run/httpd/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

Code:

rpm -qa --changelog httpd | head -n30
* Thu Nov 03 2016 CentOS Sources <bugs@centos.org> - 2.4.6-45.el7.centos
- Remove index.html, add centos-noindex.tar.gz
- change vstring
- change symlink for poweredby.png
- update welcome.conf with proper aliases

* Wed Aug 03 2016 LuboÅ¡ Uhliarik <luhliari@redhat.com> - 2.4.6-45
- RFE: run mod_rewrite external mapping program as non-root (#1316900)

* Tue Jul 12 2016 Joe Orton <jorton@redhat.com> - 2.4.6-44
- add security fix for CVE-2016-5387

* Tue Jul 05 2016 Joe Orton <jorton@redhat.com> - 2.4.6-43
- add 451 (Unavailable For Legal Reasons) response status-code (#1343582)

* Fri Jun 17 2016 Joe Orton <jorton@redhat.com> - 2.4.6-42
- mod_cache: treat cache as valid with changed Expires in 304 (#1331341)

* Wed Feb 24 2016 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-41
- mod_cache: merge r->err_headers_out into r->headers when the response
  is cached for the first time (#1264989)
- mod_ssl: Do not send SSL warning when SNI hostname is not found as per
  RFC 6066 (#1298148)
- mod_proxy_fcgi: Ignore body data from backend for 304 responses (#1263038)
- fix apache user creation when apache group already exists (#1299889)
- fix apache user creation when USERGROUPS_ENAB is set to 'no' (#1288757)
- mod_proxy: fix slow response time for reponses with error status code
  when using ProxyErrorOverride (#1283653)
- mod_ldap: Respect LDAPConnectionPoolTTL for authn connections (#1300149)
- mod_ssl: use "localhost" in the dummy SSL cert for long FQDNs (#1240495)

VestaCP provided Apache is missing fix for CVE-2016-5387 https://access.redhat.com/security/cve/cve-2016-5387 and https://httpoxy.org/

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
Find out more about CVE-2016-5387 from the MITRE CVE dictionary dictionary and NIST NVD.

Harry P · Feb 7, 2017

Moebuntu said:
I want to have a free option beside paid hosting panel is plesk which I am using for my blog sites. I checked some suggestions on this forum and selected two free hosting panels are Centos Web Panel and Vestacp but I don't know which is better and stable, no bugs or issues. Can you share me your thoughts or what are pros or cons of Centos Web Panel and Vestacp?

I think that Vestacp because I have just read your post here https://forumweb.hosting/14100-centos-web-panel-could-not-select-database-root_cwp.html and you got the issue with Centos Web Panel.

I used to use cPanel on my hosting which my hosting provider sent to me each time I bought a new hosting so that I didn't have experience on free panel.

eva2000 said:
one of my clients had VestaCP installed and migrating him to my Centmin Mod LEMP stack instead and had an opportunity to delve into VestaCP on CentOS 7 and I'm not too impressed for web server side. I wrote a full review on my site. But the gist of it is

1. nginx installed uses system openssl 1.0.1e so no support for openssl 1.0.2+ which means no ALPN protocol support and no HTTP/2 based HTTPS support
2. Apache 2.4.6 installed is actually a custom VestaCP provided 2.4.6-118 labeled yum package set. But it's based on 30+ month old 2.4.6-18 built on Dec, 2014 missing 30+ months of security and bug fix updates compared to Apache 2.4.25 latest and CentOS 7.3 Apache 2.4.6-45 built Nov 2016 !

I am curious about VestaCP, this panel is easy to use and make configurations for newbies?
What is Centmin Mod LEMP? is it a control panel?

bestcast4u · Feb 7, 2017

I never used two of them but i tried sentora it's free, easy to install but missing many features comparing with cpanel

ohya · Feb 19, 2017

Both are good panels,

But from user view and sysadmin view I can say only one bad think from centos web panel and maybe you decide not to use it

And is backup system

- Very ugly backup system.
- Cant do full backup to restore it in another server
- Backup says "you can only restore website files" so no database restore from panel
- I not see any option to backup mails, I check server for mails backups and not see any file or dir whit backup from mails or mail accounts.

So, is nice panel, working fine, have a lot of options but, who whant to use a panel whit a bad backup system.

What happen when your client lost data and your panel backup is not complete or your server get broken and you need restore all as it in orther server and you cant do it ?

In vestacp you can do a backup from user, take it delete user and restore complete user, or take user bakcup, transfer to other server and restore whitout any problems.

Excluding backups both panels are good.

austenite · Mar 13, 2017

I've personally used both but prefer VestaCP though i don't currently use either of them due to the points that @eva2000 pointed out.

Looking forward to giving centminmod another test run once LetsEncrypt integration is available.

ohya · Mar 14, 2017

Vestacp just provide OS packages, if you want recent packages just run recent OS has ubuntu 14 or ubuntu 16 and you get newer software.

Of course as vesta provice OS packages you can upgrade it manually

Same happen in comercial panels like plesk than provide mysql from OS, and a lot of times its obsolete

azafor · May 22, 2017

I've used both VestaCP and CentOS web panel, I personally prefer VestaCP. VestaCP UI is fast while CentOS web panel is bit slow. Vesta supports Debian, CentOS, Ubuntu while CentOS web panel limited to CentOS/RHEL.

From my experience, I think VestaCP is better and hotter than CentOS web panel.

There's one advantage in CentOS web panel, that I like, It provide out of the box support for Varnish cache.

qbeststar · May 25, 2017

Moebuntu said:
I want to have a free option beside paid hosting panel is plesk which I am using for my blog sites. I checked some suggestions on this forum and selected two free hosting panels are Centos Web Panel and Vestacp but I don't know which is better and stable, no bugs or issues. Can you share me your thoughts or what are pros or cons of Centos Web Panel and Vestacp?

VestaCP best choice for end user if you need put your website also they support more OS, Centos Web Panel better for selling hosting, soon they create better design.

CaygriWEB · Jul 4, 2017

I use and test only VestaCP and the gui is not userfiendly like Cpanel or Plesk but I think it's the most similiar.
Also is very userful and custom and there is a lot of tutorial online.

Centos Web Panel i never use, just few minute of test not anymore.

fishmonk · Jul 31, 2017

I prefer Plesk over the suggested ones mentioned. Plesk can be installed on a variety of operating systems and is virtually host agnostic.

The other key thing for me is that Plesk has integrated Git which assists to track changes and site updates.In comparison with CPanel, the GUI is much cleaner as well.

HostBastic · Aug 1, 2017

Regarding free panels I would suggest CentOS Web Panel over VestaCP, it improved alot over the past few months. At times VestaCP is quite dificult to get around, compared to CWP which is almost like a free cPanel look a like.

HostBastic · Aug 29, 2017

My suggestion would be CentOS Web Panel, VestaCP is a solid panel however its not nearly as rich in features compared to CWP. Both are secure with active developement in progress.

DanielN · Dec 31, 2017

I have been using VestaCP for 6+ months now and I really like it. By default, you don't have a file manager though.
If you need a free CP for your own projects I highly recommend VestaCP.
If you want to give this to your customers, I would advise against it as it does have a learning curve when you first use it.

alpshost1 · Jan 17, 2018

between the 2 I will choose vestaCP. VestaCP has everything you need and is free.

VirtuBox · Jan 17, 2018

The file manager isn't a problem, you can install extplorer on a subdomain.

But Centos Web Panel come with a lot of cool features, and there is a new design for the web interface. You can see the demo here : https://www.youtube.com/watch?v=p3C3fi7_Z84

TehParadox · Jan 18, 2018

No, CWP is best and better than VistaCP i am using CWP from several years, Biggest bug in CWP is about Php File size limit,

Centos Web Panel vs Vestacp

Well-known member

Well-known member

Well-known member

Administrator

Well-known member

Well-known member

Member

New member

Well-known member

New member

New member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Member

Member

Well-known member

Member

Sponsors

Tag Cloud