Getting Started Last updated: 2020-05-13

Cipi is a Laravel based cloud server control panel that supports Digital Ocean, AWS, Vultr, Google Cloud, Linode, Azure and other VPS. It comes with nginx, Mysql, multi PHP-FPM versions, multi users, Supervisor, Composer, npm, free Let's Encrypt certificates, Git deployment, backups, postfix, phpmyadmin, fail2ban, Redis, API, data migration and with a simple graphical interface useful to manage Laravel, Codeigniter, Symphony, WordPress or other PHP applications. With Cipi you don’t need to be a Sys Admin to deploy and manage websites and PHP applications powered by cloud VPS.

Features

  • Easy install: setup one or more servers with a click in less than ten minutes without be a Linux expert.
  • Server Management: manage one or more servers in as easy as a few clicks without be a LEMP Guru.
  • Perfect stack for PHP devs: Cipi comes with nginx, PHP, MySql, Composer, npm, Redis and Supervisor.
  • Multi-PHP: Run simultaneous PHP versions at your ease & convenience.
  • Secure: no unsed open ports, unprivileged PHP, isolated system users and filesystem, only SFTP (no insecure FTP), http/2, Free SSL certificates everywhere.
  • Always update: Cipi takes care about your business and automatically keeps your server's software up to date so you always have the latest security patches.
  • Real-time servers stats: Keep an eye on everything through an awesome dashboard.
  • Always up to date: Cipi installs last versions of LTS dists and supports Ubuntu 20.04 LTS.

Cipi Stack
Ubuntu 18.04 LTS Ubuntu 20.04 LTS
nginx 1.14 1.17
MySql 5.7 8
node.js 12 14
npm 6 6
PHP-FPM 7.2 / 7.3 / 7.4 7.2 / 7.3 / 7.4
PHP CLI 7.4 7.4
PHP .ini custom configutation
max_filesize / execution_time
256MB / 180 256MB / 180
PHP-FPM pool (for each application)
pm.max_children / pm.max_requests
50 / 500 50 / 500
OPCache, PDO, BCMath, Ctype, Fileinfo, JSON, Mbstring, OpenSSL, Tokenizer, XML, PHP Redis, ImageMagick, Zip, Common yes yes
Redis yes yes
Composer yes yes
Supervisor yes yes
Git yes yes
Let's Encrypt yes yes
http/2 Support yes yes
phpmyadmin yes yes
fail2ban yes yes
SSH/SFTP yes yes

Installation

There are two suggested ways to install Cipi:

  • Via Autoinstall Script as a standalone Control Panel on a VPS
  • Via Composer as a simple Laravel project into any shared/not shared hosting

Via Autoinstall Script (Standalone)

The best way to install Cipi is running this autoinstall script on a VPS with Ubuntu 18.04 LTS or 20.04 LTS (fresh installation):

wget -O - https://cipi.sh/go.sh | bash
At the end of installation process, Cipi will show some password that you have to conserve.
Before you can install Cipi, please make sure your server fulfils these requirements:
  • Ubuntu 18.04 or 20.04 x86_64 LTS (Fresh installation)
  • If the server is virtual (VPS), OpenVZ may not be supported (Kernel 2.6)
  • Hardware Requirement: More than 1GB of HDD / At least 1 core processor / 512MB minimum RAM / At least 1 public IP Address (NAT VPS is not supported) / External firewall / For VPS providers such as AWS, those providers already include an external firewall for your VPS. Please open port 22, 80 and 443 to install Cipi.
  • Installation may take up to about ten minutes which may also depend on your server's internet speed. After the installation is completed, you are ready to use Cipi to manage your servers.
  • To correctly manage remote servers Cipi has to be on a public IP address... do not use it in localhost!
AWS by default disables root login. To login as root inside AWS, login as default user and then use command sudo -s.
  • $ ssh ubuntu@<your server IP address>
  • $ ubuntu@aws:~$ sudo -s
  • $ root@aws:~# wget -O - https://cipi.sh/go.sh | bash

Via Composer (Laravel Project)

Cipi is a Laravel based project so you can install it in any virtualhost (shared or not shared) using Composer:

  • Run composer create-project andreapollastri/cipi <your-folder>
  • Copy .env.example file in .env and compile your DB and URL data
  • Run php artisan key:generate
  • Run php artisan config:cache
  • Run php artisan view:cache
  • Run php artisan migrate --seed

Note

Cipi has to be online to work remotely with its clients servers.

Security Tips

Default Cipi username and password are: admin@admin.com / 12345678.
After first login, you could change them into "settings" area.

Into Settings Area is possible setup an STMP account useful to receive passoword recovery mails too.
Another useful tip to keep safe your Cipi Panel, is to let it works under an SSL protocol.
If you installed Cipi via Autoinstall script you can obtain a free SSL certificate following these steps:
  • Configure a domain/subdomain A DNS record to your Cipi VPS IP
  • Login as suder user into Cipi VPS (cipi default user)
  • Run sudo nano /etc/nginx/sites-enabled/default
  • Add server_name <your-domain/subdomain> directive into "server" group
  • Run sudo systemctl restart nginx.service
  • Run sudo certbot --nginx -d <your-domain/subdomain> --non-interactive --agree-tos --register-unsafely-without-email
  • Run sudo systemctl restart nginx.service
  • Run sudo nano /var/www/html/.env
  • Change APP_URL= variable content with your https://your-domain/subdomain
  • Run cd /var/www/html/
  • Run php artisan config:cache

Dashboard

Cipi Dashboard is for viewing your installed servers status. The summary page will display in real-time:

  • Server Name
  • Server Apps number
  • Server CPU usage (in %)
  • Server RAM usage (in %)
  • Server HDD usage (in %)
  • Server Ping (On-line / Not on-line)

Servers

Servers area is for viewing your servers list, manage their "cipi" user password, create new server or delete one of them.
The page will display:

  • Server Name
  • Server IP
  • Server Provider
  • Server Location
  • Server Action (Reset cipi user and Destroy server)
You can rename any server name or change any server IP clicking on edit icons: ;

Deploy Server

To deploy a server, click on button: CREATE NEW and fill the form with these data:

Name The name of Server (e.g. "Production Server")
IP The IP of the Server (IPv4 not IPv6)
Provider Server Provider (e.g. "Digital Ocean")
Location Server location (e.g. "Amsterdam DC3")
Submiting the form, a new server will appears into servers list through a button as this: "Server Name" has to be installed.
Click the "red button" and follow the procedure that will appears into a modal window:
At the end of installation process, Cipi will show some password that you have to conserve.
Server is now ready to be used into Cipi Cloud Control Panel.

Reset main user

For security reasons, Cipi disables "root" SSH access but generate a new "cipi" sudo main user into your server to let you to login into it and to grant root access using "sudo su" or "sudo -s" (in AWS) commands.
To reset "cipi" user password, click on the key icon: of the desidered server and confirm reset action.

Restart Services

With "Servers" list you can click on a specific server name and enter into its applications list.
At the end of this page you can find five buttons useful, if you need, to restart services:

  • nginx
  • PHP
  • MySql
  • Redis
  • Supervisor

Destroy a server

To destroy a server you have just to click the trash icon: of the desidered server and confirm destroy action.

Applications

An application is your website/webapp consisting of files that will be used for functionality and display purposes.
With Cipi, every Application is separated from each other because each app contains its own settings, database, permissions and PHP-FPM pool. This method allows to each user to be secure and protected in its own right. If one of your websites is compromised, the others would be completely safe.

Applications area is for viewing your applications list, require SSL certificates on main app domain, create new Application or delete one of them. The page will display:
  • Application (main) Domain
  • Application Server
  • Application User
  • Application (document root) Path
  • Application PHP Version
  • Application Aliases Number
  • Application Action (Domain SSL and Destroy Application)

Create an application

To create an application, click on button: NEW APPLICATIONand fill the form with these data:

Domain The main application domain (e.g. domain.ltd or subdomain.domain.ltd)
Server Destination Server
Basepath Entrypoint of Document Root (e.g. "public" in Laravel Applications)
PHP PHP Version (7.2, 7.3 or 7.4)
At the end you will receive a summary with SFTP/SSH and database credentials useful to manage your new Application.

Get an SSL Certificate

In Applications list you can require a main domain SSL free certificate just clicking on lock icon: of desidered application and waiting for a "green check" response. Before require a certificate, double check that the domain / subdomain DNS are setted on application server IP and that there is not any proxy in the middle (such as Cloudflare proxy for e.g. because of Let's Encrypt requires DNS validation). You can use Cloudflare or other proxy after Let's Encrypt DNS validation or you can directly use SSL certificate provided by WAF/CDN service (such as Cloudflare cert).

Customize nginx

You can customize every Application nginx configuration:

  • Run ssh root@<server-ip>
  • Run sudo nano /etc/nginx/cipi/<app-user>.conf
  • Edit your custom configuration
  • Run sudo systemctl restart nginx.service

Connect a GIT

With Cipi connect a private or public Github repository to your account is very easy!

  • Run ssh <app-user>@<server-ip>
  • Run rm -rf /home/<app-user>/web (all application web contents will be delete)
  • Copy /home/<app-user>/git/deploy.pub into Github SSH Keys
  • Run nano /home/<app-user>/git/deploy.sh
  • Edit your Git repository name, branch and optional post deploy scripts
  • Run sh /home/<app-user>/git/deploy.sh to deploy Git on your server
  • You can create a PHP webhook (git ignored) into your /web folder with command with exec commant to deploy.sh
  • Redis Configuration

    Redis is available in every Applications using:

    Host 127.0.0.1
    Port 6379
    Auth No password

    Supervisor

    To manage Supervisor configuration:

    • Run ssh root@<server-ip>
    • Run sudo nano /etc/supervisor/supervisord.conf
    • Edit your custom configuration
    • Run sudo service supervisor restart

    Cron Jobs

    You can manage cron job SSHing into your server:

    • Run ssh <app-user>@<server-ip>
    • Run crontab -e
    • Edit your crons
    Take care that you application is running into /home/<app-user>/web directory.

    Local backups

    With Cipi you can quickly backup your application file system and database:

  • Run ssh <app-user>@<server-ip>
  • Run nano /home/<app-user>/bks/db.sh
  • Edit your database informations and set backup retain days
  • Run nano /home/<app-user>/bks/fs.sh
  • Set backup retain days
  • Run sh /home/<app-user>/bks/db.sh to dump your Application database
  • Run sh /home/<app-user>/bks/fs.sh to backup your web directory
  • Backups are avalable into /bks subdirs. You can use a cron to automate backups
  • s3 backups

    This function will coming soon...

    Destroy an application

    To destroy an application you have just to click the trash icon: of the desidered application and confirm destroy action.

    Aliases

    With Cipi you can manage Applications domains alises (such as www.domain.ltd as alias of domain.ltd). This function is useful for multitenant applications too (e.g. it.domain.ltd, en.domain.ltd or user1.domain.ltd, user2.domain.ltd).

    Alias area is for viewing your aliases list, require SSL certificates on alias domain, create new Alias or delete one of them. The page will display:
    • Alias Domain
    • Application (main) Domain
    • Application Server
    • Application User
    • Alias Action (Domain SSL and Destroy Alias)

    Create an alias

    To create an alias, click on button: NEW ALIASand fill the form with these data:

    Domain e.g. www.domain.ltd
    Application Choose Application to connect

    Get an SSL Certificate

    In Alises list you can require a domain SSL free certificate just clicking on lock icon: of desidered alias and waiting for a "green check" response. Before require a certificate, double check that the domain / subdomain DNS are setted on application server IP and that there is not any proxy in the middle (such as Cloudflare proxy for e.g. because of Let's Encrypt requires DNS validation). You can use Cloudflare or other proxy after Let's Encrypt DNS validation or you can directly use SSL certificate provided by WAF/CDN service (such as Cloudflare cert). No worry to work with Cipi proxed by Cloudflare!

    Destroy an alias

    To destroy an alias you have just to click the trash icon: of the desidered alias and confirm destroy action.

    Users

    Users area shows a list of Applications Users with their basic information and the reset user password button (key icon: ).

    Databases

    Databases area shows a list of Applications Dbs with their basic information, the reset db user password button (key icon: ) and the phpmyadmin link button (table icon: ).

    Settings

    Manage accout

    Into settings area you can update your login information (username and password).

    SMTP Setup

    Into settings area you can set a SMTP configuration useful to active "password recovery" function and other future Cipi implementations (such as Servers Monitor Alerts).

    Migrations

    With Cipi Import / Export function you can move your servers data from a Cipi installation to another with a simple click!
    This feature is active since Cipi v2.4.7 and let you to update Cipi core without losing/reconfig anything.

    API Key

    Cipi API are not ready yet. :/

    API Guide

    Cipi API are not ready yet. :/

    Support

    Cipi is an open-source software licensed under the MIT license and developed by Andrea Pollastri.
    You can follow Cipi Project RoadMap here. If you have any issue with Cipi, please open an issue on Github.
    If you discover a security vulnerability within Cipi, please open an issue on Github or send an e-mail to andrea@pollastri.dev. All security vulnerabilities will be promptly addressed.