Cipi Docs — About Cipi

About Cipi

History

Cipi was created by Andrea Pollastri, a software developer since 2005 specialising in Laravel, system administration, and cybersecurity — with experience at companies like Docebo and Musement. He built Cipi out of a practical need: a fast, scriptable way to provision and deploy Laravel applications on his own VPS, without handing control to a SaaS panel. What started as a private tool became an open-source project that grew to over 1,000 GitHub stars and hundreds of active deployments worldwide. Here is a brief account of how it evolved across six years and four major versions.

v0.1 June 2019

The idea

A collection of shell scripts to automate the tedious parts of setting up a Laravel server on a fresh Ubuntu VPS — Nginx, PHP, MariaDB, Supervisor. No web UI, no package. Just bash.

v1.x June 2019

First release — Laravel panel

The shell scripts were wrapped in a Laravel web application acting as a server control panel. Users could create apps, manage deployments, and configure Nginx through a browser UI hosted on the same server. The project was published on GitHub and quickly attracted interest from the Laravel community.

v2.x May 2020

Feature growth

A year of rapid iteration added SMTP configuration, local database backups, PHP-FPM permission fixes, server service management, and root password reset. The v2 series reached 2.4.9 across dozens of patch releases, establishing Cipi as a stable option for small-team Laravel hosting.

v3.0 March 2021

The big leap — API, PHP 8, real-time UI

Built on Laravel 8, v3 introduced a fully documented REST API (Swagger / OA), PHP 8 support, real-time CPU/RAM charts, a Cronjob editor, Supervisor management, a GitHub repository manager, Node 15, Composer 2, and JWT authentication. Cipi could now manage the same server it ran on. The project reached 1k GitHub stars.

v3.1 December 2021

The last web UI — and a question

PHP 8.1 became the default version. Node was upgraded to v16, Certbot was refreshed, and domain alias handling was fixed. The v3.1.x series was the most polished release of the web-UI era and many teams kept it running in production for years.

It was also the version that prompted a harder question: was a browser-based control panel still the right interface? Modern development workflows had moved toward SSH, CI/CD pipelines, GitOps, and — increasingly — AI agents that could orchestrate infrastructure through shell commands. A web UI required authentication, a running Laravel process, and a database just to issue a deploy. A CLI needed none of that. The answer shaped everything that came next.

v4.x March 2026

The rewrite — CLI-first, Laravel-exclusive

After years of maintaining a full Laravel web application as the control plane, v4 made the boldest decision yet: drop the web UI entirely. Cipi became a pure CLI tool operated over SSH. The scope also narrowed from generic PHP to Laravel exclusively, allowing every part of the stack to be optimised for one framework. MySQL was replaced by MariaDB 11.4, git pull was replaced by Deployer zero-downtime releases, shared deploy keys became per-app ed25519 keys, and S3 automated backups and native webhook support for GitHub and GitLab were added from day one. v4 also introduced a complete REST API for programmatic management of hosts and applications, native integration with GitHub and GitLab git providers, a groundbreaking dual MCP server architecture — one per-app and one global — enabling full AI-driven infrastructure management directly from any MCP-compatible IDE or AI agent, encrypted server sync for migrating apps between VPS instances, and a built-in database anonymizer for GDPR-safe data exports. The result is the version you are using today.

The full v4 changelog is available on GitHub Releases. Latest: 4.4.13 — optional Git repository for cipi app create --custom (SFTP-only sites); pair the server with the cipi-sh/api 1.6.1 package for matching REST/MCP validation.

Security Model

SSH hardening

During installation, Cipi creates groups cipi-ssh and cipi-apps and applies the following SSH architecture:

User	Access	Method
`root`	blocked	`PermitRootLogin no`
`cipi`	key-only	group `cipi-ssh`, `PasswordAuthentication no` globally
app users	user + password	group `cipi-apps`, `Match Group cipi-apps` → `PasswordAuthentication yes`

sshd_config uses AllowGroups cipi-ssh cipi-apps instead of AllowUsers. App users can connect with ssh myapp@server-ip and the password generated at app creation. Admin access is via public-key as cipi. SSH keys are managed with cipi ssh list / add / remove — see SSH Key Management.

SSH key management & notifications

Authorized keys for the cipi user can be managed via the CLI with built-in safety: format validation, duplicate prevention, current-session protection, and last-key protection to avoid lockout. When SMTP is configured, every key addition, removal, or rename triggers an email alert with hostname, IP, fingerprint, timestamp, and remaining key count. Rename alerts also include the old and new key name.

Privilege escalation prevention

Application users are restricted from using su to escalate privileges to root or the cipi account. This is enforced via pam_wheel.so group=sudo, ensuring that only members of the sudo group can switch users.

Sudoers hardening

The www-data user (used by Nginx and PHP-FPM) has its sudoers access restricted to an explicit command whitelist instead of a wildcard pattern. Only the specific /usr/local/bin/cipi subcommands required by the API are allowed. This prevents www-data from running arbitrary commands even if the web application is compromised.

API command whitelist

The Cipi API validates every CLI command against an internal whitelist before executing it via sudo. Commands not on the whitelist are rejected, preventing command injection through the API layer.

User isolation

Each app runs under its own Linux user with chmod 750 on the home directory. No app can read another app's files. PHP-FPM runs each app's pool as the app user with its own Unix socket.

PHP open_basedir

open_basedir is configured per FPM pool to restrict PHP to the app's home directory. Even if an app is compromised, PHP cannot access the filesystem outside its own home.

Database isolation

Each app has its own MariaDB database and user with GRANT ALL restricted to that database only. A compromised app cannot read or write to another app's database.

Per-app SSH deploy keys

Each app gets its own ed25519 SSH key pair. A compromised deploy key only affects one repository — not all apps on the server.

Webhook security

GitHub webhooks are verified using HMAC-SHA256 signatures. GitLab webhooks use token comparison. The webhook handler in cipi-agent returns 200 immediately and writes a flag file — Deployer runs separately as the app user with no elevated privileges.

Configuration encryption (Vault)

All Cipi configuration files — server.json, apps.json, databases.json, backup.json, smtp.json, api.json — are encrypted at rest using AES-256-CBC via the built-in Vault system. A per-server master key (/etc/cipi/.vault_key, chmod 400) ensures that even if an attacker gains read access to the filesystem, configuration files containing database passwords, API tokens, and credentials are unreadable without root privileges. See Vault & Encryption for the full architecture.

Encrypted sync archives

When transferring applications between servers via cipi sync, the entire archive — including .env files, SSH keys, database dumps, and configuration — is encrypted with AES-256-CBC using a user-provided passphrase. Archives use the .tar.gz.enc extension and cannot be read without the passphrase. This protects sensitive data both at rest (on disk) and in transit (during rsync/scp transfer). See Sync for details.

GDPR-compliant log retention

Cipi enforces automatic log rotation: application and security logs are retained for 12 months, while HTTP/navigation logs (which contain IP addresses — personal data under GDPR) are retained for 90 days. This satisfies the GDPR data minimization principle while preserving enough history for debugging and audit trails. See Log retention for the full policy.

Auth & key notifications

Cipi monitors privileged authentication events via PAM (pam_exec.so) and sends real-time email alerts when a user elevates via sudo or su, or when root/sudoers log in via SSH. SSH login notifications include the key fingerprint and comment (resolved by matching the /var/log/auth.log fingerprint against authorized_keys), so you can immediately identify which key was used to access the server. Email alerts are also sent when SSH keys are added to, removed from, or renamed on the cipi user, and when apps are created, edited, or deleted. Notifications include contextual details (username, TTY, source IP, fingerprint, key comment, key count) and run asynchronously to avoid login delays. All events are also logged to /var/log/cipi/events.log regardless of SMTP. Email alerts require SMTP configured — fails silently otherwise. See Email Notifications for setup.

No web panel

Cipi has no web interface. There is no attack surface from an admin panel. All management happens over SSH as the cipi user using the cipi CLI.

Nginx default virtual host

The Nginx default virtual host uses a rewrite rule to serve a minimal "Server Up" page for all requests to unconfigured domains or direct IP access. This reliable catch-all prevents Nginx from exposing its version number in default error pages.

Network

UFW blocks all ports by default except 22, 80, and 443. Fail2ban monitors SSH with progressive banning: a 24-hour base ban that doubles on each repeat offence (7-day cap), with only 3 retries allowed before a ban. A dedicated recidive jail catches repeat offenders — 3 bans within 24 hours triggers a 7-day block. Use cipi ban list and cipi ban unban to inspect and manage bans from the CLI.

Automatic OS security updates

Cipi enables unattended-upgrades during installation, so the underlying Ubuntu system applies security patches automatically — without any manual intervention. Only security-classified updates are installed unattended; major version upgrades require explicit confirmation.

You can verify and manage the configuration at any time:

bash

# check unattended-upgrades status
$ systemctl status unattended-upgrades

# view the upgrade log
$ cat /var/log/unattended-upgrades/unattended-upgrades.log

# force an immediate unattended upgrade run
$ unattended-upgrade --debug --dry-run

Automatic reboots after kernel updates are disabled by default to avoid unexpected downtime. If a kernel update requires a reboot, you will see a notice when you log in via SSH. Schedule the reboot at a convenient maintenance window with sudo reboot.

Why MariaDB?

Cipi uses MariaDB instead of MySQL for several reasons:

Drop-in replacement — Laravel doesn't notice the difference. Same PDO driver, same SQL syntax, same migration files.
Better performance — more advanced query optimizer and native thread pool in the community edition.
Clean licensing — pure GPL, no Oracle involvement.
Native on Ubuntu — installs from the default Ubuntu repositories without external PPAs.
Auto-tuned — Cipi configures innodb_buffer_pool_size based on your server's RAM (256M for 1 GB RAM, up to 4 GB for 16 GB+ servers).

Why Laravel?

When v4 was designed, one of the clearest decisions was to drop generic PHP and WordPress support entirely and go all-in on a single framework. That framework was Laravel — and the reasoning goes well beyond personal preference.

Speed of development

Laravel gives developers an extraordinary head start. Authentication, queues, scheduled tasks, file storage, email, notifications, API resources, database migrations — all of it is built in, consistent, and documented. A team can go from an empty project to a production-ready application in a fraction of the time it would take with a lower-level stack. For Cipi, this means that every deployment assumption — directory layout, .env handling, queue workers, the scheduler — maps cleanly to a known structure. There is no guesswork.

A thriving open-source community

Laravel has one of the most active and welcoming communities in the PHP world. Packages are published, maintained, and discussed daily on GitHub, Laracasts, Discord, and X. When you hire a Laravel developer, you get someone who already knows the conventions, the tooling, and the ecosystem. When you publish a Laravel package, it reaches tens of thousands of developers overnight. That network effect is genuinely valuable — and it is one of the reasons Cipi's companion package, cipi-agent, works so well: drop it into a Laravel app and it just fits.

Security by default

Laravel takes security seriously out of the box. CSRF protection, SQL injection prevention through the query builder, XSS mitigation via Blade's auto-escaping, rate limiting, signed URLs, encrypted cookies — these are not add-ons you wire together, they are the defaults. The framework's release cycle includes prompt security patches, and the team publishes clear upgrade guides. For production applications that handle real users and real data, that reliability matters enormously.

Longevity and support

Every major Laravel version receives bug fixes for 18 months and security fixes for two years after release. LTS versions extend that further. Taylor Otwell and the core team have maintained a consistent, principled release cadence since 2011 — a track record that is rare and genuinely reassuring for long-term projects. When you deploy on Cipi, you are not betting on a framework that might be abandoned next year.

The Laravel ecosystem

Laravel does not stand alone. Around it has grown an ecosystem of first-party and community tools that are among the best in the industry:

Livewire — full-stack reactive components without leaving PHP
Filament — a stunning admin panel and form builder built on Livewire
Inertia.js — the bridge between Laravel and modern front-end frameworks (Vue, React, Svelte)
Laravel Horizon — a beautiful dashboard for monitoring Redis queues
Laravel Telescope — an elegant debug assistant for local and staging environments
Laravel Octane — supercharges application performance with FrankenPHP, Swoole, or RoadRunner
Pest — a delightful PHP testing framework with a Laravel-native plugin
Laracasts — the best screencasts in PHP, period

These tools do not just exist — they are actively developed, widely adopted, and genuinely fun to use. The Laravel world has a rare quality: it manages to be both opinionated enough to feel cohesive and flexible enough to stay out of your way when you need it to.

Ship or die

Taylor Otwell, the founder of Laravel, has a mantra that resonates far beyond the framework: "we must ship." It is a simple statement, but it encapsulates an entire philosophy — that code only has value when it reaches users, that perfectionism is the enemy of progress, and that the best developers are the ones who find ways to move forward even when the conditions are not ideal.

The broader tech world has its own, blunter version: ship or die. Build something real, put it in front of people, learn, and iterate — or watch it slowly become irrelevant in a drawer. Laravel's entire ecosystem is built around that spirit. The framework reduces friction, the community celebrates releases, and the tooling rewards velocity. Cipi exists for the same reason: to remove the server management friction that stands between a developer and a live, deployed application.

If you are reading these docs, you are probably a developer who wants to build things, not babysit infrastructure. That is exactly the kind of developer Cipi was made for.

Cipi is built for Laravel and with Laravel. The installer, the deploy pipeline, the agent package, the cron setup, the worker management — every decision was made with a Laravel app in mind. If you love the framework, you will feel right at home.

Why "ci-pi"?

Cipi is the Italian reading of the letters C and P — which stand for Control Panel. It is a quiet nod to the project's Italian roots and to the fact that, underneath all the CLI commands, Cipi is doing exactly what a control panel does: managing Nginx, PHP-FPM, MariaDB, Supervisor, Certbot, and UFW on your behalf — just without the browser tab.

The name also carries a deliberate lightness. Server management tools tend to take themselves very seriously. Cipi does not. It is a tool built by a developer for developers, with the goal of getting out of the way as quickly as possible.

The mascot

The Cipi mascot is a penguin — an intentional reference to Tux, the official Linux mascot created by Larry Ewing in 1996. Where Tux is polished and iconic, the Cipi penguin is drawn in a minimal, hand-sketched line style: same species, different attitude. Think of it as Tux's quieter sibling who prefers the terminal over the spotlight.

The illustration is rendered as a pure SVG using the project's accent color, so it adapts naturally to light and dark mode and scales to any size without losing quality.

Cipi vs alternatives

There are many tools for provisioning and managing web servers. This page explains where Cipi sits in that landscape and why you might — or might not — choose it over each category. The comparison is focused on seven axes: AI integration (dual MCP server — per-app and global), native Git deploy (GitHub & GitLab), REST API, CLI-first automation, encryption at rest (Vault), GDPR compliance, and total cost of ownership.

Cipi's core proposition: free forever, MIT open source, Laravel-first (with custom app support), CLI-first, AI-ready with dual MCP server, native GitHub & GitLab integration, full REST API, AES-256-CBC encryption at rest, GDPR-compliant log retention, self-contained on your VPS. It does one thing and does it well — it does not try to be a generic hosting panel, a SaaS platform, or a multi-stack tool. In addition to Laravel, Cipi supports custom apps (static sites, SPAs, WordPress, alternative PHP frameworks, and other non-Laravel projects). Cipi provides automatic deployment integration with GitHub and GitLab, a complete REST API for managing hosts and applications programmatically, a dual MCP server architecture for AI-driven management, built-in Vault encryption for all configuration files and sync archives, and GDPR-compliant automatic log rotation. No credentials, SSH keys, or sensitive data are ever stored in plaintext — and no infrastructure data ever leaves your VPS.

Tool	CLI / automation	Free / OSS
Cipi
Laravel Forge	partial	$12–19/mo
Ploi	partial	€8–30/mo
moss.sh		limited free / $9–49/mo
RunCloud		$12–18/mo
CloudPanel	partial
ServerPilot		$12–49/mo
HestiaCP / VestaCP
cPanel / Plesk		$20+/mo
aaPanel
Vito Deploy
GridPane / xCloud / ServerAvatar

Cipi vs Laravel Forge

Forge is the most direct competitor and the benchmark in the space — it is built by the Laravel team, mature, polished, and battle-tested at scale (970k+ servers, 56M+ deployments). It features a clean GUI, zero-downtime deployments, server monitoring, heartbeats, health checks, and integration with all major cloud providers (AWS, DigitalOcean, Hetzner, Vultr, and others).

Where Cipi wins:

Cost — Forge costs starts at $12month per server. Cipi is free, for all your servers, for life.
No SaaS dependency — Forge requires an active subscription and a reachable forge.laravel.com to manage your servers. If the service has downtime or you cancel, you lose the management interface. Cipi lives entirely on your VPS — it works independently of any external service.
CLI and pipeline automation — Cipi is entirely operable over SSH with composable shell commands. Every operation can be scripted, chained in a pipeline, triggered by a webhook, or run from a GitHub Action. Forge's automation relies primarily on its GUI and deployment scripts.
Open source — Cipi is MIT-licensed. You can read, audit, fork, and modify every line. Forge is proprietary.
Simplicity — Forge has grown into a feature-rich platform. Cipi has a deliberately small surface area — one binary, a handful of commands, zero GUI.
Native Git deploy (GitHub & GitLab) — Cipi provides automatic deployment integration with both GitHub and GitLab out of the box, with webhook-driven zero-downtime releases configured in a single command.
REST API — Cipi exposes a full REST API for managing hosts and applications programmatically, enabling integration with external tools, dashboards, and custom workflows.
Dual MCP server — Cipi is the only server panel with a dual MCP architecture: a per-app MCP server for managing a single application and a global MCP server for creating, deploying, modifying, deleting, and managing SSL certificates across all applications on the server. This enables full AI-driven infrastructure management from any MCP-compatible IDE or agent.
Encryption at rest — All Cipi configuration files (passwords, tokens, SSH keys) are encrypted with AES-256-CBC via the Vault system. Forge stores server credentials on its own SaaS infrastructure; Cipi keeps everything encrypted on your VPS.
GDPR / data sovereignty — Cipi runs entirely on your server. No infrastructure data is sent to any third party. Forge is operated by a US company and processes your server metadata under US law — requiring a DPA for GDPR compliance. With Cipi there is no third-party data processor to manage.
Server sync & replication — Built-in encrypted server-to-server sync with cipi sync push enables automated failover replication via cron. Forge has no equivalent feature.

Where Forge wins: GUI, multi-cloud provisioning, teams, monitoring dashboards, heartbeats, health checks, and years of production hardening. If your team is not comfortable with SSH and prefers a visual interface, or if you need to manage servers across multiple cloud accounts, Forge is the better choice.

Cipi vs Ploi & moss.sh

Ploi is a SaaS server management panel with strong Laravel support, a clean UI, and a good set of features (zero-downtime deployments, automatic database backups, S3 file backups, Supervisor queue management, DNS management). It starts at €8/month per server (Basic) up to €30/month (Unlimited). Moss is in the same category — a SaaS "virtual sysadmin" targeting freelancers and agencies, supporting PHP, Laravel, Symfony, WordPress, and Node.js on Ubuntu servers, with plans from $9 to $49/month and a limited free tier (capped at 25 git deploys/month).

Both Ploi and Moss trade a monthly fee and SaaS dependency for a polished GUI and built-in monitoring. Cipi trades the GUI for zero cost, open source code, full CLI control, a complete REST API, native GitHub & GitLab deployment integration, a dual MCP server (per-app and global) for AI-driven management, AES-256-CBC encryption at rest for all configs, and built-in encrypted server-to-server sync for automated failover replication. Notable differences: Moss is not Laravel-exclusive (no built-in Deployer, no artisan shortcuts) and its free tier imposes a deploy quota that runs out quickly on active workflows — Cipi has no deploy limits. On data sovereignty: Ploi is EU-based (Netherlands) and natively GDPR-compliant, which is a genuine advantage over US-based alternatives. Cipi goes further — no infrastructure data leaves your VPS at all, and all configs are encrypted on disk. Neither Ploi nor Moss offer config encryption at rest or built-in server sync. Ploi is the better choice if you want a Forge-like experience at a lower price point. Both remain the right choice over Cipi if your team prefers a GUI and does not need CLI-first pipeline automation or AI integration.

Cipi vs RunCloud

RunCloud is a PHP-oriented SaaS control panel that supports Nginx and Apache, multiple PHP versions, and basic deployment scripts. It is popular for WordPress and generic PHP apps and costs $12–18/month per server.

RunCloud is not Laravel-native: it has no built-in Deployer integration, no artisan shortcut commands, no automatic Supervisor configuration for Laravel queues, and no understanding of Laravel's shared directory structure. Deploying a Laravel app on RunCloud requires manual configuration of many pieces that Cipi handles automatically. If you are deploying Laravel exclusively, Cipi gives you far more out of the box at zero cost.

Cipi vs CloudPanel

CloudPanel is a free, open-source panel supporting PHP, Node.js, Python, and static sites. It is well-maintained, has a polished UI, and includes a CLI. It is a genuinely good option for teams that need to host a mix of application types on the same server.

The key difference is focus: CloudPanel is a generic multi-stack panel; Cipi is a Laravel-only tool. CloudPanel has no Deployer integration, no artisan commands, no automatic queue worker setup, and no webhook deploy system designed for Laravel. The CloudPanel CLI covers server administration but not Laravel application lifecycle management. If you only deploy Laravel, Cipi's opinionated approach gives you a faster, cleaner experience. If you also need to host Node.js, Python, or WordPress alongside Laravel, CloudPanel is the more appropriate choice.

Cipi vs Vito Deploy

Vito Deploy is a free, open-source, self-hosted server management tool with a clean GUI dashboard, built with Laravel and htmx. It supports PHP (including Laravel and WordPress), MySQL, MariaDB, and PostgreSQL, and includes SSL management, firewall configuration, background workers, cron jobs, server monitoring, team collaboration, custom workflows, plugins, and an API.

Vito Deploy and Cipi share the same philosophy: free, open source, and self-hosted — no SaaS dependency. The key differences are in approach and depth:

GUI vs CLI — Vito Deploy is GUI-first with a web dashboard; Cipi is CLI-first with no GUI. If your team prefers a visual interface, Vito Deploy is a strong fit. If you need scriptable, pipeline-ready automation, Cipi is the better choice.
AI integration — Cipi provides a dual MCP server (per-app and global) for AI-driven infrastructure management from any MCP-compatible IDE or agent. Vito Deploy has no MCP or AI integration.
CLI automation — Cipi is entirely operable over SSH with composable shell commands that can be chained in pipelines, triggered by webhooks, or run from GitHub Actions. Vito Deploy is primarily operated through its web dashboard.
Native Git deploy — Cipi provides automatic webhook-driven zero-downtime deployment integration with both GitHub and GitLab, configured in a single command.
Encryption at rest — All Cipi configuration files are encrypted with AES-256-CBC via the Vault system. Vito Deploy does not advertise config encryption at rest.
Server sync — Cipi includes built-in encrypted server-to-server sync with cipi sync push for automated failover replication. Vito Deploy has no equivalent feature.
Infrastructure footprint — Vito Deploy requires a dedicated VPS or environment to host its own dashboard (it is a full Laravel application with a database). Cipi is a single binary that runs directly on the same VPS as your applications — no additional server, no separate database, no extra infrastructure to maintain or secure.

Vito Deploy is a genuinely good alternative in the free/OSS self-hosted space. If you want a GUI dashboard with team collaboration and monitoring, and don't need CLI-first automation or AI integration, Vito Deploy is worth evaluating.

Cipi vs ServerPilot

ServerPilot is a PHP/WordPress-focused SaaS panel ($12–49/month) that automates PHP-FPM and Nginx setup. It has no Laravel-specific tooling, no CLI for application management, and no zero-downtime deploy system. It is primarily aimed at WordPress developers who want automated PHP updates without thinking about server internals. For Laravel developers, it offers little value over Cipi at significant ongoing cost.

Cipi vs GridPane, xCloud, ServerAvatar

These three panels are focused on WordPress and WooCommerce, not PHP in general and certainly not Laravel specifically. They optimize for WordPress-centric workflows (staging clones, multisite, Redis object cache for WP, Cloudflare integration for WordPress). None of them have Laravel-specific tooling. If your workload is WordPress, evaluate them on their own merits. If your workload is Laravel, they are not the right category of tool.

Cipi vs cPanel & Plesk

cPanel and Plesk are traditional hosting control panels designed for shared hosting resellers: they manage email accounts, FTP, DNS zones, databases, and multiple customer websites on one machine. They are expensive (cPanel starts at $20+/month per server, Plesk similarly), GUI-only, built around Apache by default, and carry enormous complexity — most of which is irrelevant when deploying a single-stack Laravel application.

They are the right tool for hosting providers that sell shared hosting accounts to non-technical customers. They are the wrong tool for a development team that owns its own VPS and deploys Laravel apps. Cipi is purpose-built for the latter scenario at zero cost.

Cipi vs Webmin

Webmin is a free, open-source, browser-based interface for low-level Unix system administration — managing users, cron jobs, packages, firewall rules, services, and disk usage through a GUI rather than the shell. It is not a hosting panel or a deployment tool; it is a remote administration console for sysadmins. Virtualmin is the hosting-focused module built on top of Webmin.

Webmin and Cipi solve entirely different problems. Webmin lets you administer a server; Cipi lets you deploy and manage Laravel applications on a server. They are not mutually exclusive — you could technically run both on the same machine — but Cipi's CLI replaces any need for a GUI-based admin console for the tasks it covers (app creation, deploys, PHP management, firewall, SSL, backups). Webmin has no Laravel awareness: no Deployer, no artisan, no queue workers, no zero-downtime release management.

If your team needs a point-and-click interface for general server maintenance (editing /etc/hosts, managing system users, reviewing logs visually), Webmin is a reasonable complementary tool. For Laravel deployments specifically, Cipi is more capable and requires no browser or active session.

Cipi vs Virtualmin, ISPConfig, Froxlor, Ajenti

These are free, open-source hosting panels designed for ISPs, hosting resellers, and system administrators managing many tenants on a single machine. They all share similar characteristics: email servers (Postfix/Dovecot), DNS (BIND), FTP (ProFTPD/vsftpd), multiple virtual host management, and complex multi-user permissions. They are powerful but have steep learning curves and are designed for environments far more complex than a dedicated Laravel application server.

None of them have Laravel-specific tooling. None of them integrate with Deployer. None of them are CLI-first in the sense that every operation can be scripted. For a team deploying Laravel exclusively, they are overbuilt and underspecialized compared to Cipi.

Cipi vs HestiaCP & VestaCP

VestaCP has been effectively abandoned since 2019. HestiaCP is its active community fork — free, open source, and maintained. It is a lighter alternative to cPanel for generic hosting (email, FTP, DNS, multiple PHP versions). Like the other traditional panels, it has no Laravel-specific tooling: no Deployer, no queue workers managed automatically, no artisan integration. Its primary audience is small hosting businesses or individuals who want a GUI for managing multiple websites on one server across multiple stacks. If you only deploy Laravel, Cipi is the more focused and simpler option.

Cipi vs aaPanel

aaPanel (also known as BaoTa Panel) is a free panel of Chinese origin, widely used in the Asia-Pacific region. It supports LNMP/LAMP stacks, Node.js, Docker, and various database engines through a plugin system. It is genuinely capable and has a large user base, but it is a generic multi-stack tool with a GUI-centric philosophy and no Laravel-native automation. Server communication is managed through the panel's own agent, creating a dependency on the panel's infrastructure similar to SaaS tools. For Laravel-specific, CLI-driven deployments, Cipi is a cleaner fit.

Cipi vs CentOS Web Panel (CWP / AlmaLinux Web Panel)

CentOS Web Panel — now repositioned around AlmaLinux — is a traditional hosting panel historically tied to the RHEL ecosystem. Cipi targets Ubuntu exclusively, which is the dominant OS for modern Laravel deployments and where the ondrej/php PPA gives access to all PHP versions from 7.4 to 8.5 within hours of release. Beyond the OS mismatch, CWP is a generic panel with no Laravel tooling and significant complexity overhead for a single-application Laravel server.

Cipi vs ZPanel

ZPanel is effectively unmaintained and should not be used for new deployments. It is included here only because it appears in comparisons on the web. Choose any of the other options listed on this page instead.

Privacy, GDPR, and data sovereignty

This dimension is rarely discussed in tool comparisons but is legally significant for teams that process personal data — EU-based companies, healthcare, fintech, or any product subject to GDPR, HIPAA, or local data protection regulations.

SaaS panels and data residency

When you connect a server to a SaaS panel (Forge, Ploi, RunCloud, ServerPilot, xCloud, GridPane, ServerAvatar), you are providing that service with data about your infrastructure: server IP addresses, hostnames, deployment credentials, environment variable names, and in some cases SSH private keys or deploy tokens. The SaaS provider stores and processes this data on their own infrastructure, which may be located in jurisdictions outside the EU.

Laravel Forge is operated by Laravel LLC, a US company. Data is processed under US law. Under GDPR, Forge acts as a data processor for your infrastructure data, which requires a signed Data Processing Agreement (DPA). As of 2025, Forge provides a DPA on request, but the data remains on US-based servers.
Ploi is operated by WebBuilds B.V., a Dutch company — EU-based and natively subject to GDPR. This makes it the most compliant SaaS option in this list for EU teams. Data is hosted in Europe.
RunCloud, ServerPilot, GridPane, ServerAvatar, xCloud are primarily US or non-EU companies. Their data residency and DPA availability varies; check each provider's privacy policy and DPA status before using them with data subject to GDPR.
aaPanel is of Chinese origin. Its privacy policy and data handling are subject to Chinese law, including the Personal Information Protection Law (PIPL) and the Data Security Law (DSL), which in certain circumstances allow Chinese government access to data stored on Chinese-operated systems. For EU teams or teams processing sensitive data, this is a significant compliance consideration.
Vito Deploy is self-hosted — like Cipi, no infrastructure data leaves your VPS. From a GDPR perspective, Vito Deploy shares the same advantage: no third-party data processor for server management. However, Vito Deploy does not advertise encryption at rest for configuration files, whereas Cipi encrypts all configs with AES-256-CBC via the Vault system.

Cipi: self-contained, zero data exfiltration

Cipi is installed directly on your VPS and operates entirely within your own infrastructure. It does not phone home, it does not send telemetry, and it does not contact any external service during normal operation (the only external calls are to GitHub for self-updates and to Let's Encrypt for SSL certificates — both are standard and optional). No server metadata, no credentials, no application data ever leaves your machine.

From a GDPR perspective, this means:

No third-party data processor for infrastructure management — you are the sole data controller and processor for your server management operations.
No DPA required with Cipi itself (there is no Cipi company processing your data).
Full data sovereignty — your server data stays in the jurisdiction where your VPS is hosted, which you choose freely (Hetzner DE, OVH FR, AWS eu-central-1, etc.).
Easier audit trails — every Cipi action is logged locally in /var/log/cipi/cipi.log, accessible only to you, not to a third-party dashboard.

For EU companies processing personal data, teams operating under ISO 27001 or SOC 2 requirements, or any project subject to data residency rules, Cipi's self-contained model eliminates an entire category of third-party data processor risk that SaaS panels introduce by design.

When to choose Cipi

You deploy Laravel — Cipi is designed primarily for Laravel, with custom app support for static sites, SPAs, WordPress, and other PHP projects.
You want zero monthly panel cost — one server or fifty, the price is the same. and you don't need a commercial support contract
You need full CLI and pipeline automation — every Cipi operation is scriptable over SSH.
You need native Git deploy — automatic deployment integration with GitHub and GitLab, with webhook-driven zero-downtime releases.
You need a REST API — full programmatic control over hosts and applications for integration with external tools, dashboards, and custom workflows.
You need AI-driven management — Cipi's dual MCP server (per-app and global) enables creating, deploying, modifying, deleting, and managing SSL certificates across all applications from any MCP-compatible AI IDE or agent.
You want no external dependency — the panel lives on your VPS and works independently of any SaaS.
You value open source and auditability — every line of Cipi is readable, forkable, and MIT-licensed.
You need GDPR / data sovereignty compliance — no infrastructure data leaves your VPS, no third-party data processor, no DPA required.
You need encryption at rest — all configuration files, credentials, and SSH keys are encrypted with AES-256-CBC via the Vault system. Sync archives are also encrypted with a user-defined passphrase.
You need server-to-server sync and replication — cipi sync push enables automated failover replication via cron, with encrypted transfer and incremental updates.