About Cipi
History
Cipi was created by Andrea Pollastri, a software developer since 2005 specialising in Laravel, system administration, and cybersecurity — with experience at companies like Docebo and Musement. He built Cipi out of a practical need: a fast, scriptable way to provision and deploy Laravel applications on his own VPS, without handing control to a SaaS panel. What started as a private tool became an open-source project that grew to over 1,000 GitHub stars and hundreds of active deployments worldwide. Here is a brief account of how it evolved across six years and four major versions.
The idea
A collection of shell scripts to automate the tedious parts of setting up a Laravel server on a fresh Ubuntu VPS — Nginx, PHP, MariaDB, Supervisor. No web UI, no package. Just bash.
First release — Laravel panel
The shell scripts were wrapped in a Laravel web application acting as a server control panel. Users could create apps, manage deployments, and configure Nginx through a browser UI hosted on the same server. The project was published on GitHub and quickly attracted interest from the Laravel community.
Feature growth
A year of rapid iteration added SMTP configuration, local database backups, PHP-FPM permission fixes, server service management, and root password reset. The v2 series reached 2.4.9 across dozens of patch releases, establishing Cipi as a stable option for small-team Laravel hosting.
The big leap — API, PHP 8, real-time UI
Built on Laravel 8, v3 introduced a fully documented REST API (Swagger / OA), PHP 8 support, real-time CPU/RAM charts, a Cronjob editor, Supervisor management, a GitHub repository manager, Node 15, Composer 2, and JWT authentication. Cipi could now manage the same server it ran on. The project reached 1k GitHub stars.
The last web UI — and a question
PHP 8.1 became the default version. Node was upgraded to v16, Certbot was refreshed, and domain alias handling was fixed. The v3.1.x series was the most polished release of the web-UI era and many teams kept it running in production for years.
It was also the version that prompted a harder question: was a browser-based control panel still the right interface? Modern development workflows had moved toward SSH, CI/CD pipelines, GitOps, and — increasingly — AI agents that could orchestrate infrastructure through shell commands. A web UI required authentication, a running Laravel process, and a database just to issue a deploy. A CLI needed none of that. The answer shaped everything that came next.
The rewrite — CLI-first, Laravel-exclusive
After years of maintaining a full Laravel web application as the control plane, v4 made
the boldest decision yet: drop the web UI entirely. Cipi became a pure
CLI tool operated over SSH. The scope also narrowed from generic PHP to Laravel
exclusively, allowing every part of the stack to be optimised for one
framework. MySQL was replaced by MariaDB 11.4, git pull
was replaced by Deployer zero-downtime releases, shared deploy keys
became per-app ed25519 keys, and S3 automated backups and
native webhook support for GitHub and GitLab were added from day one. v4 also introduced
a complete REST API for programmatic management of hosts and
applications, native integration with GitHub and GitLab git providers,
a groundbreaking dual MCP server architecture — one per-app and one
global — enabling full AI-driven infrastructure management directly from any
MCP-compatible IDE or AI agent, encrypted server sync for
migrating apps between VPS instances, and a built-in database
anonymizer for GDPR-safe data exports. The result is the version you are
using today.
cipi db commands (validate_db_name() in every
_db_* function) and PHP code injection via
cipi app create --repository= / --branch= and
cipi app edit (validate_git_branch() and
validate_git_repository() before values are written to
deploy.php; no migration required). The 4.7.x series
introduced the optional web control panel
(cipi gui, 4.7.0), moved cipi/gui to its
own GitHub repository (4.7.5), and shipped GUI hardening plus
cipi app logs read through 4.7.11 (setup post-install
guide for the Panel API and Web GUI). 4.6.7 fixes fresh installs when
unattended-upgrades holds the apt lock (waits up to 300s via
DPkg::Lock::Timeout, cipi_wait_for_dpkg_lock for the Sury
keyring, migration 4.6.7 for existing servers). 4.6.6 fixes fresh
installs on Ubuntu 26.04 when MariaDB.org and PHP third-party repos
have no resolute suite yet (unified APT probing via
lib/php-apt.sh). 4.6.3–4.6.5 added granular
cipi notifications, nightly panel API updates, canonical token abilities
for cipi api token create, and self-update reliability fixes.
4.6.2 adds primary domain rename via
cipi app edit --domain= (promotes the new domain, moves the old primary
to aliases, refreshes Nginx, APP_URL, webhooks, and Let's Encrypt when
applicable). The panel API package (cipi/api) is at
1.11.8: GET /api/status, MCP tools for job polling
(JobShow), app and panel logs, Artisan, and server monitoring
(ServerStatus, ServiceList), plus
mcp-access-only authorization on /mcp and production log
redaction. Fresh installs via
setup.sh accept Ubuntu 24.04 or 26.04 only (exact
VERSION_ID match; interim releases are rejected). 4.6.1
raised the Composer floor to 2.10.1+ on install and
self-update. Releases
4.5.10–4.5.12 fixed setup on Ubuntu 26.04 (nginx
sites-available layout, MariaDB.org and PHP APT probing with
packages.sury.org when Launchpad has no suite).
4.5.9 added app suspend / unsuspend (takes an app
offline behind a generic HTTP 503 maintenance page without deleting it), wired into
the REST API, MCP server, and WHMCS module.
v4.5.6–4.5.7 replaced Redis with
Valkey, the BSD-licensed open-source fork, with an
automatic, self-healing Redis → Valkey migration on self-update.
v4.5.5 added the global
cipi domains map (every domain and alias across all apps in one table)
and an ll shell alias for app users. v4.5.4 bundled
Deployer 8, so new PHP installs are restricted to
8.3, 8.4 and 8.5 (with a deploy-time guard for apps still pinned to
older versions). Recent point releases also added HTTP basic auth for
apps (cipi basicauth enable/disable/status, 4.5.2) and hardened
the panel API against the self-update permission reset that caused intermittent
HTTP 500s (4.5.3).
The GUI returns — this time, optional
Dropping the web UI in v4 was the right call: it made Cipi lean, scriptable, and
AI-native. But the question from the v3.1 era never fully closed — some teams and
agencies genuinely wanted a browser dashboard, for themselves and for their clients.
v4.7 answered it without walking back a single principle: an optional
web control panel, installed with one command (cipi gui <domain>) and
removed just as easily. It is a separate Laravel 12 package
(cipi/gui) that talks to your servers over the same REST API — a thin
visual layer, not a new control plane. Install it if you want it; skip it and Cipi is
exactly the pure CLI it was in v4. The default install still ships no web surface at
all. See the Control Panel docs.
Security Model
SSH hardening
During installation, Cipi creates groups cipi-ssh and cipi-apps and applies
the following SSH architecture:
| User | Access | Method |
|---|---|---|
root |
blocked | PermitRootLogin no |
cipi |
key-only | group cipi-ssh, PasswordAuthentication no globally |
| app users | user + password | group cipi-apps, Match Group cipi-apps →
PasswordAuthentication yes
|
sshd_config uses AllowGroups cipi-ssh cipi-apps instead of
AllowUsers. App users can connect with ssh myapp@server-ip and the
password generated at app creation. Admin access is via public-key as cipi. SSH keys
are managed with cipi ssh list / add / remove — see SSH Key
Management.
SSH key management & notifications
Authorized keys for the cipi user can be managed via the CLI with built-in safety:
format validation, duplicate prevention, current-session protection, and last-key protection to
avoid lockout. When SMTP is configured, every key addition, removal, or rename triggers an email
alert with hostname, IP, fingerprint, timestamp, and remaining key count. Rename alerts also
include the old and new key name.
Privilege escalation prevention
Application users are restricted from using su to escalate privileges to
root or the cipi account. This is enforced via
pam_wheel.so group=sudo, ensuring that only members of the sudo group
can switch users.
Sudoers hardening
The www-data user (used by Nginx and PHP-FPM) has its sudoers access
restricted to an explicit command whitelist instead of a wildcard pattern. Only the specific
/usr/local/bin/cipi subcommands required by the API are allowed. This prevents
www-data from running arbitrary commands even if the web application is
compromised.
API command whitelist
The Cipi API validates every CLI command against an internal whitelist before executing it via
sudo. Commands not on the whitelist are rejected, preventing command injection
through the API layer.
User isolation
Each app runs under its own Linux user with chmod 750 on the home directory. No app can
read another app's files. PHP-FPM runs each app's pool as the app user with its own Unix socket.
PHP open_basedir
open_basedir is configured per FPM pool to restrict PHP to the app's home directory.
Even if an app is compromised, PHP cannot access the filesystem outside its own home.
Database isolation
Each app has its own MariaDB database and user with GRANT ALL restricted to that
database only. A compromised app cannot read or write to another app's database.
Per-app SSH deploy keys
Each app gets its own ed25519 SSH key pair. A compromised deploy key only affects one repository — not all apps on the server.
Webhook security
GitHub webhooks are verified using HMAC-SHA256 signatures. GitLab webhooks use token comparison. The webhook handler in cipi-agent returns 200 immediately and writes a flag file — Deployer runs separately as the app user with no elevated privileges.
Configuration encryption (Vault)
All Cipi configuration files — server.json, apps.json,
databases.json, backup.json, smtp.json,
api.json — are encrypted at rest using AES-256-CBC via the built-in
Vault system. A per-server master key (/etc/cipi/.vault_key, chmod 400)
ensures that even if an attacker gains read access to the filesystem, configuration files containing
database passwords, API tokens, and credentials are unreadable without root privileges. See
Vault & Encryption for the full architecture.
Encrypted sync archives
When transferring applications between servers via cipi sync, the entire archive —
including .env files, SSH keys, database dumps, and configuration — is encrypted with
AES-256-CBC using a user-provided passphrase. Archives use the .tar.gz.enc extension
and cannot be read without the passphrase. This protects sensitive data both at rest (on disk) and
in transit (during rsync/scp transfer). See Sync for details.
GDPR-compliant log retention
Cipi enforces automatic log rotation: application and security logs are retained for 12 months, while HTTP/navigation logs (which contain IP addresses — personal data under GDPR) are retained for 90 days. This satisfies the GDPR data minimization principle while preserving enough history for debugging and audit trails. See Log retention for the full policy.
Auth & key notifications
Cipi monitors privileged authentication events via PAM (pam_exec.so) and sends
real-time email alerts when a user elevates via sudo or su, or when
root/sudoers log in via SSH. SSH login notifications include the key fingerprint and
comment (resolved by matching the /var/log/auth.log fingerprint against
authorized_keys), so you can immediately identify which key was used to access the
server. Email alerts are also sent when SSH keys are added to, removed from, or renamed on the
cipi user, and when apps are created, edited, or deleted. Notifications include
contextual details (username, TTY, source IP, fingerprint, key comment, key count) and run
asynchronously to avoid login delays. All events are also logged to
/var/log/cipi/events.log regardless of SMTP. Email alerts require SMTP configured —
fails silently otherwise. See Email Notifications for setup.
No web panel by default
A default Cipi install has no web interface — no attack surface from an admin panel, and all
management happens over SSH as the cipi user using the cipi CLI. The
web control panel is strictly opt-in: install it only if you want a browser
dashboard. When you do, it runs as an isolated, self-hosted Laravel app confined with
open_basedir; leave it out and there is no web surface at all.
Nginx default virtual host
The Nginx default virtual host uses a rewrite rule to serve a minimal "Server Up" page
for all requests to unconfigured domains or direct IP access. This reliable catch-all prevents Nginx
from exposing its version number in default error pages.
Network
UFW blocks all ports by default except 22, 80, and 443. Fail2ban monitors SSH with
progressive banning: a 24-hour base ban that doubles on each repeat offence (7-day
cap), with only 3 retries allowed before a ban. A dedicated recidive jail catches
repeat offenders — 3 bans within 24 hours triggers a 7-day block. Use
cipi ban list and cipi ban unban to inspect and manage bans from the CLI.
Automatic OS security updates
Cipi enables unattended-upgrades during installation, so the underlying Ubuntu system applies security patches automatically — without any manual intervention. Only security-classified updates are installed unattended; major version upgrades require explicit confirmation.
You can verify and manage the configuration at any time:
# check unattended-upgrades status $ systemctl status unattended-upgrades # view the upgrade log $ cat /var/log/unattended-upgrades/unattended-upgrades.log # force an immediate unattended upgrade run $ unattended-upgrade --debug --dry-run
sudo reboot.
Why not local?
Cipi is a production server provisioner. It is designed to turn a fresh Ubuntu VPS into a live, internet-facing Laravel host — not to run on your laptop, inside a local Docker container, or behind a home NAT.
This is explicit in the requirements and is not a bug or missing feature. Cipi needs a server that is:
- Reachable from the public internet — with a routable public IPv4 address, not hidden behind NAT (home router, corporate firewall, or NAT-only cloud tiers)
- Running on real hardware or full KVM — not on shared-kernel virtualization (OpenVZ, LXC) or desktop container runtimes that emulate a Linux VM on your machine
- Accessible on ports 22, 80, and 443 — Let's Encrypt HTTP validation, Nginx vhosts, and SSH deploy workflows all assume inbound traffic can reach the host
Not compatible with local dockerization
Cipi is not compatible with local dockerized environments. Tools like Docker Desktop, OrbStack, Colima, and similar runtimes give you a Linux VM behind NAT on your Mac or Windows machine — no public IP, no inbound routing from the internet, and often a shared kernel under the hood. The Cipi installer may finish, but the result is not a production server:
- SSL will not work — Certbot cannot complete Let's Encrypt validation when the host is not reachable on port 80 from the internet
- Domains will not resolve — there is no public endpoint for DNS to point to
- Deploy and webhook flows break — Git providers, CI runners, and external services cannot reach a NAT-ted local VM
Industry-standard constraint
No production server provisioner supports NAT-ted local environments. Commercial panels and open-source tools alike require a public, internet-accessible host — this is how SSL, domain routing, and remote deploy pipelines work. Cipi follows the same rule.
The difference is what Cipi does not ask for: no proprietary agent daemon, no dedicated outbound port to an external control panel, and no mandatory cloud account. Cipi runs entirely on your server — you SSH in and use the CLI. The public-internet requirement is about network topology, not about tying you to a SaaS vendor.
What to use locally instead
For local Laravel development, use Laravel Sail, Laravel Herd, or a plain composer install with
php artisan serve. Provision a cheap VPS with Cipi when you need a real staging or
production environment.
Why MariaDB?
Cipi uses MariaDB instead of MySQL for several reasons:
- Drop-in replacement — Laravel doesn't notice the difference. Same PDO driver, same SQL syntax, same migration files.
- Better performance — more advanced query optimizer and native thread pool in the community edition.
- Clean licensing — pure GPL, no Oracle involvement.
- Native on Ubuntu — installs from the default Ubuntu repositories without external PPAs.
- Auto-tuned — Cipi configures
innodb_buffer_pool_sizebased on your server's RAM (256M for 1 GB RAM, up to 4 GB for 16 GB+ servers).
Why Valkey?
Cipi uses Valkey instead of Redis for several reasons:
- Drop-in replacement — same RESP protocol on port
6379, samephpredisextension, sameREDIS_*.envkeys. Laravel doesn't notice the difference. - Truly open source — BSD-licensed fork stewarded by the Linux Foundation, created after Redis Inc. moved to the source-available SSPL / RSALv2 in 2024.
- Native on Ubuntu — ships in Ubuntu 24.04's Universe repository
(
valkey-server+valkey-tools) without third-party PPAs. - No vendor lock-in — aligns with Cipi's MIT, self-hosted philosophy: free forever, backed by AWS, Google Cloud, Oracle, and a large community.
- Auto-migrated — existing servers switch from Redis to Valkey automatically on
cipi self-update, reusing the same password and dataset with zero app changes.
Why Laravel?
When v4 was designed, one of the clearest decisions was to drop generic PHP and WordPress support entirely and go all-in on a single framework. That framework was Laravel — and the reasoning goes well beyond personal preference.
Speed of development
Laravel gives developers an extraordinary head start. Authentication, queues, scheduled tasks, file
storage, email, notifications, API resources, database migrations — all of it is built in,
consistent, and documented. A team can go from an empty project to a production-ready application in
a fraction of the time it would take with a lower-level stack. For Cipi, this means that every
deployment assumption — directory layout, .env handling, queue workers, the scheduler —
maps cleanly to a known structure. There is no guesswork.
A thriving open-source community
Laravel has one of the most active and welcoming communities in the PHP world. Packages are published, maintained, and discussed daily on GitHub, Laracasts, Discord, and X. When you hire a Laravel developer, you get someone who already knows the conventions, the tooling, and the ecosystem. When you publish a Laravel package, it reaches tens of thousands of developers overnight. That network effect is genuinely valuable — and it is one of the reasons Cipi's companion package, cipi-agent, works so well: drop it into a Laravel app and it just fits.
Security by default
Laravel takes security seriously out of the box. CSRF protection, SQL injection prevention through the query builder, XSS mitigation via Blade's auto-escaping, rate limiting, signed URLs, encrypted cookies — these are not add-ons you wire together, they are the defaults. The framework's release cycle includes prompt security patches, and the team publishes clear upgrade guides. For production applications that handle real users and real data, that reliability matters enormously.
Longevity and support
Every major Laravel version receives bug fixes for 18 months and security fixes for two years after release. LTS versions extend that further. Taylor Otwell and the core team have maintained a consistent, principled release cadence since 2011 — a track record that is rare and genuinely reassuring for long-term projects. When you deploy on Cipi, you are not betting on a framework that might be abandoned next year.
The Laravel ecosystem
Laravel does not stand alone. Around it has grown an ecosystem of first-party and community tools that are among the best in the industry:
- Livewire — full-stack reactive components without leaving PHP
- Filament — a stunning admin panel and form builder built on Livewire
- Inertia.js — the bridge between Laravel and modern front-end frameworks (Vue, React, Svelte)
- Laravel Horizon — a beautiful dashboard for monitoring Valkey/Redis queues
- Laravel Telescope — an elegant debug assistant for local and staging environments
- Laravel Octane — supercharges application performance with FrankenPHP, Swoole, or RoadRunner
- Pest — a delightful PHP testing framework with a Laravel-native plugin
- Laracasts — the best screencasts in PHP, period
These tools do not just exist — they are actively developed, widely adopted, and genuinely fun to use. The Laravel world has a rare quality: it manages to be both opinionated enough to feel cohesive and flexible enough to stay out of your way when you need it to.
Ship or die
Taylor Otwell, the founder of Laravel, has a mantra that resonates far beyond the framework: "we must ship." It is a simple statement, but it encapsulates an entire philosophy — that code only has value when it reaches users, that perfectionism is the enemy of progress, and that the best developers are the ones who find ways to move forward even when the conditions are not ideal.
The broader tech world has its own, blunter version: ship or die. Build something real, put it in front of people, learn, and iterate — or watch it slowly become irrelevant in a drawer. Laravel's entire ecosystem is built around that spirit. The framework reduces friction, the community celebrates releases, and the tooling rewards velocity. Cipi exists for the same reason: to remove the server management friction that stands between a developer and a live, deployed application.
If you are reading these docs, you are probably a developer who wants to build things, not babysit infrastructure. That is exactly the kind of developer Cipi was made for.
Why "ci-pi"?
Cipi is the Italian reading of the letters C and P — which stand for Control Panel. It is a quiet nod to the project's Italian roots and to the fact that, underneath all the CLI commands, Cipi is doing exactly what a control panel does: managing Nginx, PHP-FPM, MariaDB, Supervisor, Certbot, and UFW on your behalf — just without the browser tab.
The name also carries a deliberate lightness. Server management tools tend to take themselves very seriously. Cipi does not. It is a tool built by a developer for developers, with the goal of getting out of the way as quickly as possible.
The mascot
The Cipi mascot is a penguin — an intentional reference to Tux, the official Linux mascot created by Larry Ewing in 1996. Where Tux is polished and iconic, the Cipi penguin is drawn in a minimal, hand-sketched line style: same species, different attitude. Think of it as Tux's quieter sibling who prefers the terminal over the spotlight.
The illustration is rendered as a pure SVG using the project's accent color, so it adapts naturally to light and dark mode and scales to any size without losing quality.
Cipi vs alternatives
There are many tools for provisioning and managing web servers. This page explains where Cipi sits in that landscape and why you might — or might not — choose it over each category. The comparison is focused on seven axes: AI integration (dual MCP server — per-app and global), native Git deploy (GitHub & GitLab), REST API, CLI-first automation, encryption at rest (Vault), GDPR compliance, and total cost of ownership.
Looking for a specific head-to-head? See the dedicated comparison pages: Laravel Forge alternative, Laravel Cloud alternative, Ploi alternative, Cleavr alternative, moss.sh alternative, Kamal alternative, RunCloud alternative, ServerPilot alternative, CloudPanel alternative, Coolify alternative, Dokku alternative, Easypanel alternative, Vito Deploy alternative, cPanel alternative, DirectAdmin alternative, Plesk alternative, plus in-depth sections on HestiaCP & VestaCP, aaPanel, and GridPane, xCloud & ServerAvatar — or browse them all on the alternatives overview.
| Tool | AI ready (MCP) | CLI / automation | Free / OSS | No SaaS dep. |
|---|---|---|---|---|
| Cipi | ||||
| Laravel Cloud | partial | usage-based | ||
| Laravel Forge | partial | $12–19/mo | ||
| Ploi | partial | €8–30/mo | ||
| moss.sh | limited free / $9–49/mo | |||
| Cleavr | partial | ~$8+/mo | ||
| Kamal | ||||
| Dokku | ||||
| Easypanel | partial | |||
| RunCloud | $12–18/mo | |||
| CloudPanel | partial | |||
| Coolify | partial | |||
| ServerPilot | $12–49/mo | |||
| HestiaCP / VestaCP | ||||
| cPanel / Plesk | $20+/mo | |||
| DirectAdmin | $2–29/mo | |||
| aaPanel | ||||
| Vito Deploy | ||||
| GridPane / xCloud / ServerAvatar |
Cipi vs Laravel Cloud
Laravel Cloud is the Laravel team's fully-managed deployment platform — a Platform-as-a-Service that runs your application on dedicated AWS infrastructure with one-click autoscaling, managed databases (MySQL / serverless Postgres), Valkey cache, object storage, an edge network with DDoS protection, automatic SSL, and scale-to-zero compute. You connect a Git provider, pick a repo, and deploy in under 60 seconds — with no servers to manage. It is the opposite end of the spectrum from Cipi: where Cipi gives you full ownership of a VPS you control, Cloud abstracts the server away entirely in exchange for a usage-based bill.
Where Cipi wins:
- Cost & predictability — Cloud is usage-based: you pay for compute, databases, cache, bandwidth, and storage as you consume them (after the $5 monthly credit). Costs scale with traffic and can be hard to predict. Cipi is free for every server you own, for life — your only cost is the VPS itself, at a fixed, predictable price.
- You own the server — Cloud runs on infrastructure managed entirely by Laravel on AWS; you never get root, SSH, or control over the underlying machine. Cipi runs on your own VPS at any provider (Hetzner, OVH, DigitalOcean, AWS, bare metal) with full root access and complete control over the stack.
- No SaaS dependency — Cloud is a hosted platform: if you stop paying, your apps stop running, and management depends on a reachable cloud.laravel.com. Cipi lives entirely on your VPS and works independently of any external service.
- No vendor lock-in — Cloud ties your deployment, databases, queues, and storage to its managed AWS environment. Migrating away means re-architecting your infrastructure. Cipi uses standard Ubuntu, Nginx, PHP-FPM, MariaDB, and Supervisor — a portable stack you can move or reproduce anywhere.
- Open source — Cipi is MIT-licensed; you can read, audit, fork, and modify every line. Laravel Cloud is a proprietary, closed platform.
- CLI and pipeline automation — Cipi is entirely operable over SSH with composable shell commands that can be scripted, chained in a pipeline, triggered by a webhook, or run from a GitHub Action. Cloud exposes a Cloud API and deploy hooks, but day-to-day management is dashboard-centric.
- Dual MCP server — Cipi is the only server panel with a dual MCP architecture: a per-app MCP server and a global MCP server for creating, deploying, modifying, deleting, and managing SSL across all applications. Cloud offers an API that AI agents can call, but no native MCP integration for IDE- or agent-driven management.
- Encryption at rest — All Cipi configuration files (passwords, tokens, SSH keys) are encrypted with AES-256-CBC via the Vault system, on your own VPS. Cloud stores your credentials and environment variables on its managed infrastructure.
- GDPR / data sovereignty — Cipi runs entirely on a VPS in the region you choose, and no infrastructure data leaves your machine. Laravel Cloud is operated by a US company on AWS and processes your application and infrastructure data as a third-party processor — requiring a DPA and careful region selection for GDPR compliance.
- Server sync & replication — Built-in encrypted server-to-server sync with
cipi sync pushenables automated failover replication via cron between any two VPS instances. Cloud has no equivalent self-managed sync.
Where Laravel Cloud wins: zero server management, one-click autoscaling and scale-to-zero, managed databases and cache, a global edge network with DDoS protection, automatic SSL and load balancing, managed queues, and a polished dashboard — all without ever touching a server. If you want a true serverless-style experience, do not want to manage or own a VPS, and are comfortable with a usage-based bill, Cloud is the better choice. Cipi is for teams that want to own their infrastructure, control costs, and automate everything from the CLI.
Cipi vs Laravel Forge
Forge is the most direct competitor and the benchmark in the space — it is built by the Laravel team, mature, polished, and battle-tested at scale (970k+ servers, 56M+ deployments). It features a clean GUI, zero-downtime deployments, server monitoring, heartbeats, health checks, and integration with all major cloud providers (AWS, DigitalOcean, Hetzner, Vultr, and others).
Where Cipi wins:
- Cost — Forge costs starts at $12month per server. Cipi is free, for all your servers, for life.
- No SaaS dependency — Forge requires an active subscription and a reachable forge.laravel.com to manage your servers. If the service has downtime or you cancel, you lose the management interface. Cipi lives entirely on your VPS — it works independently of any external service.
- CLI and pipeline automation — Cipi is entirely operable over SSH with composable shell commands. Every operation can be scripted, chained in a pipeline, triggered by a webhook, or run from a GitHub Action. Forge's automation relies primarily on its GUI and deployment scripts.
- Open source — Cipi is MIT-licensed. You can read, audit, fork, and modify every line. Forge is proprietary.
- Simplicity — Forge has grown into a feature-rich platform. Cipi has a deliberately small surface area — one binary, a handful of commands, zero GUI.
- Native Git deploy (GitHub & GitLab) — Cipi provides automatic deployment integration with both GitHub and GitLab out of the box, with webhook-driven zero-downtime releases configured in a single command.
- REST API — Cipi exposes a full REST API for managing hosts and applications programmatically, enabling integration with external tools, dashboards, and custom workflows.
- Dual MCP server — Cipi is the only server panel with a dual MCP architecture: a per-app MCP server for managing a single application and a global MCP server for creating, deploying, modifying, deleting, and managing SSL certificates across all applications on the server. This enables full AI-driven infrastructure management from any MCP-compatible IDE or agent.
- Encryption at rest — All Cipi configuration files (passwords, tokens, SSH keys) are encrypted with AES-256-CBC via the Vault system. Forge stores server credentials on its own SaaS infrastructure; Cipi keeps everything encrypted on your VPS.
- GDPR / data sovereignty — Cipi runs entirely on your server. No infrastructure data is sent to any third party. Forge is operated by a US company and processes your server metadata under US law — requiring a DPA for GDPR compliance. With Cipi there is no third-party data processor to manage.
- Server sync & replication — Built-in encrypted server-to-server sync with
cipi sync pushenables automated failover replication via cron. Forge has no equivalent feature.
Where Forge wins: GUI, multi-cloud provisioning, teams, monitoring dashboards, heartbeats, health checks, and years of production hardening. If your team is not comfortable with SSH and prefers a visual interface, or if you need to manage servers across multiple cloud accounts, Forge is the better choice.
Cipi vs Ploi
Ploi is a SaaS server management panel with strong Laravel support, a clean UI, and a good set of features (zero-downtime deployments, automatic database backups, S3 file backups, Supervisor queue management, DNS management). It starts at €8/month per server (Basic) up to €30/month (Unlimited).
Ploi trades a monthly fee and SaaS dependency for a polished GUI and built-in monitoring. Cipi trades the GUI for zero cost, open source code, full CLI control, a complete REST API, native GitHub & GitLab deployment integration, a dual MCP server for AI-driven management, AES-256-CBC encryption at rest, and built-in encrypted server-to-server sync. On data sovereignty: Ploi is EU-based (Netherlands) and natively GDPR-compliant — a genuine advantage over US-based SaaS panels. Cipi goes further: no infrastructure data leaves your VPS at all. Ploi is the better choice if you want a Forge-like experience at a lower price point and prefer a GUI over CLI-first automation. For similar SaaS options see moss.sh and Cleavr.
Cipi vs RunCloud
RunCloud is a PHP-oriented SaaS control panel that supports Nginx and Apache, multiple PHP versions, and basic deployment scripts. It is popular for WordPress and generic PHP apps and costs $12–18/month per server.
RunCloud is not Laravel-native: it has no built-in Deployer integration, no artisan shortcut commands, no automatic Supervisor configuration for Laravel queues, and no understanding of Laravel's shared directory structure. Deploying a Laravel app on RunCloud requires manual configuration of many pieces that Cipi handles automatically. If you are deploying Laravel exclusively, Cipi gives you far more out of the box at zero cost.
Cipi vs CloudPanel
CloudPanel is a free, open-source panel supporting PHP, Node.js, Python, and static sites. It is well-maintained, has a polished UI, and includes a CLI. It is a genuinely good option for teams that need to host a mix of application types on the same server.
The key difference is focus: CloudPanel is a generic multi-stack panel; Cipi is a Laravel-only tool. CloudPanel has no Deployer integration, no artisan commands, no automatic queue worker setup, and no webhook deploy system designed for Laravel. The CloudPanel CLI covers server administration but not Laravel application lifecycle management. If you only deploy Laravel, Cipi's opinionated approach gives you a faster, cleaner experience. If you also need to host Node.js, Python, or WordPress alongside Laravel, CloudPanel is the more appropriate choice.
Cipi vs Vito Deploy
Vito Deploy is a free, open-source, self-hosted server management tool with a clean GUI dashboard, built with Laravel and htmx. It supports PHP (including Laravel and WordPress), MySQL, MariaDB, and PostgreSQL, and includes SSL management, firewall configuration, background workers, cron jobs, server monitoring, team collaboration, custom workflows, plugins, and an API.
Vito Deploy and Cipi share the same philosophy: free, open source, and self-hosted — no SaaS dependency. The key differences are in approach and depth:
- GUI vs CLI — Vito Deploy is GUI-first with a web dashboard; Cipi is CLI-first with no GUI. If your team prefers a visual interface, Vito Deploy is a strong fit. If you need scriptable, pipeline-ready automation, Cipi is the better choice.
- AI integration — Cipi provides a dual MCP server (per-app and global) for AI-driven infrastructure management from any MCP-compatible IDE or agent. Vito Deploy has no MCP or AI integration.
- CLI automation — Cipi is entirely operable over SSH with composable shell commands that can be chained in pipelines, triggered by webhooks, or run from GitHub Actions. Vito Deploy is primarily operated through its web dashboard.
- Native Git deploy — Cipi provides automatic webhook-driven zero-downtime deployment integration with both GitHub and GitLab, configured in a single command.
- Encryption at rest — All Cipi configuration files are encrypted with AES-256-CBC via the Vault system. Vito Deploy does not advertise config encryption at rest.
- Server sync — Cipi includes built-in encrypted server-to-server sync with
cipi sync pushfor automated failover replication. Vito Deploy has no equivalent feature. - Infrastructure footprint — Vito Deploy requires a dedicated VPS or environment to host its own dashboard (it is a full Laravel application with a database). Cipi is a single binary that runs directly on the same VPS as your applications — no additional server, no separate database, no extra infrastructure to maintain or secure.
Vito Deploy is a genuinely good alternative in the free/OSS self-hosted space. If you want a GUI dashboard with team collaboration and monitoring, and don't need CLI-first automation or AI integration, Vito Deploy is worth evaluating.
Cipi vs Coolify
Coolify is a free, open-source, self-hosted Platform-as-a-Service that deploys applications as Docker containers through a polished web dashboard. It supports PHP, Node.js, Python, static sites, databases, and many other services, with Git-based deployments, SSL, and the ability to manage remote servers from a single control plane. It has become one of the most popular tools in the self-hosting community.
Coolify and Cipi share the same foundation: free, open source, self-hosted, no SaaS subscription. The key differences are deployment model and focus:
- Docker vs native stack — Coolify is container-first: every application runs in Docker with Traefik or similar as a reverse proxy. Cipi installs a native Nginx + PHP-FPM + MariaDB + Supervisor stack directly on Ubuntu. For standard Laravel apps, Cipi avoids container overhead, simplifies debugging, and removes a layer of abstraction.
- GUI vs CLI — Coolify is GUI-first with a web dashboard for every operation. Cipi is CLI-first with no GUI. If your team prefers a visual interface and one-click service provisioning, Coolify is a strong fit. If you need scriptable, pipeline-ready automation, Cipi is the better choice.
- Laravel depth — Cipi is Laravel-first: Deployer integration, artisan shortcuts, automatic queue worker setup, webhook-driven zero-downtime releases, and the shared release directory structure are all built in. Coolify can host Laravel, but treats it as a generic PHP application with no Laravel-specific lifecycle management.
- AI integration — Cipi provides a dual MCP server (per-app and global) for AI-driven infrastructure management from any MCP-compatible IDE or agent. Coolify has no MCP or AI integration.
- Encryption at rest — All Cipi configuration files are encrypted with AES-256-CBC via the Vault system. Coolify does not advertise config encryption at rest.
- Server sync — Cipi includes built-in encrypted server-to-server sync with
cipi sync pushfor automated failover replication. Coolify has no equivalent feature.
Coolify is an excellent choice if you want a self-hosted PaaS with a web GUI, Docker-based deployments, and the flexibility to host many different stacks on the same platform. If you deploy Laravel exclusively and want CLI-first automation, native PHP performance, and Laravel-specific tooling, Cipi is the more focused option. See the dedicated Cipi vs Coolify comparison.
Cipi vs Kamal
Kamal (formerly MRSK) is a free, open-source (MIT) CLI tool from the 37signals/Basecamp team for deploying applications to any server via SSH and Docker. It is popular in the Laravel and Ruby on Rails communities for container-based zero-downtime deploys without a hosting panel. Kamal and Cipi share a CLI-first philosophy — but they solve different problems:
- Deploy tool vs full server panel — Kamal deploys containers to servers you already provisioned; it does not install Nginx, PHP, MariaDB, firewall rules, SSL, backups, or queue workers. Cipi is a complete server-management CLI that provisions the full production stack and manages the entire Laravel application lifecycle.
- Docker vs native stack — Kamal is container-first. Cipi runs a native Nginx + PHP-FPM + MariaDB + Supervisor stack on Ubuntu — lower overhead and simpler debugging for standard Laravel apps.
- Laravel depth — Cipi includes Deployer integration, artisan shortcuts, automatic queue workers, webhook-driven zero-downtime Git deploys, and the shared release directory structure. Kamal can deploy Laravel in Docker, but without Laravel-specific lifecycle management.
- AI integration, encryption, sync — Cipi adds a dual MCP server, AES-256-CBC Vault encryption at rest, encrypted server-to-server sync, and a full REST API. Kamal has none of these.
Kamal is the right choice if you already run Docker infrastructure and only need a lightweight, battle-tested deploy CLI. Cipi is the right choice if you want one tool to provision, secure, deploy, and operate Laravel servers from scratch. See the Cipi vs Kamal comparison.
Cipi vs Cleavr
Cleavr is a SaaS server-management panel with strong Laravel support — zero-downtime deployments, queue workers, SSL, database management, and a polished web GUI. It sits in the same category as Forge and Ploi: you connect your VPS to Cleavr's control plane and manage everything through a browser dashboard, starting at roughly $8/month per server.
Cipi trades the GUI and monthly fee for zero cost, MIT open source, full CLI control, a dual MCP server, AES-256 config encryption at rest, and built-in encrypted server-to-server sync. Cleavr remains the better choice if your team prefers a visual interface and does not need CLI-first pipeline automation or AI integration. See the Cipi vs Cleavr comparison.
Cipi vs Dokku
Dokku is a free, open-source (MIT) self-hosted Platform-as-a-Service — often described as "Heroku on your VPS". You push code with Git and Dokku builds and runs Docker containers, with a rich plugin ecosystem for databases, SSL, and scheduling. It is CLI-oriented and self-hosted, with no SaaS dependency.
The comparison with Cipi mirrors Coolify at a lighter weight: Dokku is git-push + containers; Cipi is Laravel-first on a native LEMP stack with full server provisioning, Deployer, artisan, queues, dual MCP, Vault encryption, and server sync. Dokku wins on git-push simplicity and container isolation for teams already committed to Docker. Cipi wins on Laravel-specific automation without container overhead. See the Cipi vs Dokku comparison.
Cipi vs Easypanel
Easypanel is a free, open-source, self-hosted Docker PaaS with a web GUI — similar in scope to Coolify. It deploys applications as containers, supports many stacks, and provides one-click databases and services through a dashboard.
Easypanel and Cipi differ on the same axes as Coolify: GUI + Docker PaaS vs CLI + native Laravel stack. If you want a visual self-hosted PaaS with container workflows, Easypanel is worth evaluating. If you deploy Laravel exclusively and want CLI-first automation without Docker, Cipi is the more focused option. See the Cipi vs Easypanel comparison.
Cipi vs moss.sh
moss.sh is a SaaS "virtual sysadmin" targeting freelancers and agencies. It supports PHP, Laravel, Symfony, WordPress, and Node.js on Ubuntu servers, with plans from $9 to $49/month and a limited free tier capped at 25 git deploys per month.
Moss and Cipi target similar workloads but opposite philosophies: Moss is GUI-first SaaS with deploy quotas on the free tier; Cipi is CLI-first, free forever, self-hosted, with no deploy limits, dual MCP, Vault encryption, and server sync. Moss is not Laravel-exclusive — no built-in Deployer or artisan shortcuts. See the Cipi vs moss.sh comparison.
Cipi vs ServerPilot
ServerPilot is a PHP/WordPress-focused SaaS panel ($12–49/month) that automates PHP-FPM and Nginx setup. It has no Laravel-specific tooling, no CLI for application management, and no zero-downtime deploy system. It is primarily aimed at WordPress developers who want automated PHP updates without thinking about server internals. For Laravel developers, it offers little value over Cipi at significant ongoing cost.
Cipi vs GridPane, xCloud, ServerAvatar
These three panels are focused on WordPress and WooCommerce, not PHP in general and certainly not Laravel specifically. They optimize for WordPress-centric workflows (staging clones, multisite, Redis object cache for WP, Cloudflare integration for WordPress). None of them have Laravel-specific tooling. If your workload is WordPress, evaluate them on their own merits. If your workload is Laravel, they are not the right category of tool.
Cipi vs cPanel & Plesk
cPanel and Plesk are traditional hosting control panels designed for shared hosting resellers: they manage email accounts, FTP, DNS zones, databases, and multiple customer websites on one machine. They are expensive (cPanel starts at $20+/month per server, Plesk similarly), GUI-only, built around Apache by default, and carry enormous complexity — most of which is irrelevant when deploying a single-stack Laravel application.
They are the right tool for hosting providers that sell shared hosting accounts to non-technical customers. They are the wrong tool for a development team that owns its own VPS and deploys Laravel apps. Cipi is purpose-built for the latter scenario at zero cost. For a lighter proprietary panel in the same category, see also DirectAdmin — covered in the dedicated Cipi vs DirectAdmin comparison.
Cipi vs DirectAdmin
DirectAdmin is a proprietary shared-hosting control panel positioned as a lighter, cheaper alternative to cPanel. It manages email, FTP, DNS, databases, and multiple customer websites on one server through a web GUI, with reseller features and tiered licenses from roughly $2 to $29 per month depending on account limits.
DirectAdmin and Cipi target opposite use cases. DirectAdmin is for hosting providers reselling shared hosting; Cipi is for development teams deploying Laravel on a dedicated VPS. DirectAdmin has no Deployer integration, no artisan commands, no automatic queue workers, and no webhook-driven zero-downtime deploy system. It can host PHP/Laravel manually, but offers no Laravel-specific lifecycle management.
DirectAdmin is a reasonable choice if you run a small hosting business and need a GUI for multi-tenant email, DNS, and website administration at lower cost than cPanel. For a team that owns its own server and deploys Laravel exclusively, Cipi is free, open source, CLI-first, and far more capable out of the box. See the full comparison.
Cipi vs Webmin
Webmin is a free, open-source, browser-based interface for low-level Unix system administration — managing users, cron jobs, packages, firewall rules, services, and disk usage through a GUI rather than the shell. It is not a hosting panel or a deployment tool; it is a remote administration console for sysadmins. Virtualmin is the hosting-focused module built on top of Webmin.
Webmin and Cipi solve entirely different problems. Webmin lets you administer a server; Cipi lets you deploy and manage Laravel applications on a server. They are not mutually exclusive — you could technically run both on the same machine — but Cipi's CLI replaces any need for a GUI-based admin console for the tasks it covers (app creation, deploys, PHP management, firewall, SSL, backups). Webmin has no Laravel awareness: no Deployer, no artisan, no queue workers, no zero-downtime release management.
If your team needs a point-and-click interface for general server maintenance (editing
/etc/hosts, managing system users, reviewing logs visually), Webmin is a reasonable
complementary tool. For Laravel deployments specifically, Cipi is more capable and requires no
browser or active session.
Cipi vs Virtualmin, ISPConfig, Froxlor, Ajenti
These are free, open-source hosting panels designed for ISPs, hosting resellers, and system administrators managing many tenants on a single machine. They all share similar characteristics: email servers (Postfix/Dovecot), DNS (BIND), FTP (ProFTPD/vsftpd), multiple virtual host management, and complex multi-user permissions. They are powerful but have steep learning curves and are designed for environments far more complex than a dedicated Laravel application server.
None of them have Laravel-specific tooling. None of them integrate with Deployer. None of them are CLI-first in the sense that every operation can be scripted. For a team deploying Laravel exclusively, they are overbuilt and underspecialized compared to Cipi.
Cipi vs HestiaCP & VestaCP
VestaCP has been effectively abandoned since 2019. HestiaCP is its active community fork — free, open source, and maintained. It is a lighter alternative to cPanel for generic hosting (email, FTP, DNS, multiple PHP versions). Like the other traditional panels, it has no Laravel-specific tooling: no Deployer, no queue workers managed automatically, no artisan integration. Its primary audience is small hosting businesses or individuals who want a GUI for managing multiple websites on one server across multiple stacks. If you only deploy Laravel, Cipi is the more focused and simpler option.
Cipi vs aaPanel
aaPanel (also known as BaoTa Panel) is a free panel of Chinese origin, widely used in the Asia-Pacific region. It supports LNMP/LAMP stacks, Node.js, Docker, and various database engines through a plugin system. It is genuinely capable and has a large user base, but it is a generic multi-stack tool with a GUI-centric philosophy and no Laravel-native automation. Server communication is managed through the panel's own agent, creating a dependency on the panel's infrastructure similar to SaaS tools. For Laravel-specific, CLI-driven deployments, Cipi is a cleaner fit.
Cipi vs CentOS Web Panel (CWP / AlmaLinux Web Panel)
CentOS Web Panel — now repositioned around AlmaLinux — is a traditional hosting panel historically tied to the RHEL ecosystem. Cipi targets Ubuntu exclusively, which is the dominant OS for modern Laravel deployments and where the ondrej/php PPA gives access to all PHP versions from 7.4 to 8.5 within hours of release. Beyond the OS mismatch, CWP is a generic panel with no Laravel tooling and significant complexity overhead for a single-application Laravel server.
Cipi vs ZPanel
ZPanel is effectively unmaintained and should not be used for new deployments. It is included here only because it appears in comparisons on the web. Choose any of the other options listed on this page instead.
Privacy, GDPR, and data sovereignty
This dimension is rarely discussed in tool comparisons but is legally significant for teams that process personal data — EU-based companies, healthcare, fintech, or any product subject to GDPR, HIPAA, or local data protection regulations.
SaaS panels and data residency
When you connect a server to a SaaS panel (Forge, Ploi, RunCloud, ServerPilot, xCloud, GridPane, ServerAvatar), you are providing that service with data about your infrastructure: server IP addresses, hostnames, deployment credentials, environment variable names, and in some cases SSH private keys or deploy tokens. The SaaS provider stores and processes this data on their own infrastructure, which may be located in jurisdictions outside the EU.
- Laravel Forge is operated by Laravel LLC, a US company. Data is processed under US law. Under GDPR, Forge acts as a data processor for your infrastructure data, which requires a signed Data Processing Agreement (DPA). As of 2025, Forge provides a DPA on request, but the data remains on US-based servers.
- Ploi is operated by WebBuilds B.V., a Dutch company — EU-based and natively subject to GDPR. This makes it the most compliant SaaS option in this list for EU teams. Data is hosted in Europe.
- RunCloud, ServerPilot, GridPane, ServerAvatar, xCloud are primarily US or non-EU companies. Their data residency and DPA availability varies; check each provider's privacy policy and DPA status before using them with data subject to GDPR.
- aaPanel is of Chinese origin. Its privacy policy and data handling are subject to Chinese law, including the Personal Information Protection Law (PIPL) and the Data Security Law (DSL), which in certain circumstances allow Chinese government access to data stored on Chinese-operated systems. For EU teams or teams processing sensitive data, this is a significant compliance consideration.
- Vito Deploy is self-hosted — like Cipi, no infrastructure data leaves your VPS. From a GDPR perspective, Vito Deploy shares the same advantage: no third-party data processor for server management. However, Vito Deploy does not advertise encryption at rest for configuration files, whereas Cipi encrypts all configs with AES-256-CBC via the Vault system.
- Coolify is also self-hosted — infrastructure data stays on your VPS with no SaaS control plane dependency. Like Vito Deploy, Coolify does not advertise encryption at rest for configuration files, whereas Cipi encrypts all configs with AES-256-CBC via the Vault system.
- Kamal, Dokku, and Easypanel are self-hosted — no third-party data processor for server management. They do not advertise config encryption at rest for configuration files, whereas Cipi encrypts all configs with AES-256-CBC via the Vault system.
Cipi: self-contained, zero data exfiltration
Cipi is installed directly on your VPS and operates entirely within your own infrastructure. It does not phone home, it does not send telemetry, and it does not contact any external service during normal operation (the only external calls are to GitHub for self-updates and to Let's Encrypt for SSL certificates — both are standard and optional). No server metadata, no credentials, no application data ever leaves your machine.
From a GDPR perspective, this means:
- No third-party data processor for infrastructure management — you are the sole data controller and processor for your server management operations.
- No DPA required with Cipi itself (there is no Cipi company processing your data).
- Full data sovereignty — your server data stays in the jurisdiction where your VPS is hosted, which you choose freely (Hetzner DE, OVH FR, AWS eu-central-1, etc.).
- Easier audit trails — every Cipi action is logged locally in
/var/log/cipi/cipi.log, accessible only to you, not to a third-party dashboard.
When to choose Cipi
- You deploy Laravel — Cipi is designed primarily for Laravel, with custom app support for static sites, SPAs, WordPress, and other PHP projects.
- You want zero monthly panel cost — one server or fifty, the price is the same. and you don't need a commercial support contract
- You need full CLI and pipeline automation — every Cipi operation is scriptable over SSH.
- You need native Git deploy — automatic deployment integration with GitHub and GitLab, with webhook-driven zero-downtime releases.
- You need a REST API — full programmatic control over hosts and applications for integration with external tools, dashboards, and custom workflows.
- You need AI-driven management — Cipi's dual MCP server (per-app and global) enables creating, deploying, modifying, deleting, and managing SSL certificates across all applications from any MCP-compatible AI IDE or agent.
- You want no external dependency — the panel lives on your VPS and works independently of any SaaS.
- You value open source and auditability — every line of Cipi is readable, forkable, and MIT-licensed.
- You need GDPR / data sovereignty compliance — no infrastructure data leaves your VPS, no third-party data processor, no DPA required.
- You need encryption at rest — all configuration files, credentials, and SSH keys are encrypted with AES-256-CBC via the Vault system. Sync archives are also encrypted with a user-defined passphrase.
- You need server-to-server sync and replication —
cipi sync pushenables automated failover replication via cron, with encrypted transfer and incremental updates.