ApisCP is the Apis Networks Control Panel, a hosting platform since 2002 engineered to help you achieve more. Once installed, ApisCP’s adaptive firewall activates by protecting all facets from WordPress to SSH for added peace of mind. This is a multi-tenant platform in which each account is partitioned from one another and may be optionally controlled via resource enforcement. 1-click installation and automatic updates are provided for WordPress, Discourse, Ghost, Drupal, and Laravel.
Skip down to installation for a quickstart.
Beyond the basics, ApisCP implements several features unique to its stack.
ApisCP is a self-healing platform. Once a month it scrubs your server looking for irregularities. Any changes are automatically corrected. Integrity checks can fix a broken server in most cases.
Let’s work together to make the web safe. ApisCP automatically deploys updates for system packages, panel core, platform improvements, WordPress core/plugins/themes, Ghost, Discourse, Drupal, and Laravel. Every month you’ll receive a reminder of what sites have failed automatic updates to help you manage your server.
Single-user sites are so 2000. ApisCP modernizes your layout by utilizing a variety of user accounts governed by discretionary access controls built into Linux. Each site has a dedicated web user that is separate from your user accounts. A bad WordPress shouldn’t wreck your day.
Empower sites with the ability to protect themselves from the omnipotent eye of Rampart. Delegated whitelisting allows Site Administrators to whitelist a configurable threshold of IP addresses such that one user’s bad mail credentials doesn’t block access for everyone else.
Each account runs its own filesystem comprised of a variety of service layers. BoxFS is an opaque, composite filesystem that restricts visibility to each account and provides a copy-up behavior that restricts tampering of system files. Services, PHP included, are jailed to these synthetic roots with negligible performance degradation.
Restrict memory, CPU, I/O bandwidth, and process limits through cgroups, a native Linux feature that reliably enforces resource limits across modern Linux distributions.
Complex administrative tasks are simplified into Scopes, automation with error checking. Modify server configuration in a straightforward, safe manner.
ApisCP speaks a variety of DNS implementations, including PowerDNS and DigitalOcean (and CloudFlare if you want!).
Stay ahead of threats with FLARE, a rapid update facility part of ApisCP. FLARE checks 50 times a day to ensure you’re up-to-date. When we push an emergency update, your server automatically updates as long as you permit us.
We’ll do our best to heal spikes in server traffic without impacting your day. What we can’t heal, Argos pushes to your notification medium of choice. Argos is a good boi! After all, we named this feature after Odysseus’ loyal companion.
Package | Version | License |
---|---|---|
ApisCP | 3.20 | Proprietary |
PHP | 7.40 | PHP |
MariaDB | 10.40 | GPL-2.0 |
PostgreSQL | 13 | PostgreSQL |
Apache | 2.40 | Apache |
Ansible | 2.90 | GPL-3.0 |
Node | 6.0.0-13.1.0+ | MIT |
Python | 2.1.3-3.6.8+ | Python Software Foundation |
Ruby | 1.8.5-2.6.5+ | Ruby |
Go | 1.2.2-1.12.13+ | BSD-style |
git | 2.18 | GPL-2.0 |
TimescaleDB | 2.50 | Apache/TSL |
Postfix | 3.40 | IBM |
Dovecot | 2.30 | MIT |
WordPress | 5.1+ | GPL-2.0 |
WP-CLI | 2.30 | MIT |
Ghost | 3.0+ | MIT |
Discourse | 2.2+ | GPL-2.0 |
Laravel | 6.1+ | MIT |
Drupal | 8.7+ | GPL-2.0 |
fail2ban | 0.10 | GPL-2.0 |
HAProxy | 1.80 | GPL-2.0 |
Phusion Passenger | 5.30 | MIT |
mod_evasive | 1.0-dev | GPL-2.0 |
rspamd | 2.40 | Apache |
SpamAssassin | 3.40 | Apache |
Redis | 5 | BSD |
Monit | 5.25 | AGPL-3.0 |
Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.
In addition to creating a Droplet from the ApisCP 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB ApisCP Droplet in the SFO2 region, you can use the following curl
command. You need to either save your API access token) to an environment variable or substitute it in the command below.
curl -X POST -H 'Content-Type: application/json' \
-H 'Authorization: Bearer '$TOKEN'' -d \
'{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "apisnetworks-apiscp-8-3"}' \
"https://api.digitalocean.com/v2/droplets"
This application includes a 30-day Pro license to use ApisCP. After 30 days, your server will continue to protect itself against malicious activity as well as host your sites, but you won’t be able to access your panel. Visit my.apiscp.com to purchase a license or contact help@apisnetworks.com for questions.
A prebuilt image is provided, which immediately protects itself from threats once turned on. Login to the server using your DigitalOcean credentials to begin installation. Configuration settings are available in /root/apnscp-vars.yml
, which influence how the panel initially behaves. Any setting, with the exception of MariaDB and PostgreSQL, may be changed at a later time.
nano /root/apnscp-vars.yml
to edit Bootstrapper configuration.systemctl start bootstrapper-resume
to replay installation, personalizing your instance.
tail -f /root/apnscp-bootstrapper.log
will show installation progression real time. It won’t take more than a few minutes to complete.By default, the username is “admin” and password randomly generated. ApisCP will attempt to send an email with your credentials, but these can be just as easily reset from the command-line:
cpcmd auth:change-username NEWUSER
cpcmd auth:change-password 'NEWPASSWORD'
cpcmd common:set-email NEW@EMAIL.COM
Adding your first site is a breeze! ApisCP is tuned from the start for optimal performance, so stress less on tuneables - which still exist in config.ini - and focus on your sites.
See INSTALL.md for additional help.
ApisCP is able to read backups from other mediums. See Migrations.md for an updated list of supported mediums.
A “null” driver is configured by default, which disables DNS integration. The DigitalOcean DNS driver is an excellent option if you’re hosting just your sites. For hosting a variety of users, we recommend using PowerDNS.
cpcmd scope:set dns.default-provider digitalocean cpcmd scope:set dns.default-provider-key 'abcdef1234567890'
Many settings may be simply adjusted after install through Scopes. Scopes do the heavy lifting for you, just focus on the invocation! Scopes have a few methods: get, set, info, list.
Example: cpcmd scope:get net.hostname
Example: cpcmd scope:set mail.enabled false
Example: cpcmd scope:set system.sshd-port '[22,43130]'
Example: cpmd scope:info cp.headless
Example: cpcmd scope:list
The following Scopes are commonly used:
mail.smart-host
: set upstream mail relaycp.headless
: disable panel frontend, rely on CLI helperssystem.timezone
: change the system timezone to your regionrampart.blacklist
: add an address or CIDR to a permanent listrampart.whitelist
: add an address or CIDR to a permanent listapache.block10
: alter global settings to block all HTTP/1.0 (often sloppy spam) clients from accessing the servercp.bootstrapper
: change Bootstrapper settings, upcp -sb
re-runs the Bootstrapper to apply changesconfig.ini provides other features to tune. Always use cpcmd config:set cp.config section name value
to alter this file in a safe manner.
ApisCP supports a variety of features beyond what’s listed above. Make the most of your ApisCP experience with the following additions:
ApisCP is a cornucopia of features to explore! cpcmd -o yaml misc:list-commands
is a fun starting point. If you need to scratch that itch, check out the following features:
Stop by the ApisCP Discord server if you have any questions. See you there!