The most feature-packed free server panel ever built.
Self-hosted. Docker-native. Written in Rust. Panel services run on ~19MB of RAM. 776 API endpoints. 152 app templates. 454 E2E tests. ~41MB binaries. Zero subscriptions.

Website • Docs • Changelog • Discussions

curl -sL https://dockpanel.dev/install.sh | sudo bash

Open http://YOUR_SERVER_IP:8443, create your admin account, done.

Supports Ubuntu 20+, Debian 11+, CentOS 9+, Rocky 9+, Fedora 39+, Amazon Linux 2023. x86_64 and ARM64.

No other free panel gives you Git push-to-deploy with blue-green zero-downtime updates, 152 one-click Docker app templates, per-image CVE scanning with deploy gating, a WAF, passkey login, GPU passthrough, multi-server management, reseller accounts, a developer CLI, and Infrastructure as Code — all while the panel services themselves use under 20MB of RAM. DockPanel does.

• Sites — Static, PHP (8.1-8.4), Node.js, Python, reverse proxy. Automatic Nginx config, SSL, PHP-FPM pools.
• Databases — MySQL/PostgreSQL in Docker. Built-in SQL browser, visual schema browser, point-in-time recovery (WAL/binlog). Auto-cleanup on site delete.
• Docker Apps — 152 templates across 14 categories (AI, CMS, Database, Media, Monitoring, and more). Compose stacks. Resource limits. GPU passthrough.
• Git Deploy — Push-to-deploy. Atomic zero-downtime deploys (Capistrano-style). Nixpacks (30+ languages). Preview environments.
• WordPress Toolkit — Multi-site dashboard, vulnerability scanning, security hardening, bulk updates.
• CMS Install — WordPress, Laravel, Drupal, Joomla, Symfony, CodeIgniter — one click.
• Backups — Scheduled, S3/SFTP remote destinations, one-click restore. Restic incremental (encrypted, deduplicated).
• Backup Orchestrator — DB/volume backups, AES-256 encryption, restore verification, cross-resource policies, S3/SFTP/B2/GCS destinations, health dashboard.
• CDN — BunnyCDN and Cloudflare CDN management. Cache purge, bandwidth stats, pull zone discovery.
• Image Optimization — Server-side WebP/AVIF conversion per site.
• Secrets Manager — AES-256-GCM encrypted vaults, version history, auto-inject to .env, masked API, CLI pull endpoint.
• Webhook Gateway — Inbound endpoints with unique URLs, HMAC-SHA256/SHA1 verification, request inspector, route builder, retry/replay.

• Multi-Server — Manage remote servers from one panel. Agent auto-registers.
• DNS — Cloudflare + PowerDNS. Zone templates, propagation checker, DNSSEC. Cloudflare cache purge, security settings, Cloudflare Tunnel.
• Container Management — Auto-sleep (scale to zero), auto-update detection, per-user isolation policies, app migration between servers.
• Mail — Postfix + Dovecot + OpenDKIM. Webmail (Roundcube), spam filter (Rspamd), SMTP relay.
• Monitoring — HTTP/TCP/ping uptime checks, SLA tracking, PagerDuty integration.
• Prometheus + Grafana — Token-gated /api/metrics scrape endpoint (off by default) plus a drop-in fleet dashboard covering CPU/memory/disk, GPU utilization/VRAM/temp/power, sites, and alerts. See docs/guides/prometheus.md.
• Incident Management — Full lifecycle (investigating, identified, monitoring, resolved, postmortem), severity levels, timeline, affected components.
• Public Status Page — Standalone dark-themed page at /status, component groups, email subscribers, overall status auto-computed from checks.
• Terminal — Full SSH with tabs, themes, sharing, session recording.

• Passkey/WebAuthn — Passwordless login with biometrics or security keys. Plus 2FA/TOTP with recovery codes.
• WAF — ModSecurity3 + OWASP CRS v4 per site. Detection or prevention mode. Event viewer.
• CSP & Bot Protection — Per-site Content Security Policy headers and bot rate limiting.
• Firewall — UFW management with smart port opener.
• Fail2Ban — View/ban/unban IPs, panel-specific jail.
• SSH Hardening — Disable password/root login, change port — one click.
• Vulnerability Scanning — File integrity, security headers, full-server audits.
• Per-Image CVE Scanning — Scan every running Docker app's image with Anchore grype. Severity badge per app row on the Apps page. Scheduled background rescans (configurable interval). Soft deploy gate refuses deploys on images exceeding a critical/high/medium threshold. Grype installs self-contained into /var/lib/dockpanel/scanners/ from the Settings UI. Defaults to off — opt in from Settings → Services → Image Vulnerability Scanning.
• Signed Releases + SBOM — Every release binary and its SPDX SBOM is signed in CI with cosign keyless via Sigstore (no long-lived signing key, recorded in the public Rekor transparency log). Verification snippet in SECURITY.md.
• Per-Image SBOM Generation — Generate an SPDX 2.3 JSON SBOM for any deployed Docker app's image on demand (syft). Click "Download SBOM" in any app's scan drawer. Self-contained install at /var/lib/dockpanel/scanners/syft. Defaults to off — opt in from Settings → Services → SBOM Generation. Companion to image CVE scanning: composition vs. risk.
• Auto-Healing — Restart crashed services, clean disk, renew expiring SSL, auto-sleep idle containers.

• CLI — dockpanel status, sites, apps, diagnose, export, apply
• Infrastructure as Code — Export/import server config as YAML. Terraform/Pulumi provider API with scoped IaC tokens.
• Smart Diagnostics — 6 check categories with one-click fixes. Auto-optimization recommendations.
• File Manager — Browse, edit, upload files from the browser.
• Command Palette — Ctrl+K to navigate anywhere.
• Nginx FastCGI Cache — Per-site toggle with smart bypass for logged-in users.
• Redis Object Cache — Per-site isolated Redis DB with WP auto-config.

• 6 Themes — Terminal (hacker green), Midnight (navy blue), Ember (warm amber), Arctic (light teal), Clean (light blue SaaS), Clean Dark (GitHub-dark).
• 3 Layouts — Sidebar (full sidebar nav), Compact (collapsible icon rail), Topbar (horizontal navbar).

• Reseller Accounts — Admin → Reseller → User hierarchy with quotas.
• White-Label — Custom logo, colors, panel name per reseller.
• OAuth/SSO — Google, GitHub, GitLab login.
• Extension API — Webhook events with HMAC signing and scoped API keys.
• WHMCS Integration — Provisioning, suspension, termination hooks. Auto-create users from billing.
• Horizontal Auto-Scaling — Rule-based CPU thresholds with min/max replicas and cooldown.
• Migration Wizard — Import from cPanel, HestiaCP. Plesk (beta). App migration between servers.
• Teams — Multi-user access with role-based permissions.

Browser → React 19 SPA → Nginx
                           ├── /api/* → API (Rust/Axum)
                           │              ├── PostgreSQL 16
                           │              └── Agent (Unix socket / HTTPS)
                           │                     └── Docker, Nginx, SSL, files, terminal
                           └── /*     → Frontend (static files)

3 Rust binaries: Agent (~21MB), API (~20MB), CLI (~1MB). Runtime RAM: ~12MB agent + ~7MB API ≈ 19MB for the panel itself; ~85MB with the bundled PostgreSQL. 11 background services.

DockPanel has undergone seven rounds of security auditing (280+ vulnerabilities found and fixed). Credentials are encrypted at rest with AES-256-GCM. All child processes run with sanitized environments. Per-image CVE scanning (grype) with optional deploy gating catches vulnerable images before they ship. See SECURITY.md for details.

git clone https://github.com/ovexro/dockpanel.git && cd dockpanel

# Start database
docker run -d --name dockpanel-postgres \
  -e POSTGRES_USER=dockpanel -e POSTGRES_PASSWORD=dockpanel -e POSTGRES_DB=dockpanel \
  -p 5450:5432 postgres:16

# Build
cargo build --release --manifest-path panel/agent/Cargo.toml
cargo build --release --manifest-path panel/backend/Cargo.toml
cargo build --release --manifest-path panel/cli/Cargo.toml
cd panel/frontend && npm install && npx vite build

See CONTRIBUTING.md for full development setup.

dockpanel status              # Server status (CPU, RAM, disk)
dockpanel sites               # List all sites
dockpanel apps                # List Docker apps
dockpanel diagnose            # Run smart diagnostics
dockpanel export -o config.yml  # Export server config as YAML
dockpanel apply config.yml    # Apply config (Infrastructure as Code)

sudo bash /opt/dockpanel/scripts/update.sh     # Update
sudo bash /opt/dockpanel/scripts/uninstall.sh   # Remove

• Live Docs — Getting started, guides, configuration
• FEATURES.md — Complete feature manifest (60+ features, ~280 capabilities)
• CHANGELOG.md — Version history
• SECURITY.md — Security model and vulnerability reporting
• CONTRIBUTING.md — Development setup and PR process

Business Source License 1.1. Free to use on your own servers. See LICENSE for details.