Open-source

DockPanel: Your Open-source CPanel Replacement

Hazem Abbas

05 May 2026 — 4 min read

Managing VPS instances usually leaves you with two bad choices: pay a monthly subscription for a "clean" SaaS panel, or deal with a clunky, resource-heavy open-source alternative.

DockPanel just broke that cycle. It’s a Docker-native, Rust-based powerhouse that runs on a fraction of the RAM used by traditional panels. Check out the breakdown below.

What is DockPanel?

DockPanel is a modern, high-performance server control panel designed to manage VPS and dedicated servers. Think of it as a lightweight, faster alternative to tools like cPanel, Plesk, or CloudPanel.

The key thing that makes it unique—and why people are excited about it—is its tech stack and efficiency. Because it’s written in Rust (a programming language known for being extremely fast and memory-safe), it can manage an entire server while using only 19MB of RAM. For context, most other panels require 10x to 50x that amount of memory just to sit idle.

Features

Hosting

Sites — Static, PHP (8.1-8.4), Node.js, Python, reverse proxy. Automatic Nginx config, SSL, PHP-FPM pools.
Databases — MySQL/PostgreSQL in Docker. Built-in SQL browser, visual schema browser, point-in-time recovery (WAL/binlog). Auto-cleanup on site delete.
Docker Apps — 152 templates across 14 categories (AI, CMS, Database, Media, Monitoring, and more). Compose stacks. Resource limits. GPU passthrough.
Git Deploy — Push-to-deploy. Atomic zero-downtime deploys (Capistrano-style). Nixpacks (30+ languages). Preview environments.
WordPress Toolkit — Multi-site dashboard, vulnerability scanning, security hardening, bulk updates.
CMS Install — WordPress, Laravel, Drupal, Joomla, Symfony, CodeIgniter — one click.
Backups — Scheduled, S3/SFTP remote destinations, one-click restore. Restic incremental (encrypted, deduplicated).
Backup Orchestrator — DB/volume backups, AES-256 encryption, restore verification, cross-resource policies, S3/SFTP/B2/GCS destinations, health dashboard.
CDN — BunnyCDN and Cloudflare CDN management. Cache purge, bandwidth stats, pull zone discovery.
Image Optimization — Server-side WebP/AVIF conversion per site.
Secrets Manager — AES-256-GCM encrypted vaults, version history, auto-inject to .env, masked API, CLI pull endpoint.
Webhook Gateway — Inbound endpoints with unique URLs, HMAC-SHA256/SHA1 verification, request inspector, route builder, retry/replay.

Operations

Multi-Server — Manage remote servers from one panel. Agent auto-registers.
DNS — Cloudflare + PowerDNS. Zone templates, propagation checker, DNSSEC. Cloudflare cache purge, security settings, Cloudflare Tunnel.
Container Management — Auto-sleep (scale to zero), auto-update detection, per-user isolation policies, app migration between servers.
Mail — Postfix + Dovecot + OpenDKIM. Webmail (Roundcube), spam filter (Rspamd), SMTP relay.
Monitoring — HTTP/TCP/ping uptime checks, SLA tracking, PagerDuty integration.
Prometheus + Grafana — Token-gated /api/metrics scrape endpoint (off by default) plus a drop-in fleet dashboard covering CPU/memory/disk, GPU utilization/VRAM/temp/power, sites, and alerts. See docs/guides/prometheus.md.
Incident Management — Full lifecycle (investigating, identified, monitoring, resolved, postmortem), severity levels, timeline, affected components.
Public Status Page — Standalone dark-themed page at /status, component groups, email subscribers, overall status auto-computed from checks.
Terminal — Full SSH with tabs, themes, sharing, session recording.

Security

Passkey/WebAuthn — Passwordless login with biometrics or security keys. Plus 2FA/TOTP with recovery codes.
WAF — ModSecurity3 + OWASP CRS v4 per site. Detection or prevention mode. Event viewer.
CSP & Bot Protection — Per-site Content Security Policy headers and bot rate limiting.
Firewall — UFW management with smart port opener.
Fail2Ban — View/ban/unban IPs, panel-specific jail.
SSH Hardening — Disable password/root login, change port — one click.
Vulnerability Scanning — File integrity, security headers, full-server audits.
Per-Image CVE Scanning — Scan every running Docker app's image with Anchore grype. Severity badge per app row on the Apps page. Scheduled background rescans (configurable interval). Soft deploy gate refuses deploys on images exceeding a critical/high/medium threshold. Grype installs self-contained into /var/lib/dockpanel/scanners/ from the Settings UI. Defaults to off — opt in from Settings → Services → Image Vulnerability Scanning.
Signed Releases + SBOM — Every release binary and its SPDX SBOM is signed in CI with cosign keyless via Sigstore (no long-lived signing key, recorded in the public Rekor transparency log). Verification snippet in SECURITY.md.
Per-Image SBOM Generation — Generate an SPDX 2.3 JSON SBOM for any deployed Docker app's image on demand (syft). Click "Download SBOM" in any app's scan drawer. Self-contained install at /var/lib/dockpanel/scanners/syft. Defaults to off — opt in from Settings → Services → SBOM Generation. Companion to image CVE scanning: composition vs. risk.
Auto-Healing — Restart crashed services, clean disk, renew expiring SSL, auto-sleep idle containers.

Developer Experience

CLI — dockpanel status, sites, apps, diagnose, export, apply
Infrastructure as Code — Export/import server config as YAML. Terraform/Pulumi provider API with scoped IaC tokens.
Smart Diagnostics — 6 check categories with one-click fixes. Auto-optimization recommendations.
File Manager — Browse, edit, upload files from the browser.
Command Palette — Ctrl+K to navigate anywhere.
Nginx FastCGI Cache — Per-site toggle with smart bypass for logged-in users.
Redis Object Cache — Per-site isolated Redis DB with WP auto-config.

Themes & Layouts

6 Themes — Terminal (hacker green), Midnight (navy blue), Ember (warm amber), Arctic (light teal), Clean (light blue SaaS), Clean Dark (GitHub-dark).
3 Layouts — Sidebar (full sidebar nav), Compact (collapsible icon rail), Topbar (horizontal navbar).

Business

Reseller Accounts — Admin → Reseller → User hierarchy with quotas.
White-Label — Custom logo, colors, panel name per reseller.
OAuth/SSO — Google, GitHub, GitLab login.
Extension API — Webhook events with HMAC signing and scoped API keys.
WHMCS Integration — Provisioning, suspension, termination hooks. Auto-create users from billing.
Horizontal Auto-Scaling — Rule-based CPU thresholds with min/max replicas and cooldown.
Migration Wizard — Import from cPanel, HestiaCP. Plesk (beta). App migration between servers.
Teams — Multi-user access with role-based permissions.