Hosting Panel

• 

  How things looks right now.

Product Requirements Document (PRD)

---

1. Project Purpose

To create a modern, lightweight, and self-hosted control panel for a small hosting company. The panel will allow the management of servers, websites, email services, and backups, focusing on speed, flexibility, and minimal reliance on external solutions.

---

2. Target Audience / Users

• Administrators – infrastructure and client management
• Resellers – selling services to other users
• End Users – managing accounts, websites, databases, email, etc.

---

3. Key Features

a) General

• Modern, responsive UI (desktop, tablet, mobile)
• Separate dashboards: admin, reseller, user
• Centralized dashboard for all resources

b) Web Hosting

• Support for Laravel, Node.js, React, Magento, Python
• Multi-vhost (each app with its own config)
• Autoinstallers for: Laravel, WordPress, Roundcube, etc.
• Website-level resource usage tracking (CPU, RAM, I/O)
• Automatic alerts for abnormal behavior or infection signs
• Optional isolation/quarantine or auto-suspension of compromised sites
• Behavioral analysis engine to detect common attack patterns, malware signatures, and suspicious activity
• Integrated WordPress management tool: update themes/plugins, enable/disable, uninstall without accessing wp-admin
• Varnish + OPcache support with GUI configuration tools

• Support for Node.js applications with per-app configuration

  • Compatible with: Strapi v4, Ghost, Nuxt, etc.
  • Auto-detection of package.json and ecosystem.config.js (if using PM2)
  • Automatic reverse proxy setup via NGINX/Apache
  • Optional subdirectory or subdomain mapping (e.g., example.com/blog for Ghost)
  • Ability to define Node version per app (via .nvmrc or settings UI)
  • Built-in support for PM2 process manager with GUI controls (restart, logs, etc.)

c) Email

• Custom mail server (Postfix or Exim)
• Integrated webmail (e.g. Roundcube)
• High-level anti-spam and security
• Email activity monitoring (volume, spam patterns, blacklisting status)
• Admin alerts on suspicious or excessive outbound mail

d) Backup

• Support for: S3, Bunny, Cloudflare R2, Hetzner Volumes
• Backup management from the dashboard

e) Database

• PostgreSQL with interface via pgAdmin or integrated alternative
• Database access from the dashboard

f) Dev & Stack

• Multi-PHP support

• Integrated file manager (lightweight)

  • CHMOD functionality for permissions
  • File/folder creation, editing, uploading
  • Zip/unzip, rename, delete

• Crontab / job manager

g) Automation

• Automatic provisioning upon account/server creation
• Billing + invoicing
• Rate limiting
• Resource management with custom rate limiting, inspired by CloudLinux features, including per-user limits for CPU, RAM, I/O, and number of processes, adapted for lightweight environments.

h) Security

• ModSecurity
• SSL management
• Audit trail
• GUI-based integration with CPGuard, Imunify, BitNinja, or other AV/intrusion systems
• ClamAV integration with automatic scanning scheduled during low-resource usage windows
• Two-factor authentication (2FA) via common TOTP apps (Google Authenticator, Authy, Microsoft Authenticator)
• IP restriction for admin/reseller access
• Role-based access control (RBAC)
• Logging and audit events
• Access tokens for secure API access
• Prohibited domain names list
• Brute force protection and rate limiting
• Device/session tracking per user

i) Monitoring (in-house)

• No Netdata, no Docker
• Lightweight internal solution for resource tracking
• Real-time notifications and logging for abuse/infection detection
• Per-client website and email behavior monitoring with configurable thresholds and notifications

j) Account & UI Features

• Customer impersonation (see exact user view without logging out)
• Soft delete with retention window + restore option
• Multi-package support per user
• Unified panel (admins and users see only what’s relevant)
• Multi-language support per login
• Multi-account login support
• Global search bar
• Branding (colors, logo, fonts)
• Dark mode by default (user override allowed)

---

4. Tech Stack

• Frontend: Vite + SolidJS + TailwindCSS + ShadCN UI + TypeScript
• Backend: Node.js / Go / Rust (for future phases)
• Database: PostgreSQL
• Mail: Postfix / Exim (no Docker)
• Storage: Local + Cloud Buckets (S3, Bunny, R2, Hetzner)
• Node Runtime Management: NVM + PM2 support (non-Docker)

---

5. MVP (Minimum Viable Product)

• Login/Register + user dashboard
• Website/app creation with configurable vhost
• Functional email + webmail
• Manual backup to S3/Bunny
• Database view and management
• Fully responsive UI
• Basic Node.js app deployment with reverse proxy support and PM2 process start/stop

---

6. Scalability (Future)

• Cluster management support
• Multi-server UI
• Distributed provisioning scripts and automation
• Instance replication
• Node.js health monitoring and port/socket management
• App templates for common Node stacks (Ghost, Strapi, etc.)

---

7. Limitations / Exclusions

• No Docker, no Firebase Store
• All data must be 100% portable to self-hosted infrastructure
• No use of external SaaS monitoring tools (e.g. Netdata)
• Exclude Next.js from frontend stack

---

8. Security Considerations

• Two-factor authentication (2FA) via common TOTP apps (Google Authenticator, Authy, Microsoft Authenticator)
• IP restriction for admin/reseller access
• Role-based access control (RBAC)
• Logging and audit events
• Access tokens for API use
• Device/session tracking and management

---

9. UI/UX Overview

• Design based on ShadCN UI
• Modular components (cards, tables, modals, sidebar)
• Fast and intuitive navigation
• Dark mode by default
• Fully brandable (logos, styles)
• Global search across resources

Built With

• react
• rust
• vite