Modern hosting control panel for apps, websites & infrastructure teams.
NexaPanel by WPressly deploys Node.js and Laravel applications, hosts static & PHP websites, and manages domains, SSL, files and updates — on a security-first, agent-isolated architecture you can audit.
3
5
0.1.0-alpha.7
node · proxy 127.0.0.1:39114
laravel · php-fpm (tenant)
One panel for applications and hosting
Built for hosting providers, agencies, and managed-infrastructure teams who want application deployment and classic web hosting in a single, hardened control plane.
Applications Center
Provision, run, and tear down Node.js and Laravel apps with systemd units, reverse proxy, and per-tenant PHP-FPM.
Website hosting
Static & PHP sites with domains, subdomains, Let's Encrypt SSL, a file manager, and logs — owner-scoped.
Update Center
Manifest-driven, SHA-256-verified panel updates with a controlled, reversible apply and retained rollback assets.
Security-first
UFW deny-by-default, loopback-only databases, a root agent reachable only over a local socket, and enforced admin 2FA.
Scoped RBAC
An app_tester role scoped to the Applications Center — no access to admin, server, DNS, backups, or updates.
Backups & rollback
Nightly checksummed local backups and a documented, reversible upgrade/rollback path.
Designed to be audited, not just trusted
Least-privilege by design
The unprivileged panel talks to a root agent through a single local socket with a closed action allowlist, HMAC signing, and a peer-UID check.
Reversible updates
Updates stage offline, verify checksums against a trusted manifest, then swap with auto-rollback on failure — never a force reinstall.
Provider-oriented
Multi-tenant hosting and application workflows aimed at operators running infrastructure for clients.
Help shape NexaPanel
We're inviting a small group of trusted testers. No payment is collected during alpha, and your feedback directly shapes the roadmap.