Complete feature set
iNetPanel Features
Everything you need to host websites on your own server, for free.
Core Hosting
Multi-user, multi-domain hosting with full process isolation between accounts.
Each hosting account can have unlimited additional domains added with their own vhost, PHP-FPM pool, and SSL.
Each domain runs in its own PHP-FPM pool as the system user. open_basedir restrictions prevent cross-account file access.
New accounts auto-assigned Apache ports starting at 1080, increasing per user.
Chrooted vsftpd FTP with whitelist-only mode. Per-user FTP credentials managed through the panel.
Upload and manage SSH public keys for hosting accounts from the admin panel.
Suspend hosting accounts with one click — stops the PHP-FPM pool, FTP/SSH access, Apache vhost, and WireGuard VPN peer without deleting any files.
Cloudflare Integration
Deep integration with Cloudflare's free tier — tunnel, DNS, email, and DDNS.
cloudflared daemon routes all traffic. No open inbound ports. Server IP never exposed. Host from behind CGNAT, NAT, or any ISP.
Create, edit, and delete Cloudflare DNS records (A, AAAA, CNAME, MX, TXT, SRV) directly from the iNetPanel dashboard.
Manage Cloudflare Email Routing rules — forwarding addresses, catch-all rules, and custom destinations.
Built-in DDNS that keeps a Cloudflare A record updated with your server's current IP. Configurable 5–60 minute update intervals.
Security
Multiple layers of security from network to application level.
Optional full system lockdown: the only open port is UDP 1443 (WireGuard). Admin panel, Client portal, phpMyAdmin, FTP, and SSH are all restricted to VPN peers only. Peer management and QR codes from the dashboard.
Intrusion prevention bans IPs after 5 failed login attempts on SSH and the panel. Ban/unban from the admin UI.
All admin passwords hashed with bcrypt. PAM-based authentication for hosting user portal logins.
Three roles: Superadmin (full), Full Admin (full except user mgmt), Sub-Admin (domain-restricted).
All forms protected with per-session CSRF tokens verified via constant-time comparison.
X-Frame-Options DENY, nosniff, Referrer-Policy, Permissions-Policy on all responses.
PHP Management
Install and manage multiple PHP versions side-by-side from the dashboard.
Install any combination of PHP versions via sury.org repository. Set system-wide default and override per-domain.
Each domain can run a different PHP version independently — legacy PHP 5.6 apps alongside modern PHP 8.5 sites.
Install and uninstall PHP extensions per version with one click from the Extensions panel.
Each domain gets a dedicated PHP-FPM pool running as the hosting account user for security and isolation.
SSL & Backups
Automated certificate management and daily account backups.
Certificates issued via Cloudflare DNS-01 challenge — works even without HTTP access. Self-signed fallback for non-public domains.
Certbot cronjob at 4 AM renews expiring certificates automatically.
Cron at 3 AM backs up all accounts (files + databases). Configurable 1–30 day retention.
Trigger per-account backups on demand directly from the admin UI or via the CLI.
Admin & Logs
Complete operational visibility and self-service for hosting clients.
CPU, RAM, disk usage, active domains, and service status at a glance.
Start, stop, and restart Apache, MariaDB, PHP-FPM, vsftpd, WireGuard, and cloudflared. Note: lighttpd serves the admin panel and cannot be restarted from within the panel.
Panel audit log, per-domain Apache error/access logs, PHP-FPM error logs. Filter by source, level, user, and date.
Hosting users log in with their Linux system credentials to view domain info, DB credentials, FTP/SSH access, and manage their own DNS.
Included on a dedicated Apache vhost at port 8888 — no separate installation needed.
Settings → Updates shows current vs. latest version. Version control is fully through GitHub releases. One-click update downloads, extracts, and runs migrations.