Aetolos is a secure open source control panel for virtual hosting.
What makes Aetolos unique, is its ability to create a complete virtual hosting server with basic distro RPM packages (base and epel), without external requirements to 3rd party tools.
Even more interesting, is the fact that Aetolos makes NO modification to the default system, it generates configuration files as needed by each daemon and nothing more. The system is left intact and future-proof, because the RPM packages can continue to update themselves without conflict.
We are not finished yet, Aetolos also has an import feature for cPanel backup archives, which are properly converted to run on vanilla system daemons. Thus, Aetolos makes it easy to migrate from a cPanel server to one of the supported vanilla distros: Alma, Rocky, Oracle, CentOS and Fedora.
System upgrades have become a reality. It is now possible for Aetolos to backup virtualhosts from CentOS 7/CentOS 8 and restore them to an Alma/Rocky/Oracle 8/9 server.
Where no man (or control panel) has gone before: Aetolos can setup a system, import virtual hosts and then Aetolos can be removed entirely, which leaves you with a nice and clean distro server, for you to manage as you will.
Oh, did we mention that everything is done from the command line?
Aetolos supports the following daemons and packages:
Protocol | Name | Support |
HTTP | Apache | Complete |
HTTP | HAproxy | Complete |
HTTP | PHP | Complete |
HTTP | Roundcube | Complete *1 |
SQL | MariaDB | Complete |
POP3/IMAP | Dovecot | Complete |
SMTP | Postfix | Complete |
SMTP | SpamAssassin | Complete |
SMTP | ClamAV | Complete |
SMTP | OpenDKIM | Complete |
SMTP | OpenDMARC | Complete |
SMTP | Postgrey | Complete |
DNS | NSD | Complete *2 |
DNS | DNSSEC | In progress |
TLS | Let's encrypt | Complete *3 |
OS | SELinux | Complete |
OS | Alma 9 | Complete |
OS | Alma 8 | Complete |
OS | Rocky 9 | Complete |
OS | Rocky 8 | Complete |
OS | Oracle 9 | Complete |
OS | Oracle 8 | Complete |
OS | CentOS 8 | Complete |
OS | CentOS 7 | Complete |
OS | Fedora | Complete |
OS | Import | Complete |
OS | Export/backup | Complete |
*1 - Roundcube is only supported under Fedora, because there are no RPM packages from EPEL for the EL distributions.
*2 - NSD is not supported in EL9 distributions, because there are no RPM packages from the maintainers.
*3 - Let's Encrypt is supported by the dehydrated script, which is highly recommended over the certbot client.
The import function for cPanel backups has the following features and limitations:
Feature | Name | Support |
domain | Virtual host account | Complete |
cp | Account parameters | Complete |
cron | Cron files | Complete |
mysql | MySQL to MariaDB | Complete |
sslcerts | TLS certificates | Complete |
sslkeys | TLS keys | Complete |
va | Email forwarders | Complete |
homedir | User home files | Complete |
email quota | Dovecot | Complete |
bandwidth | Bandwidth records | Unsupported |
dns | DNS zones are reset | Planned |
dkim | DKIM | Not needed |
interchange | Interchange | Unsupported |
locale | Panel locale | Unsupported |
logaholic | Logaholic | Unsupported |
logs | Apache logs | In progress |
reseller | Reseller accounts | Unsupported |
filters | SA user filters | Unsupported |
quota | User quotas | Unsupported |
Aetolos has some designed limitations put there on purpose and some other limitations due to unimplemented features.
The most important limitation, is that Aetolos was not designed to offer a public hosting service, there are no user quotas, no user jail shell and no user access to files. Aetolos is designed to be a self-hosting solution by an organization or an individual who wants to host multiple domains on the same server.
Virtual host isolation is achieved by using per-virtualhost user accounts, all user files (emails, tmp directory, PHP sessions, etc) are hosted under the user's home directory with an enforcing SELinux policy on top. Apache isolation is archived by running separate Apache processes as individual user ownership, in CentOS 7 this is works by using the Apache MPM ITK module, in CentOS 8 and Fedora this works by using a main reverse proxy and multiple httpd instances, managed by systemd.
Some missing features are in the development stages (DNSSEC), while others are completely unsupported (resellers, web interface).
Oh, did we mention that it only runs under Alma, Rocky, Oracle, CentOS and Fedora?
Add virtual host "example.tld" with the default alias "www.example.tld"
/root/aetolos/aetolos --verbose --module=virtualhost --add-virtualhost=example.tld
Add parked domain "foobar.tld" to the above virtual host, with no prefix alias
/root/aetolos/aetolos --verbose --module=virtualhost --virtualhost=example.tld --add-pdomain=foobar.tld --no-prefix
Add email address "info@example.tld" with a password stored within the password.txt file
/root/aetolos/aetolos --verbose --module=dovecot --virtualhost=example.tld --add-email=info --password-file=./password.txt
Setup everything and enable+start any relevant services
/root/aetolos/aetolos --verbose --setup systemctl --now enable httpd httpd@example.tld postfix dovecot