NovaPanel
Features Pricing Docs Changelog Customer portal Discord GitHub
Get Pro

Features

Everything NovaPanel does

The honest list. What's bundled in Community, what's locked behind Pro, and how each piece is actually implemented underneath. If something's missing it's because we haven't built it yet — call it out in Discord and it might land on the roadmap.

Sites & domains

Caddy 2 reverse proxy with auto-TLS for every hostname

  • Add a domain → Caddy provisions a Let's Encrypt cert within seconds. No config files, no certbot cron jobs.
  • Per-site PHP-FPM pools — each site gets isolated memory limits, time limits, opcache settings.
  • Custom error pages per site (404 / 500 / etc) editable from the UI.
  • Per-site access + error log tail in the browser. No SSH-and-grep dance.

Databases

PostgreSQL 16 + MariaDB, both first-class

  • Per-customer database isolation: each customer gets their own postgres roles + databases, no cross-tenant access.
  • phpMyAdmin and Adminer both bundled, available per-customer.
  • One-click logical backups (mysqldump / pg_dump) → optional remote upload (S3 / Backblaze B2).
  • Import / export from the UI — drag a .sql file, restore in place.

Mail server

Postfix + Dovecot + DKIM + Roundcube webmail

  • SPF / DKIM / DMARC records auto-generated for every domain — copy-paste into your DNS.
  • Per-domain catch-all routing, alias management, autoresponders, vacation messages.
  • Sieve filtering for inbox rules without leaving the panel.
  • Spam scoring via SpamAssassin; ClamAV scanning on inbound (Pro tier).
  • Outbound SMTP relay support — point at SES / Postmark / Mailgun if your VPS has port 25 blocked (most do).

DNS

PowerDNS authoritative, optional DNSSEC

  • Manage A / AAAA / MX / TXT / SRV / CNAME records per domain in the UI.
  • DNSSEC toggle per zone — keys generated and rotated for you.
  • Slave / master modes: run NovaPanel as your authoritative or as a hidden master behind a public secondary.
  • API-driven for automation — every UI action has a corresponding REST endpoint.

File manager + terminal

Browser-based file ops, no SSH needed for most tasks

  • Drag-and-drop upload, in-place text editing with syntax highlighting, chmod / chown / archive operations.
  • Hidden-file toggle, permission bits visible at a glance.
  • In-browser shell — full xterm.js terminal scoped to the customer's home directory (or full root for admin).
  • Integrates with the file manager: select files → 'open in terminal here' jumps you to that path.

Backups

Local + remote, scheduled or on-demand

  • Per-site, per-database, or full-account backup targets.
  • Local destinations work in Community; S3 / Backblaze B2 / SFTP destinations are Pro-only.
  • Encryption at rest — passphrase-derived AES-256 before upload, so a leaked S3 key doesn't leak data.
  • Schedules with retention policies (e.g., 7 daily + 4 weekly + 3 monthly).
  • One-click restore — pick a snapshot, confirm, the panel handles the database drop / re-create / file-overwrite.

WAF (Pro)

OWASP-style request filtering via Caddy + Coraza

  • Per-site enable/disable toggle.
  • Default ruleset based on the OWASP CRS — blocks SQL injection, XSS, path traversal patterns, common exploit signatures.
  • Custom rules editable from the UI for site-specific tuning (e.g., allow a specific user-agent for an API).
  • Block-log tail in the panel so you can see what's being denied.

Virus scanner (Pro)

ClamAV with on-upload + scheduled sweeps

  • Inbound mail attachments scanned at MTA time.
  • On-upload scanning for FTP and webmail attachments.
  • Scheduled full-server sweeps with quarantine-on-detection.
  • ClamAV signature database auto-updates daily.

Git deploy (Pro)

Push-to-deploy via webhook + SSH deploy keys

  • Connect a GitHub / GitLab / Gitea / Bitbucket repo to a site.
  • Generated deploy SSH key (read-only) you paste into the repo's settings.
  • Webhook URL the panel listens on — push to your branch, the panel pulls + runs your post-deploy script.
  • Per-site deploy log so you can see exactly what ran.

White-label branding (Pro)

Make the customer panel look like yours

  • Custom logo, favicon, primary colour, accent colour.
  • Custom login-page copy and support email — your customers see your brand, not ours.
  • Custom outbound-email From address for password resets, account notifications.
  • Customer-facing URL stays on YOUR domain — no NovaPanel subdomain leakage.

Admin & ops

What the operator sees on port 2087

  • Customer accounts with packages: hardcoded site / DB / disk / bandwidth quotas per package.
  • License management — apply Pro keys, view fingerprint, manage subscription via Stripe / PayPal portal.
  • Notification system — license renewal warnings, security patches available, package updates available, low disk, failed logins, service downtime.
  • Audit log — every state-changing call against the panel is logged with actor / IP / target. 90-day retention, configurable.
  • Banned IPs page wired to UFW — block bad actors at the firewall, see ban history, set automatic expiry.

Free Community tier covers most of this

Everything except WAF, virus scanner, S3 backups, mail accounts, git deploy, and white-label is unlocked in Community. Try it before you pay.

Install free See Pro pricing