Vesta

Background:

VestaCP is a popular open-source web hosting control panel for Linux servers that provides an intuitive graphical interface for managing various server functions such as user management, email management, firewall configuration, SSL/TLS certificates, cron jobs scheduling, and much more. It has gained widespread adoption due to its ease of use, robustness, and feature-richness.

However, the VestaCP project was built with a focus on the LAMP stack, and had no support for modern applications and containerization, which leads to a high risk profile for shared applications and users. To address this, we decided to rebuild the entire application containerize everything with LXC (and later on with Incus).

Rebuilding VestaCP for a modern Web:

The first step was to redesign Vesta to follow a modern architecture with a focus on performance, scalability, and security. We decided to explore building two main prototypes for Vesta, one written in Go and the other in PHP. After evaluating both prototypes, we found that the Go-based implementation outperformed the PHP version in terms of speed, memory usage, and scalability, however the PHP version proved to be easier to maintain and extend by the existing open source community.

The main challenge we faced was focused around managing several breaking changes from the previous implementation. We had to refactor the entire codebase to ensure that it was compatible with the new design and architecture.

Containerizing VestaCP with LXC:

Once the new architecture was designed, we moved onto containerization using LXC. We created a cloud-init config that defined all the necessary dependencies, libraries, and configurations required for running the application in a containerized environment. This approach allowed us to package everything into a single image that could be easily deployed across multiple servers without any configuration management issues. During the development process we decided to use Incus instead of LXC as we focus on Alpine images as the official base image for our containers.

We also implemented network isolation using LXC/Incus networking features to ensure that each VestaCP instance ran independently from other instances on the same server. Additionally, we used container snapshots for backups, and persistent containers to suit modern applications.

Benefits:

The benefits of rebuilding VestaCP and containerizing it with LXC were significant. The new implementation resulted in a more performant application, and enabled Vesta to support virtually any application and technology stack. Additionally, we are building a large library of container images that will enable users to deploy their applications with ease.

Containerization with LXC also provided significant benefits such as improved resource utilization through container isolation, simplified deployment and scaling by using a single image across multiple servers, and enhanced security through network isolation.

Conclusion:

In conclusion, rebuilding VestaCP and containerizing it with LXC provided significant benefits for our web application's performance, resource utilization, deployment, scaling, and security. The test-driven development methodology used during the conversion process helped us catch any discrepancies early on and refactor our codebase as needed without compromising system stability. We believe that these approaches will continue to provide significant benefits for our web application's future development efforts and to the wider VestaCP community.