Documentation

i4host documentation

Everything you need to install, operate and automate your i4host control panel — from a fresh VPS to a hardened, multi-tenant host.

Overview & architecture

i4host is a self-hosted control panel for Linux VPS servers. It’s composed of three cooperating layers, designed so that all privileged work is isolated behind a tightly-authenticated boundary:

Web panel — a fast, mobile-ready dashboard (installable as a PWA) where you and your customers manage everything.
API — the application server that holds business logic, authentication, roles and audit logging. It never runs as root.
Root agent — a small, hardened daemon that performs the actual privileged operations (creating users, writing nginx configs, issuing certificates). It listens only on a local Unix socket and authenticates every caller with peer-credential checks plus a bearer token.

Security model: the panel and API can be compromised without granting an attacker root — the agent only accepts a fixed, validated set of actions over the local socket, and records each one in the audit log.

Installation

Start with a fresh, supported VPS (Debian/Ubuntu or RHEL family) and a domain you control. Run the installer as root:

curl -fsSL https://get.i4host.xyz | sudo bash

The installer will:

Install and configure nginx, PHP-FPM (8.2 & 8.3), MariaDB and Redis.
Build and start the agent, API and web panel as hardened systemd services.
Generate secrets, initialize the database, and create the directories it needs.
Bring the panel online behind nginx with HTTP/2 and security headers.

Point your domain at the server

At your DNS provider, create A records pointing to your server’s IP:

panel   A   YOUR.SERVER.IP      # the control panel
@       A   YOUR.SERVER.IP      # apex / website
*       A   YOUR.SERVER.IP      # wildcard for hosted subdomains

Issue a trusted SSL certificate

Once panel.yourdomain resolves, issue a free Let’s Encrypt certificate and the panel will serve trusted HTTPS automatically (certificates auto-renew):

sudo certbot certonly --standalone -d panel.yourdomain

DNS for a brand-new domain can take from a few minutes up to a few hours to propagate through the registry before a certificate can be issued.

On first run there are no accounts yet. Open the panel — you’ll be sent to the login screen, which detects the first-run state and shows a Create admin account form. Enter the email and password for your super-admin (minimum 12 characters, with an uppercase, a lowercase and a digit).

After signing in:

Open Settings → Account and enable MFA (TOTP) or register a passkey (WebAuthn).
Create additional users from Users → New user and assign roles.

Recover access: if you’re ever locked out, an admin can be reset from the server with cd /opt/i4host/api && npm run create-admin.

CLI tour

i4host ships a CLI for scripting and headless management. Authenticate with a scoped token (create one under Settings → API tokens), then drive the same operations the panel does:

# list websites
i4host sites list

# create a site
i4host sites create example.com --php 8.3

# tail live server metrics
i4host server metrics --watch

Features

Websites & runtimes

Create vhosts with isolated per-site Linux users and PHP-FPM pools. Run WordPress (one-click installs, plugin/theme management, WP-CLI), one-click apps, Docker containers, and Git push-to-deploy with staging environments and per-site page caching.

Databases & dumps

Provision MariaDB/MySQL and PostgreSQL databases and users, browse and query them with the built-in Adminer, and export/import dumps.

Email, DNS & SSL

Manage mailboxes, forwarders, lists and server-side filters; edit DNS zones and records (including wildcards); and issue auto-renewing Let’s Encrypt certificates, wildcards included.

Backups & alerts

Schedule backups to local or remote destinations with one-click restore, and configure threshold and anomaly alerts delivered to your channels.

Access

Per-site FTP/SFTP accounts with managed SSH keys, a scoped in-browser terminal, and a full file manager.

Operating i4host

Post-install setup

Review your firewall rules, confirm backups are scheduled to an off-server destination, and enable MFA for every admin.

Hardening checklist

Enforce MFA/passkeys for all privileged accounts.
Restrict SSH (keys only) and keep the firewall tight — expose only what you need.
Schedule ClamAV scans and review the audit log regularly.
Keep automatic SSL renewals working (verify the renewal timer).

Observability

Live CPU/RAM/disk/load stream to the dashboard over WebSockets and are retained for historical trends. Track uptime, open incidents, and watch for anomalies.

Multi-tenant resellers

Define packages and quotas, create reseller and customer accounts with strict isolation, and connect WHMCS for billing and automated provisioning.

Runbooks

Situation	What to do
Restore a backup	Backups → select a snapshot → Restore. Confirm the target site/database.
SSL renewal failed	Ensure port 80 is reachable for validation, then re-run the issuance; check the renewal timer.
Reset admin password	On the server: `cd /opt/i4host/api && npm run create-admin`.
Disk full	Use the file manager / metrics to find large files; clear old backups and logs.
Redis recovery	Restart the Redis service from Server → Service status; the API reconnects automatically.
Roll back a deployment	Git → select the previous release → activate. Staging can be promoted likewise.

Roles & access

Role	Can do
Super-admin	Full control of the server, all tenants, settings and users.
Reseller	Manage their own customers within assigned packages and quotas.
Customer	Manage only their own sites, databases, email and files.
Developer	API-focused access via scoped tokens for automation.

API & automation

Everything in the panel is backed by a REST API. Create a scoped token under Settings → API tokens and call the API with a bearer token:

curl https://panel.yourdomain/api/server/services \
  -H "Authorization: Bearer YOUR_TOKEN"

Use outbound webhooks to notify your systems on events (site created, backup completed, alert fired), and the CLI for scripted, repeatable provisioning.

Public endpoints (like first-run setup status) are explicitly marked; everything else requires authentication and is authorized by role.

Need something that isn’t here? Open the panel and explore — every feature has inline help. Open the control panel →