A powerful server management CLI for Laravel applications on Ubuntu
Cipi is a CLI-based server control panel designed exclusively for Laravel developers who need a secure, production-ready hosting environment on Ubuntu VPS. With Cipi, you can:
- ✨ Create isolated virtual hosts with individual users and PHP versions
- 🔒 Automatic SSL certificates with Let's Encrypt
- 🗄️ Manage MySQL databases
- 🌐 Configure domains and aliases
- 🐘 Install and manage multiple PHP versions (5.6 - 8.5)
- 🔄 Deploy Laravel applications with Git
- 📊 Monitor server status
- 🛡️ Built-in fail2ban + ClamAV antivirus protection
- 🔐 Secure password management (never stored in plain text)
- 📦 S3 backup integration for storage + databases
No web interface needed - everything is managed via SSH with the cipi command!
Cipi is specifically designed for Laravel applications and developers who:
- ✅ Want a secure, production-ready server without complex DevOps knowledge
- ✅ Need isolated environments for multiple Laravel projects on one VPS
- ✅ Prefer CLI management over web-based control panels
- ✅ Value security hardening with automatic updates and malware scanning
- ✅ Need per-project PHP versions (Laravel 8 on PHP 8.0, Laravel 11 on PHP 8.3, etc.)
- ✅ Want automated backups to S3 for storage and databases
- ✅ Are deploying on Ubuntu 24.04 LTS servers
Cipi implements production-ready security with multiple layers of protection:
System Security:
- 🛡️ Fail2ban - Automatic SSH brute-force protection
- 🔥 UFW Firewall - Only ports 22, 80, 443 exposed
- 🦠 ClamAV Antivirus - Daily malware scans of all applications
- 🔐 User Isolation - Each app runs as a separate system user with strict permissions (chmod 750/640)
- 🔑 Root-Only CLI - Cipi commands require sudo for administrative control
Application Security:
- 🔒 SSL Everywhere - Free Let's Encrypt certificates with auto-renewal
- 🚫 Nginx Hardening - Server tokens hidden, rate limiting, security headers
- 🗝️ SSH Keys - Auto-generated for each app to access private Git repos
- 🔐 Secure Passwords - Complex passwords never stored in plain text, shown only once
- 🔄 Automatic Updates - Weekly system security patches via cron
Laravel-Specific:
- 📂 Storage Permissions - Optimized for Laravel's storage and cache directories
- ⚙️ Supervisor Workers - Process management for queues
- 📅 Cron Scheduler - Pre-configured for
php artisan schedule:run - 💾 Database Backups - Automated MySQL/PostgreSQL/SQLite backups to S3
Monitoring & Response:
- 📊 System Status - Real-time monitoring of all services
- 📝 Comprehensive Logs - Nginx, PHP-FPM, application, and security logs
- 🚨 Antivirus Logs - Track malware scans and threats
What Cipi is NOT:
- ❌ Not for "enterprise" with compliance certifications (SOC2, PCI-DSS)
- ❌ Not a WAF (Web Application Firewall) like Cloudflare
- ❌ Not high-availability clustering or load balancing
- ❌ Not for non-PHP applications (only Laravel/PHP)
Verdict: Cipi provides production-grade security suitable for professional Laravel applications, side projects, and small-to-medium businesses. For highly regulated industries or applications requiring compliance certifications, additional security layers may be needed.
- Ubuntu 24.04 LTS (or higher)
- Fresh server installation recommended
- Minimum 512MB RAM, 1 CPU core
- Root access (sudo)
- Public IPv4 address
- ✅ DigitalOcean
- ✅ AWS EC2
- ✅ Vultr
- ✅ Linode
- ✅ Hetzner
- ✅ Google Cloud
wget -O - https://raw.githubusercontent.com/andreapollastri/cipi/refs/heads/latest/install.sh | bashInstallation takes approximately 10-15 minutes depending on your server's internet speed.
AWS disables root login by default. Use this method:
ssh ubuntu@<your-server-ip>
sudo -s
wget -O - https://raw.githubusercontent.com/andreapollastri/cipi/refs/heads/latest/install.sh | bashImportant:
- Open ports 22, 80, and 443 in your VPS firewall!
- Save the MySQL root password shown during installation!
- App and database passwords are never stored in config files for security. Save them when displayed!
# Show server status
cipi status
# Show all available commands
cipi help
# Show Cipi version
cipi version# Create a new virtual host (interactive)
cipi app create
# Create virtual host (non-interactive)
cipi app create \
--user=myapp \
--repository=https://github.com/laravel/laravel.git \
--branch=main \
--php=8.4
# List all virtual hosts
cipi app list
# Show virtual host details
cipi app show myapp
# Change PHP version for a virtual host
cipi app edit myapp --php=8.3
# Edit .env file
cipi app env myapp
# Edit crontab (for Laravel scheduler, backups, etc.)
cipi app crontab myapp
# Change virtual host password
cipi app password myapp
# Change virtual host password (custom)
cipi app password myapp --password=MySecurePass123!
# Delete virtual host
cipi app delete myapp# Assign a domain (interactive)
cipi domain create
# Assign a domain (non-interactive)
cipi domain create \
--domain=example.com \
--aliases=www.example.com \
--app=myapp
# List all domains
cipi domain list
# Delete a domain
cipi domain delete example.com
# Add alias to domain
cipi alias add example.com www.example.com
# Remove alias from domain
cipi alias remove example.com www.example.com# Create a new database (interactive)
cipi database create
# Create database (non-interactive)
cipi database create --name=mydb
# List all databases
cipi database list
# Change database password
cipi database password mydb
# Change database password (custom)
cipi database password mydb --password=MyDbPass123!
# Delete a database
cipi database delete mydb# List installed PHP versions
cipi php list
# Install a PHP version
cipi php install 8.3
# Switch CLI PHP version
cipi php switch 8.4# Restart nginx
cipi service restart nginx
# Restart all PHP-FPM services
cipi service restart php
# Restart MySQL
cipi service restart mysql
# Restart Supervisor
cipi service restart supervisor
# Restart Redis
cipi service restart redis# Update Cipi to the latest version
cipi updateWhen you create a virtual host, Cipi creates the following structure:
/home/<username>/
├── wwwroot/ # Your Laravel project (Git repository)
├── logs/ # Nginx access & error logs
├── backups/ # Local backup storage
├── .ssh/ # SSH keys for Git (private repositories)
├── deploy.sh # Deployment script (editable)
├── ssl.sh # SSL certificate management script
├── backup.sh # S3 backup script (storage + database)
├── gitkey.pub # SSH public key for GitHub/GitLab
└── WEBHOOK_SETUP.md # Webhook setup documentation
Each virtual host comes with a pre-configured deploy.sh script optimized for Laravel:
cd /home/<username>
./deploy.shThe script automatically:
- Pulls latest changes from Git
- Installs Composer dependencies
- Runs database migrations
- Clears and optimizes cache
- Builds assets with npm (if needed)
- Restarts queue workers
Enable SSL for your domain:
# As root
sudo -u <username> /home/<username>/ssl.sh
# Or wait for the automatic hourly cron jobCertificates are automatically renewed via cron job.
Each virtual host has its own SSH key pair for accessing private Git repositories:
# View the public key
cat /home/<username>/gitkey.pub
# Or show it with the app details
cipi app show <username>Copy the public key and add it to your Git provider:
- GitHub: Settings → SSH and GPG keys → New SSH key
- GitLab: Settings → SSH Keys → Add new key
- Bitbucket: Personal settings → SSH keys → Add key
Each virtual host includes an S3 backup script for Laravel storage and database:
# Edit backup configuration
nano /home/<username>/backup.sh
# Configure:
# - S3_BUCKET (your S3 bucket name)
# - S3_REGION (e.g., us-east-1)
# - AWS_ACCESS_KEY_ID
# - AWS_SECRET_ACCESS_KEY
# Test the backup
sudo -u <username> /home/<username>/backup.sh
# Setup automatic nightly backups
sudo -u <username> crontab -e
# Add this line for 2 AM backups:
# 0 2 * * * /home/<username>/backup.sh >> /home/<username>/logs/backup.log 2>&1The backup script automatically:
- Backs up Laravel
storage/directory - Backs up database (MySQL, SQLite, or PostgreSQL)
- Creates compressed archive
- Uploads to S3 with retention policy
- Cleans up backups older than 30 days (both local and S3)
Note: AWS CLI is pre-installed with Cipi
Cipi supports automatic deployments using Git webhooks. Each virtual host includes a WEBHOOK_SETUP.md guide with detailed instructions for:
- GitHub webhook configuration
- GitLab webhook configuration
- Webhook endpoint setup
- Security best practices
- 🛡️ Fail2ban - Automatic IP banning after failed SSH attempts
- 🔥 UFW Firewall - Only ports 22, 80, 443 are open
- 👤 Isolated Users - Each virtual host runs under its own system user
- 🔐 Secure Permissions - Proper file and directory permissions
- 🚫 No FTP - Only secure SFTP access
- 🔑 SSL Everywhere - Free Let's Encrypt certificates
| Software | Version | Purpose |
|---|---|---|
| nginx | Latest | Web server |
| PHP | 8.4 (default) | PHP interpreter |
| MySQL | 8.0+ | Database server |
| Redis | Latest | Caching & sessions |
| Supervisor | Latest | Process manager |
| Composer | 2.x | PHP dependency manager |
| Node.js | 20.x | JavaScript runtime |
| npm | Latest | Node package manager |
| Certbot | Latest | SSL certificates |
You can install any PHP version from 5.6 to 8.5 (beta):
cipi php install 8.3
cipi php install 8.2
cipi php install 7.4Cipi automatically checks for updates via cron job (daily at 5:00 AM). You can also manually update:
cipi updateUpdates are pulled from GitHub releases and applied automatically.
cipi statusOutput:
██████ ██ ██████ ██
██ ██ ██ ██ ██
██ ██ ██████ ██
██ ██ ██ ██
██████ ██ ██ ██
SERVER STATUS
─────────────────────────────────────
IP: 123.456.789.0
HOSTNAME: my-server
CPU: 25%
RAM: 45%
HDD: 30%
SERVICES
─────────────────────────────────────
nginx: ● running
mysql: ● running
php8.4-fpm: ● running
supervisor: ● running
redis: ● running
To uninstall Cipi from your server while keeping all virtual hosts, databases, and websites running:
# Stop and remove Cipi system cron jobs
sudo crontab -l | grep -v "cipi\|certbot\|freshclam\|apt-get" | sudo crontab -
# Remove Cipi executable and scripts
sudo rm -f /usr/local/bin/cipi
sudo rm -rf /opt/cipi
# Optional: Remove Cipi configuration data
# WARNING: This removes all domain/app metadata but keeps actual files
sudo rm -rf /etc/cipi
# Optional: Remove Cipi log directory
sudo rm -rf /var/log/cipi✅ Cipi CLI tool (/usr/local/bin/cipi)
✅ Cipi library scripts (/opt/cipi/)
✅ Cipi configuration data (/etc/cipi/)
✅ Cipi cron jobs (SSL renewal, updates, scans)
✅ Cipi logs (/var/log/cipi/)
✅ All virtual host users (e.g., /home/myapp/)
✅ All websites and Laravel applications
✅ All databases and MySQL users
✅ Nginx configurations (/etc/nginx/sites-available/)
✅ PHP-FPM pools (/etc/php/*/fpm/pool.d/)
✅ SSL certificates (/etc/letsencrypt/)
✅ All system packages (Nginx, MySQL, PHP, Redis, etc.)
✅ Supervisor workers
✅ Fail2ban and UFW configurations
Your websites will continue to work normally. You'll need to manage:
-
SSL Renewal: Setup your own certbot cron job
sudo crontab -e # Add: 10 4 * * 7 certbot renew --nginx --non-interactive -
System Updates: Setup your own update schedule
sudo crontab -e # Add: 20 4 * * 7 apt-get -y update # Add: 40 4 * * 7 DEBIAN_FRONTEND=noninteractive apt-get -q -y dist-upgrade
-
Antivirus Scans: Setup your own ClamAV scan schedule
sudo crontab -e # Add: 0 3 * * * /usr/local/bin/cipi-scan -
Manual Management: Use standard Linux tools
sudo nginx -t # Test Nginx sudo systemctl reload nginx # Reload Nginx sudo systemctl restart php8.4-fpm # Restart PHP-FPM mysql -u root -p # Manage databases
You can reinstall Cipi at any time without affecting existing sites:
wget -O - https://raw.githubusercontent.com/andreapollastri/cipi/refs/heads/latest/install.sh | bashCipi will detect existing virtual hosts and continue managing them.
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Cipi is open-source software licensed under the MIT license.
- Installation Guide - Complete installation instructions
- Quick Start Guide - Get up and running in 10 minutes
- Features - Complete feature list
- Security Guidelines - Password management and security best practices
- Upgrade Guide - How to update Cipi
- Contributing - How to contribute
- Changelog - Version history
- 🐛 Bug Reports: GitHub Issues
- 💡 Feature Requests: GitHub Issues
- 📧 Email: [email protected]
- 🌐 Website: cipi.sh
If you find Cipi useful, please consider giving it a star on GitHub!
- Built with ❤️ by Andrea Pollastri
- Inspired by server management tools like Forge, RunCloud, and Ploi
- Thanks to all contributors!
Made with ❤️ for the Laravel community