VortexPanel v3.4.0 — Go/Node.js Project Manager, FFmpeg & Memcached, Website Import, Nine-Distro Reliability
LatestVortexPanel v3.4.0 — Go/Node.js Project Manager, FFmpeg & Memcached, Website Import, Nine-Distro Reliability
Release date: July 2026
The biggest release since v3.2.0's security overhaul. Two entirely new deployment managers (Go and Node.js binary/app hosting — something none of cPanel, Plesk, aaPanel, or HestiaCP offer out of the box), a full Website Import wizard for migrating off other panels, two new App Store modules, and a broad reliability pass across all nine supported distros and both x86_64/arm64 architectures.
🚀 Go Projects & Node.js Projects — New Deployment Managers
VortexPanel can now host compiled Go binaries and Node.js applications directly, with the same one-click simplicity as a WordPress install.
Go Projects
- Binary-only deployment — point at a compiled Go binary, VortexPanel handles the rest
- Go SDK manager — install/switch between multiple Go versions side by side, GOPROXY configuration (official/goproxy.io/goproxy.cn/direct)
- systemd service — auto-restart on crash, enable-on-boot, journal logging
- Reverse proxy on all 4 webservers — nginx, Apache, OpenLiteSpeed, and Caddy, auto-detected
- WebSocket support — proper
Upgrade/Connectionheader handling on nginx and Apache (needed forgorilla/websocket, gRPC-Web, etc.) — the shared nginx$connection_upgrademap is written once and reused across every proxied project - Let's Encrypt SSL per domain — nginx/Apache use certbot's native plugin, OpenLiteSpeed uses
certonly+ manual vhost wiring, Caddy is detected as already-automatic (no action needed) - Resource limits —
MemoryMax/CPUQuotain the systemd unit, so a runaway process gets capped instead of taking down the whole server - On-demand health checks — real TCP connect to the app's port, catching the case
Restart=alwayscan't: a hung process still holding the port open - Binary version history + rollback — every start/restart snapshots the binary (skipped if unchanged, via SHA-256 hash), keeps the last 5 versions, one-click revert
- Firewall integration (UFW + firewalld), all 9 supported distros
Node.js Projects
- PM2 + systemd — choose either process manager per project
- nvm-based version switching — install and switch Node versions without affecting other projects
- Same reverse-proxy-on-all-4-webservers support as Go Projects
- Current LTS reality reflected: v24 Active LTS default, v22 Maintenance, v18/v20 correctly blocked as EOL
📥 Website Import Wizard — Migrate from cPanel, aaPanel, HestiaCP
A new "Import Website" flow on the Websites page, upload-based (no SSH pull required):
- Upload the backup archive exported from your old panel
- Detect — VortexPanel extracts it and makes a best-effort guess at the domain, PHP version, document root, and database dump
- Confirm — every detected field is editable before anything happens; nothing is auto-executed blind
- Import — creates the site + nginx vhost (the exact same code path as "New Website", so imported sites are indistinguishable from natively-created ones), copies files, creates the database and imports the dump, generates a fresh random DB password (originals are never in a backup dump, so there's nothing to recover)
Supports cPanel (cpmove/full-backup format, userdata YAML domain detection), aaPanel (domain-folder detection + .sql/.sql.gz filename matching), and HestiaCP (v-backup-user's nested web.tar/mysql.tar format). Files + database only in this release — email, cron, and SSL migration are not yet included.
📦 App Store — 2 New Modules
- FFmpeg Manager — install multiple FFmpeg versions side by side (7.1, 8.1, and nightly master), each with its own command alias (
ffmpeg7,ffmpeg8). Sourced from BtbN/FFmpeg-Builds — the provider ffmpeg.org's own download page links to for Linux static builds — with full x86_64 and arm64 support - Memcached — full management UI: Service (start/stop/restart/reload), Config File editor, Switch Version, Load Status (live stats via Memcached's own
statsprotocol), and Optimization (bind IP/port/cache size/max connections)
App Store module count: 27 (up from 25).
🖥 Dashboard & Monitoring
- Realtime charts — CPU/RAM history and Network I/O, client-side rolling window, no backend polling changes needed
- Global SSL expiry banner — aggregates certificate expiry across every site, warns at 14 days with severity-graded colour coding (yellow → orange → red-for-expired)
- Settings → Audit Log viewer — last 200 login attempts (time/status/IP/user/note) — the backend already existed, it just had no UI until now
- Per-site disk usage — lazy-loaded (only fires when you open a site's Directory tab, so it doesn't slow down the Websites list on servers with many/large sites)
🛠 Reliability — RHEL-Family & arm64 Fixes
A full audit turned up (and fixed) install-time failures that were silently breaking on real-world server configurations:
- RHEL/CentOS/Fedora/AlmaLinux/Rocky — nginx, MySQL, Caddy, MongoDB, and PostgreSQL were previously completely uninstallable on any RHEL-family distro. The install scripts only had a Debian-specific GPG-keyring +
sources.listcode path; on RHEL this produced garbage commands (dpkg -ion a distro with nodpkg, Debian package names fed todnf, etc.). All 5 now have proper distro-aware install paths — MySQL uses RHEL's built-in AppStream module stream (no external repo needed at all), PostgreSQL correctly disables the conflicting built-in module before installing PGDG's versioned packages. - arm64 — MongoDB and PostgreSQL RHEL install paths had hardcoded
x86_64in the repo URLs, silently breaking on ARM servers. MongoDB now usesdnf's auto-resolving$basearch; PostgreSQL detects the real architecture viauname -m. - A pre-existing Caddy bug (not new — this predates the audit) was piping a fetched GPG key into
rm -finstead ofgpg --dearmor, producing an empty/invalid keyring on Debian too, not just RHEL. Fixed. - All module install/uninstall cycles audited for safety on repeat runs — GPG keys and repo files are now properly cleaned up on uninstall, preventing reinstall failures.
🎨 UI System — Modal & Layout Fixes
A cluster of related frontend bugs, all traced to the same root causes and fixed together:
- Modal centering — the underlying issue was
position:fixedbreaking when nested inside a scrolling ancestor (overflow-y:autocontainers). All modals are now rendered as direct children of<body>via a shared global portal pattern, using explicitwidth:100vw;height:100vhso they're immune to any ancestor's overflow settings. - Horizontal scrollbar shifting the entire panel — a classic flexbox
min-width:autotrap:.main-areaand.page-contentwereflex:1with nomin-width:0, so a single unconstrained<select>dropdown with long option text (App Store version pickers) could force the whole layout wider instead of scrolling internally. Fixed at the source, plus a body-level safety net. - Cross-component scoping bugs — several modals had their interactive functions defined inside the wrong Alpine.js component (a page's own scope instead of the global scope the portal actually renders in), causing buttons to silently do nothing. Standardized on the same pattern used by
toast()/get()/post(): plain global functions, reachable from any component. - Eight pages (
dashboard,docker,settings,files,mail,bandwidth,security,caddy) had dead method calls in their tab-refresh event listeners from an earlier bulk edit — switching to those tabs was silently failing. All fixed.
🔩 Smaller Fixes
- Self-hosted SVG brand logos for all App Store modules — zero CDN dependency for icons
- nginx version bump — Stable 1.30.3, Mainline 1.31.2 (security patch)
- Update-check false positive (was comparing git hash against semver)
- Databases page now auto-detects MongoDB/PostgreSQL correctly with engine-aware columns
- Install/uninstall hang fixes — proper timeouts (10min install, 5min uninstall, 8min switch), service-stop-before-remove ordering
install.shnow clones to a permanent/root/Vortexpanelinstead of/tmp(which gets wiped on reboot, silently orphaning git tracking) — and auto-generates a correctly-patheddeploy.shduring install