Is Vesta project dead??? #2006
Comments
|
Hello @AntonKirilov, I don't have a answer to your question but if you're trying to get in touch with the Vesta members to privately disclose a security vulnerability, please give HestiaCP team a heads up too. (contact details are on the "Security Policy" page on our github repo) |
|
Who manage the official website and social networks? I would like to move the repository in an organization and create a team with all forked developers. The goal is to have only one project managed by a real team which improves the code, adds supports and solves security problems. @serghey-rodin: Can you contact me and give me all rights? Thanks in advance. |
|
@Neustradamus |
|
@dpeca: Badly not, but the problem is that currently Vesta CP must not be used in the World. |
|
@Neustradamus this is the reason other forks have started years ago. |
|
I must agree with @Lupul, I didn't have other choice. |
|
I have proposition for @dpeca, @Neustradamus and other DEVS to create a new fork VestacpNG (NG - stands for NextGeneration) and make a easy way for users to move their current deployments to new repo. |
|
I second the idea of a global version and a way to run a script to port over from the old repos to the new one. @dpeca and @dreiggy I also because I rely on this a lot and have ported it myself for my own use replacing the scripts after install I want this project to be back on track and will cover and run all and any servers needed to have a new repo going (shared access between any main devs so abandonment cant happen again). I have access to a large cloud backing and my company uses (although modified and will always be modified) version of vestacp I want the core to live on. |
|
@dpeca and I have already discussed about creating a shared repository based on a fork of Vesta. This is not to keep the project alive, but to secure the existing server installations against already patched and upcoming exploits - also to give users more time for a migration. With Hestia and MyVesta there are already two forks that are working both on the further development of Vesta. I don't assume that it would make sense to create a third fork next to them. We also try to support CentOS and IPv6 as next step - after the release of Hestia 1.2.0 which is planned for Monday and brings a lot of new features (https://github.com/hestiacp/hestiacp/blob/master/CHANGELOG.md). The work on the CentOS integration has already started with the support of a new dev - but a release date cannot be predicted yet. |
|
The goal is to have only one, a "merging" of MyVesta and Hestia if it is not possible to have a best Vesta CP directly... -> A best:
|
|
Hestia and MyVesta are very different, the code structure of Hestia has already been heavily modified and is no longer directly compatible with Vesta - although of course Vesta backups can be restored. In the end, every user has to decide for himself whether he prefers to use Hestia or MyVesta. If he uses many modifications that strongly depend on the existing Vesta structure, MyVesta is definitely an advantage. Hestia on the other hand offers many new features, MultiPHP, Mail SSL, Filemanager, JailSFTP just to name a few. However, a new installation and the restore of backups is necessary, a direct migration from Vesta to Hestia from existing systems is not supported. |
|
Merging is not possible, and it won't be practical - I wrote here why - https://forum.vestacp.com/viewtopic.php?p=82536#p82536 |
|
But, regardless we can not merge, both forks has very good mutual collaborations - sharing fixes and features... |
|
Then maybe a translation layer is more important, building a way for servers to migrate from one to the other without reinstall. Wondering if it would be possible to use the backup feature to remove vestacp but not it’s data files (maybe move) install hestacp and then import the accounts from backups even if stored externally. A process that can be one script one run to fully switch and keep things like settings, name servers, packages and so on that make it a pain to just start from scratch without a lot of downtime. A script that can move as many settings as it can before wiping and going over the user files list and recent backups to do restores would improve the migration making it many times faster. |
|
@anthonyrossbach I would not say that this is impossible, but it would need a lot of work to get it working properly - due to the massive changes we did, our advice was always to install on a fresh system. If you would find time to do some testings, that would be awesome and a big help for the community! Probaly all you need to know is the changed installers (https://github.com/hestiacp/hestiacp/tree/master/install) and also the upgrade steps (https://github.com/hestiacp/hestiacp/tree/master/install/upgrade/versions). |
|
You can convert Vesta to myVesta easily - https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/convert-vesta-to-myvesta.sh |
|
I may for our internal use do exactly that @ScIT-Raphael. We do use DigitalOcean and a modified vestacp that has been minified (removed panel and so on). The downside to @dpeca's solution (I have that saved also as reference and will be looking into using it as a starting point) is that we use Ubuntu for everything. The up side is our backups are external on B2 and we have our own systems for managing resources on the servers so we can actually use DO to reset the image and install and restore from VestaCP backup files on B2. The only downside is a few things missing from HestaCP that we use ATM (last time I checked) like B2 backups although I may just provide our changes to the main HestaCP as a pull request. I just really personally liked the simplicity of VestaCP and am always in the mind set of less is more when it comes to the size of the panel and changes, making it easer to solve problems that arise (but that is me). I really do appreciate the input on this even though it did not fit with the original statement of this issue but hopefully it results in a method for everyone to migrate. |
That's the absolut right way to go, we would love to implement it - also the backup engine hasnt changed much, so it would be probaly only a copy and paste of your existing code. I would also love to discuss with you, what else you miss in hestia. If you want, you can send us a short mail to info@hestiacp.com - so I could invite you to our slack group. |
|
Hi, |
|
Ok, good luck. But don't forget to also add support for Ubuntu 20.04. But prior of all that, please - PLEASE release a new version with the patches @dpeca already added. Just in case you mean it serious... |
|
@ScIT-Raphael I may take you up on that. Also @anton-reutov yes, from all indication Vesta is dead as the last update was in October, and before that it was almost the start of the year. Not a single security patch has been pushed out that has been added to the repository so users are forced to patch files by hand. If it's not dead then allow someone else to actually push the changes out and support users instead of leaving them to figure it out on there own. |
|
Not easy to merge, but it is possible with a little time... The goal is to have a real software with all OS compatibilities (not only Debian or not only Red Hat, etc.). |
|
Dear @anton-reutov and @serghey-rodin, I think that it is time to move this project in a real developer team which will permit to have a future about Vesta CP. Like you can see, we are several to want it... Currently, all people which use Vesta CP are not safe. Thanks in advance. |
|
@Neustradamus @dpeca stated already his situation and pointed to the forum thread - currently I dont think there is anything to merge. Hestia will stay Hestia, MyVesta will stay MyVesta. The communication between our two forks is awesome, we do not see us as competitor. |
|
@Neustradamus But, even if he gives me full rights to do whatever I want with code (to build new features), I would NOT accept it, because I don't have time to maintain CentOS and Ubuntu support. Once again, I can help only with Debian. |
|
Why merge when really for it's use Hestia is the larger and more feature rich version as it is, it makes no sense to spend the time to move anything over anything or try and replace the original VestaCP as any future install can just use HestiaCP @Neustradamus. The only upside we can hope for now is a easy transition path for older installs that may be to large to reliably replace without massive downtime. |
|
I agree with @dpeca and think the core is fully dead at this point and takes to much time to work on with a small team, thats why if we cant have the best option for keeping VestaCP alive we should move towards easy migration paths and work on improving the other 2 alternatives. I know I will in a few weeks or a month start porting over my modifications and changes to HestiaCP and start doing pull requests with new features and modifications (that are generic for everyone). |
|
I love VestaCP because it has the lowest system requirement amongs other web control panels. You can install it on a server less than 1GB RAM. The UI was fast and I really like it. I remember last time, I bought a complete set of addons feature just to support devs even that time I knew that VestaCP was not ready for production because of many security flaws. So I gave my trust and time to devs but I was surprised they couldn't make it on time until people started to talk deep about security in VestaCP and that issue went viral over the internet. That time I even felt sad, when he said that he is not gonna rewrite codes for basic security practice because of thousand line of codes. That was the time when I felt VestaCP is dead. As a server administrator I still want VestaCP because of the system requirement, the UI and I do like the marketing team in VestaCP. He should have gave his project to somebody else and let others to rewrite the codes. Now even this project is alive, the bad reputation from the past has damaging the brand name. If security in VestaCP has improved a lot, they should rebrand and I believe many customers from DA and Cpanel will not hesitate to move into "Brand New Vesta CP" |
|
only Serghey has access to the repository and only he can release a new version. We plan to make it possible for each team member to release a new version. |
That's not 100% true, a few days ago RHEL Team explained the new Centos Stream. Fedora will still be the beta one, the next major rhel version. Centos Stream will be the next minor version. That means Centos Stream will receive 8.4 a few days sooner, but they will both receive 9.0 at the same time. "We’re making CentOS Stream the collaboration hub for RHEL, with the landscape looking like this: Fedora Linux is the place for major new operating system innovations, thoughts, and ideas - essentially, this is where the next major version of Red Hat Enterprise Linux is born. CentOS Stream is the continuously delivered platform that becomes the next minor version of RHEL. RHEL is the intelligent operating system for production workloads, used in nearly every industry in the world, from cloud-scale deployments in mission-critical data centers and localized server rooms to public clouds and out to far-flung edges of enterprise networks." |
|
The IT open source community is leaving CentOS and adopting the fork Rocky Linux, made by the same authors. So consider CentOS dead as:
Instead Rocky Linux is the way to go. What is the Rocky Linux project? What do you mean, "its downstream partner has shifted direction?" So where does Rocky Linux come in? |
|
How is Rocky Linux a way to go while all it has is a README in it's repo? Wait for working build at least. |
|
|
@dpeca , @ifaist0s, @anthonyrossbach. Greetings to all. I have read this entire forum from the first comment to the last one and like everyone I thank VESTACP for such an excellent project, it served me too much. But let me also explain why I have had so many package incompatibility failures with CENTOS. I support @dpeca in all his comments he has made here and in the VESTACP forum and on supporting several versions of the operating system for a panel, it is exhausting. I can only ask with deep sadness before making the hard decision to change to VESTACP, which will be and will look more stable in the future to replace VESTACP, between MYVESTACP or HESTIACP? Thank you. |
I think this has already been discussed above, but the list in this issue is now quiet long :). MyVestaCP "only" supports Debian 10 and is the project from @dpeca, which he makes available to the public because he was asked for. HestiaCP supports all (LTS) versions of Debian and Ubuntu, which are not EOL - the development team is a bit bigger and we also have made more changes, in special to features like 2FA, MultiPHP, MailSSL, and so on. Both, @dpeca and the Hestia Devs, are in direct contact to discuss and fix security and other issues - we are not rivals. I would suggest that you have a look at both projects and take that which will fit better to your needs :). |
You can read my post - https://forum.myvestacp.com/viewtopic.php?f=23&t=88 In short:
We can not say what will be better for you. |
|
Hi. MyVesta and Heatia work with Debian 10. This debian suit for VDS 4gb memory? Now I use centos 6.5 and all work well. Hestia has nginx template for prevent DOS, limit email and secret URL? Which function has MyVesta which not has Hestia? |
|
@Shaman2
I think it's the same for both VestaCP/myVesta/HestiaCP As far as I know:
... those features are features of myVesta. |
|
New front-end interface for VestaCP and FM plugin already done. |
|
dpeca, how we can test the Debian 10 ? |
How about release new packages to the repository to fix the current exploits instead promising new features that arent visible on any github branch? |
As I already described you in private message on forum before few months: Use the installer and apt repo from my fork (myVesta fork) : It will run installer that is adapted for Deb10 ( https://github.com/myvesta/vesta/blob/master/install/vst-install-debian.sh ) and it will also use vesta-nginx and vesta-php that are compiled for Deb10. but, anyway, you can also compile vesta-nginx and vesta-php by yourself - https://github.com/myvesta/vesta/blob/master/src/deb/vesta_compile.sh |
|
@dpeca , @anthonyrossbach, Thanks for the answers and it is clear to me that we are in the community and the idea is to cooperate so that it grows, I am a big fan and lover of Open Source solutions such as: Ubuntu in its versions, Pfsense, Endian, Proxmox, Elastix (today Issabel), Zentyal, openmediavault, etc, etc, etc. I hope these two projects prosper and are more solid. even more so if you have the collaboration and cooperation between MYVESTACP and HESTIACP that exists today. I wish the best of lucks. I will try both and I will give you my points of view and hopefully I can, why not, contribute to improvements. Greetings. |
But you dont support 2FA, I right? Which panel has on one server nginx+php-frm and nginx-apache-php-fpm for different sites? |
Right, Hestia has 2FA.
It's possible in myVesta but with few steps - example: https://forum.myvestacp.com/viewtopic.php?f=2&t=314 |
so I default setup "apache yes, nginx yes, php-fpm yes" ? |
|
@Shaman2 I would suggest to switch over either to myvesta or hestiacp forum for your questions :). |
|
@anton-reutov may I suggest to compile and release new packages or reopen this thread? There are thousands of vesta servers with unfixed exploits in the wild! |
Hi, |
|
Looking forward to your update tomorrow, don't let hang the users an additional year. If you do it, you should consider to stop the project or atleast inform the users about the current security issues. |
|
@anton-reutov If you speak him please inform him to renew vestacp.com it is about to expire... |
|
Ok |
and others
I tried to get this answer on forum - https://forum.vestacp.com/viewtopic.php?f=10&t=19905 - but nobody from official members replied.
I'm just trying to get their attention - if they are live.
The text was updated successfully, but these errors were encountered: