AuraPanel Product Documentation

Detailed technical guide for architecture, security, operations and migration.

This documentation is built for infrastructure teams, hosting providers, agencies and operators who need a clear view of how AuraPanel works in production and why its architectural decisions differ from standard panel patterns.

Turkish documentation: docs-tr.html

Start with Installation Open Operations Runbook

Docs Coverage

Primary Sections

Comparison Lenses

Migration Phases

Runbook Checkpoints

Contents

Documentation map

Architecture and boundaries Runtime modules Security model Installation and bootstrap Operations runbook Migration strategy Panel comparisons Frequently asked questions GitHub and wiki resources

Architecture

Control plane and serving plane are intentionally separated.

Layered Flow

Browser -> API Gateway -> Panel Service -> Host Services. Each layer has explicit responsibilities and trust boundaries.

Browser
  -> API Gateway
  -> Panel Service
  -> OpenLiteSpeed + Runtime Integrations

Why decoupling matters

Website traffic continuity should not depend on admin panel process lifecycle. This reduces operational blast radius during updates or incidents.

Operational honesty

Endpoints are expected to represent real host-backed behavior. Unsupported features should report explicit non-success responses.

Runtime Modules

Integrated surface for day-0 to day-2 hosting operations.

Website + DNS

Domain onboarding, vhost synchronization, rewrite support, DNS zone and record workflows.

SSL + Security

Certificate issuance, wildcard/custom cert flows, boundary-aware operation controls.

Mail + Database

Mailbox lifecycle, mail routing workflows, MariaDB/PostgreSQL provisioning and tuning.

Backup + Migration

Backup orchestration, MinIO target support, migration upload/analyze/import pathways.

Security

Zero-trust direction with fail-closed behavior.

Authenticate

Protected requests require authentication before privileged actions are evaluated.

Authorize

RBAC boundaries are applied at gateway level to reduce accidental privilege escalation.

Enforce

Unsupported operations should fail explicitly, not silently succeed.

Observe

Smoke checks and operational reports are used to verify real runtime behavior.

Install

Installation and bootstrap sequence

Supported systems

Ubuntu 22.04 / 24.04
Debian 12+
AlmaLinux 8/9
Rocky Linux 8/9

Standard install command

curl -fsSL https://raw.githubusercontent.com/mkoyazilim/aurapanel/main/install.sh | sudo bash

Use staging first for production fleets and apply acceptance checks post-install.

Verified bootstrap mode

export AURAPANEL_RELEASE_BASE="https://github.com/mkoyazilim/aurapanel/releases/latest/download"
curl -fsSL https://raw.githubusercontent.com/mkoyazilim/aurapanel/main/install.sh | sudo -E bash

Runbook

Operations checklist for stable production hosting

Daily checks

Panel/gateway status, OLS health, DNS and SSL success rates, backup status, and high-risk anomalies.

Weekly checks

Security patch review, certificate expiry sweep, restore drill sample, and resource trend review.

Incident loop

Detect, isolate impact, collect evidence, apply minimal fix, validate acceptance, and document root cause.

Change management

Stage first, deploy with version traceability, run smoke checks, preserve rollback path.

Migration

Phased migration from cPanel, Plesk or CyberPanel

Audit

Inventory domains, databases, mailboxes, SSL assets, DNS zones and extension dependencies.

Pilot

Migrate low-risk tenants first and measure acceptance success and operational friction.

Validate

Check DNS, SSL, web response integrity, mailbox flow, DB connectivity and app behavior.

Cutover

Move in controlled batches with clear rollback and communication plan.

Harden

Rotate credentials, enforce updated policies, and retire legacy insecure defaults.

Comparisons

Why AuraPanel and where it fits

Lens	AuraPanel	CyberPanel	cPanel/WHM	Plesk
Architecture Direction	Decoupled control-plane design as a first-class principle	OLS-first practical panel model	Long-standing integrated hosting operations model	Integrated platform with extension-heavy ecosystem
Operational Philosophy	Deterministic automation and endpoint honesty	Simplicity and speed for OLS workflows	Mature workflow standardization	Broad compatibility and managed UX
Security Positioning	Zero-trust defaults and fail-closed behavior target	Core hardening workflows available	Commercial security tiers and tooling	Security coverage through paid modules/extensions
Customization Path	API/gRPC and GitOps-friendly direction	Panel-level plugin approach	Commercial ecosystem integration	Extension marketplace-centric customization
Best Use Case	Teams needing transparent low-level control and modern ops model	Teams centered on OpenLiteSpeed and quick bootstrap	Organizations standardized on cPanel operations	Teams needing broad add-on compatibility

FAQ

Common documentation questions

Can websites stay up during panel updates?

That is a design target based on serving/control-plane separation.

Is this documentation enough for production rollout?

It is a strong baseline. For fleet rollout, pair it with your internal SRE and compliance standards.

Where is API contract detail?

Use the GitHub docs file: api_contract_v1.md.

Where can I ask migration questions?

Use the community page and GitHub issues with clear environment and reproduction details.

Resources

GitHub and wiki resources

Need More Help?

Share your deployment context and we can shape a migration or hardening plan.

Community and issue channels are open for architecture and operations feedback.

Open Community