For about 6 years I've pon­dered the nature of web host­ing con­trol pan­els. When I ran a web host, I played with CPanel, Plesk, and Direc­tAd­min. I've since dab­bled in the open source waters of Web­min and User­min, and of late I've even poked at VHCS and Open­Panel. I have, to date, not seen a sin­gle con­trol panel that is pre­cisely what I want (with Direc­tAd­min com­ing clos­est, and almost being a win­ner if not for its tiered reseller model aaaaannnd price tag). The real stick­ing points come down to the fact that I want:

• The con­trol panel to write human-readable, rea­son­able con­fig­u­ra­tion files: This is where Web­min falls down on the job. The con­fig files are valid, but god are they awful to read.

• No men­tion or hint of reseller any­thing: I just want admin­is­tra­tive accounts run­ning the show and hosted accounts with domains linked to them. Maybe some way for the hosted to mon­key with the non-essentials of their own accounts. So on the grounds of overkill, pretty much every com­mer­cial panel fails my sim­ple needs.

• Email sup­port for some­thing that's not anti­quated: some pan­els use qmail (or some ver­sion therein, which hasn't had a proper update in years), some use send­mail (which is older than dirt and half as secure), and some use what­ever the fla­vor of the month is (read: what­ever ships on the sup­ported OS dis­tro). Me? I'm a post­fix guy. I'm not wed­ded to it per se, but it's updated, fea­ture packed, works well and its con­fig­u­ra­tion is only mod­estly arcane (qmail, by the way, fails due to hav­ing an arcane con­fig­u­ra­tion file struc­ture that doesn't plug into antivirus or spam very easily).

  Regard­ing IMAP and POP sup­port, I find that these pan­els often use their own "ques­tion­able" clients, or rely on courier. There isn't really any­thing wrong with that, I just like dove­cot more (to be fair, Direc­tAd­min sup­ports dove­cot last I checked).

  I don't want to even get started with autho­rized SMTP sup­port from these pack­ages. God, the hor­ror.

• No byzan­tine depen­den­cies: Don't tell me that I need some god awful fos­silized encryp­tion library or ldap to make this sys­tem work.

  "Lis­ten here, Mr. Con­trol Panel, I don't use LDAP, and unless that is what you're using as a back­ing store for your host­ing infor­ma­tion, nei­ther should you."

To that end, I've begun play­ing with Ruby and Thor to whip up some sim­ple add/delete scripts (with ini­tial suc­cess!), and the biggest stum­bling block I've encoun­tered so far is just pars­ing out the accounts that exist.

The Apache con­fig­u­ra­tion file for­mat is… archaic in its own right, being nei­ther XML nor attribute: value pairs. It's read­able, but there is a rea­son that an entire perl pack­age (HTTPD::Config, which may or may not exist any­more) was pro­duced just to scrape httpd.conf files.

I fear that with­out step­ping back a lit­tle and engi­neer­ing a proper solu­tion I'm just going to wind up reim­ple­ment­ing what I encoun­tered when I did overnight sup­port for Real­ity Check Net­works (no link pro­vided, because, well, you know. Those dudes…).