A full-featured hosting control panel built on CodeIgniter 4, engineered for performance on RHEL-based servers. Two-panel architecture, complete LEMP stack management, and a native WHMCS module for automated provisioning.
Nginx reverse proxy → Apache backend → per-user PHP-FPM socket isolation
2
Control Panel Ports
User :2082 · Admin :2083
7+
PHP Versions
7.3 through 8.3 via Remi
6
App Installers
WP · Joomla · Drupal · Laravel…
REST
API + WHMCS
Full provisioning integration
Two independent interfaces — one for hosting account owners, one for server administrators — served on separate ports with isolated session management.
User Panel
Port 2082 · HTTPS · CI4 Shield Auth
Admin Panel
Port 2083 · HTTPS · Isolated session
Everything included
Every component a modern shared hosting environment needs, tightly integrated and shipped as a single deployable panel.
Main domains, addon domains, and subdomains — each with their own document root, PHP version, and Nginx/Apache vhost generated automatically.
Full BIND DNS server integration. Zones created automatically on account creation. DKIM TXT records added per domain. Recreate zones with one click.
Postfix + Dovecot with virtual mailboxes. DKIM signing via OpenDKIM. Forwarders, autoresponders, and per-mailbox quotas. Roundcube webmail with auto-login.
Create and manage MySQL databases and users with per-account prefixing. phpMyAdmin integration. Credentials stored encrypted for WHMCS sync.
PHP 7.3 through 8.3 via Remi SCL. Each domain runs in its own PHP-FPM pool under the account's Unix user. INI overrides configurable per domain.
One-click Let's Encrypt certificates via Certbot. Auto-renew hooks. Nginx SSL vhost generated with HTTP→HTTPS redirect and HSTS-ready headers.
Full, files-only, or database-only backups. Per-type 2-file limit with auto-rotation. Restore to original state. Import CWP and cPanel backups with credential preservation.
Deploy Node.js applications on custom ports. PM2-backed process management with start, stop, restart, and live log streaming via Nginx reverse proxy.
One-click installers for WordPress (WP-CLI), Joomla, Drupal, Laravel, CodeIgniter 4, and Grav CMS. Auto-creates database, config, and sets correct permissions.
Browser-based file manager with upload, download, rename, delete, permission editing, and inline code editor. Runs as the account user via PHP-FPM.
Cron job manager with GUI schedule builder. Jobs run under the account user's crontab. Common PHP CLI scripts detected automatically.
ProFTPD-backed FTP account management. Per-account users with chroot jail, configurable directory access, and password management.
Managed services
KWP installs, configures, and manages the full stack of services required for a production web hosting environment.
Nginx
Frontend reverse proxy · Static files · SSL termination
Apache httpd
Backend PHP host · Port 8080 · .htaccess support
PHP-FPM (Remi SCL)
7.3 · 7.4 · 8.0 · 8.1 · 8.2 · 8.3 · Per-user sockets
MySQL
Per-account databases · Root credential management
Postfix
SMTP delivery · Virtual mailboxes · IPv4 enforcement
Dovecot
IMAP / POP3 · Maildir++ · Per-domain passwd files
BIND (named)
Authoritative DNS · Auto zone creation · DKIM TXT records
OpenDKIM
2048-bit DKIM key generation · Per-domain signing
Roundcube Webmail
1.6.x · SQLite session DB · Panel auto-login plugin
Fail2ban
Brute-force protection · Admin-managed ban/unban rules
Certbot (Let's Encrypt)
Webroot ACME challenge · Auto-renewal hooks for Nginx
PM2 + Node.js
Process management · Live logs · Auto-restart on crash
Built with care
KWP is built on CodeIgniter 4, leveraging its lightweight MVC architecture and powerful query builder. The panel uses CI4 Shield for authentication (including 2FA), a SQLite3 database for all panel metadata, and Tailwind CSS for a responsive, dark-first UI that works across all modern browsers.
All privileged server operations are executed through hardened sudo-controlled Bash scripts, keeping the web process isolated from root-level system changes. The panel ships with a complete one-script installer for AlmaLinux 8 / RHEL-compatible systems.
Panel DB: SQLite3 at /var/www/kinsmen-panel/writable/kinsmen_panel.db
Auth: CI4 Shield — email/password + optional TOTP 2FA
UI: Tailwind CSS · Dark/light mode · Font Awesome icons
Security: CSRF tokens, ACL isolation, open_basedir, disable_functions
OS: AlmaLinux 8 (RHEL-compatible) · systemd service management
CodeIgniter 4
MVC · Shield · Migrations
Tailwind CSS
Dark-first · Responsive
SQLite 3
Panel metadata DB
MySQL
Account databases
Bash Scripts
Privileged via sudo
CI4 Shield
Auth + 2FA + sessions
AlmaLinux 8
RHEL · systemd
ModSecurity
WAF per domain
Automation & Integration
KWP ships with a full REST API and a native WHMCS provisioning module, enabling automated hosting lifecycle management.
REST API
Bearer token authentication · JSON responses
All endpoints require a server-level API key passed as a Bearer token. Keys are managed from the Admin Panel.
WHMCS Provisioning Module
Native module — full account lifecycle automation
CreateAccount
Provisions a new hosting account on order activation. Sets package, disk quota, and PHP version from WHMCS configurable options.
TerminateAccount
Removes the hosting account, all files, databases, email accounts, DNS zones, and PHP-FPM pools on termination.
SuspendAccount / UnsuspendAccount
Blocks web traffic and disables services on suspension. Fully restored on unsuspend — no data loss.
Single Sign-On (SSO)
One-click login to the user panel and Roundcube webmail directly from WHMCS client area — no password re-entry.
ChangePackage
Adjusts disk quota, bandwidth limits, and resource parameters when a client upgrades or downgrades their plan.
Defence in depth
Every layer is hardened — from the web process to the filesystem to outbound email.
User Isolation
Each account's PHP-FPM pool runs as its own Linux user. open_basedir restricts filesystem access to the account's home.
ModSecurity WAF
Web Application Firewall enabled per domain via Apache. Toggleable from the panel without restarting services.
Email Authentication
SPF, DKIM (2048-bit per domain), and DMARC ready. PTR records enforced, IPv4-only delivery to avoid missing rDNS.
Dotfile Protection
Nginx and Apache block direct HTTP access to all hidden files (.env, .git, .htaccess, etc.) at both proxy layers.