Better understanding what is FOSSBilling today (August 2023)

bfred

I run a web development business where I also provide domain name registration and hosting. I currently only do this for my customers. Using Gandi as a registrar .com prices (not only) have been going up tremendously and I started to look around. This also got me thinking to expand my market in my area and provide name registration and hosting to 'anyone' interested, then eventually provide my extra services to those customers (who knows...).

I was initially looked into WHMCS but after going to their website the $18.95 monthly cost made me wonder about alternatives.

Boxbilling seemed to be a highly rated software but is no longer maintained, which led me to FOSSBilling. I played a bit with it and have a few question:

- Everywhere I read "not yet recommended for use in active production" so does it mean I really should not consider this for my business now?

- Should I then start with BoxBilling?

- I also read the discussion on getting fund in the forum and looked at the page on Open Collective and while $5/month is very reasonable (similar to boxbilling) the next increment is 20 times more. While I would have no problem giving those $5 when I start, giving $100 is a big step and maybe you should consider $10, $15, etc...

- Assuming using FOSSBilling to start my small 'new' business is ok, then testing my elected registrar for now (namesilo) is not supported. I guess I could switch as it's the one I selected based on a discussion on WHMCS forum. Though I saw it is on the roadmap, Boxbilling had it, adding it crashes the running FOSSBilling install... but hey, I took my chances. Is there any way to add it manually based on the current php file from Boxbilling or I should just wait?

- I also was under the impression I could have any 'marketing' website and WHMCS or it's equivalent would plug into some pages to do the interface between registrar, Cpanel and my website. Looking at the installation I did (in crashed state right now) it seems everything runs from FOSSBilling. Did I get that right or am I missing something?

Thank you again for taking over what seemed to be a great software and doing so much to make it live. I hope I didn't write too long or too stupid questions and am looking forward to reading from someone who knows better...

Cheers

Fred

BelleNottelling

Hello Fred, welcome to the FOSSBilling forum.

Everywhere I read "not yet recommended for use in active production" so does it mean I really should not consider this for my business now?

It means exactly as it says. We do not recommend you use this in a production environment yet and we recommend people wait until we release version 1.0.0. We cannot and will not suggest people use it before then.

Should I then start with BoxBilling?

In my opinion, using BoxBilling would be a significant mistake. It was initially abandoned in 2015 and went 5 years with no updates. After those 5 years, it got an update to remove the license check to reflect that it was abandoned and now considered OSS software.

In the 3.5 years since then, it got a handful of updates which mostly allowed it to function on versions of PHP that were at the time modern and getting security patches, fix a few bugs, and patch a few security vulnerabilities. It has not gotten an update in over a year and it likely will never get another one as the people who help publish those final releases have since moved onto the FOSSBilling project (myself being one of those individuals).

For clarification, FOSSBilling is built off of the BoxBilling source code, but it has had a very significant amount of work put into it and it far superior to BoxBilling even in the current state which we consider incomplete and to be beta status.
There has been over 1.5k commits to the repository (these are changes, some small, some massive) since we started the project. We've brought in proper support for modern PHP versions, fixed probably around 100 bugs, made it significantly more secure, and countless of other improvements.

If you do try to use BoxBilling, you should realize most of it hasn't been updated since 2015, that it is buggy, and that it is insecure. The FOSSBilling project itself has fixed 16 security vulnerability reports, 14 of which originate from BoxBilling code and therefore also apply to it. That also doesn't count security vulnerabilities we've resolved on our own that never got a vulnerability report nor does it take into consideration the efforts we've made to strengthen the security of the core application with additions such as some basic protection for session hijacking, properly securing cookies, and session expirations. There are also dependencies that may have had security vulnerabilities which we have updated & therefore resolved.

I would have no problem giving those $5 when I start, giving $100 is a big step and maybe you should consider $10, $15, etc...

These higher quantities you mention are donation tiers that include additional benefits. If someone doesn't want to donate that much, they can at any time donate any quantity they wish in a either single or recurring payment setup.

$5/month is very reasonable (similar to boxbilling)

I don't know where you are seeing a spot to donate / pay for BoxBilling, but you shouldn't do so in any situation. The software itself is 100% free as of years ago is you are being scammed if you pay for a license for it. If it's a donation, that was supposed to be removed from the repository many years ago as AFAIK the money went directly to Andrius Putna (@fordnox on GitHub). He does not make any effort to actively maintain BoxBilling and hasn't done so since 2015 and earlier. Unless the future of BoxBilling changes rather unexpectedly, any money given to the project will do nothing except pay for someone to get some coffee for themselves.

To re-iterate it: donations to BoxBilling have not done anything for the project for many years and Andrius himself was suppose to completely remove any donation links for it years ago.

Though I saw it is on the roadmap, Boxbilling had it, adding it crashes the running FOSSBilling install

You mean this one?
https://github.com/boxbilling/extensions/blob/master/bb-library/Registrar/Adapter/Namesilo.php

It's 5 years old, not sure if it'll even work inside of BoxBilling anymore. But due to the significant work we have done, most things written for BoxBilling are incompatible with FOSSBilling and need to be ported to it to handle the breaking changes we have made. We won't provide support for anything originally written for BoxBilling, but if you know how to program you can use our changelog to see what breaking changes have been made and attempt to update it.
Most likely, only the 0.5.0 breaking changes matter for this.

Though I saw it is on the roadmap

Not sure where you saw it on the roadmap. We have a list of ones the community has requested, however that's in no way a commitment to implement all of them. That's there to help keep track of them and ideally make it easier to judge which ones would have the greatest effect if we did implement one.

I also was under the impression I could have any 'marketing' website and WHMCS or it's equivalent would plug into some pages to do the interface between registrar, Cpanel and my website. Looking at the installation I did (in crashed state right now) it seems everything runs from FOSSBilling. Did I get that right or am I missing something?

There are a few ways to embed FOSSBilling in a separate website.
Open option is to use the included "embed" module, however this relies on features such as iFrames and is to the best of my knowledge, somewhat clunky and incomplete.
The other two options are:

Build a new theme for FOSSBilling (complex, time consuming)
On your main website, give a direct link to the product inside of FOSSBillng. For example: https://billing.example.com/order/2. These links are available for all products by going to their "links" tab.

Hopefully that clears things up for you and answered all your questions.
Take care!

bfred

Wow… well thank you for that very complete answer. I see I was unclear about those $5 to boxbilling. I did understand it was no longer maintain and was just saying it was a very reasonable amount to get started (and so you have it too, albeit not allowing extra features as everything is already inside FOSSBilling). I also missed that the custom donation could actually be set as a recurrent payment. Thank you to clarify this for me.

So right now no one is every using FOSSBilling in production? That is limiting the 'bug discovery process' a lot I would think ;-)

Well… thank you again and I will think about all this a little bit more then.

Fred

S4-John

bfred So right now no one is every using FOSSBilling in production? That is limiting the 'bug discovery process' a lot I would think ;-)

There are definitely people out there using it on live production sites (and discovering bugs). As it stands right now FOSSBilling is without any doubt far more stable and secure than BoxBilling was/is, it's also becoming significantly more secure and stable with each new release.

So, it's not impossible to use it in a production environment, it is just not officially advised, and it isn't going to be until 1.0 which we are still some way from. You can get away with using it as long as you bear in mind that it is still very much beta software, that there will be bugs, anomalies, and things you will need to find solutions and workarounds for.

We aren't going to actually recommend it for production use until we have got a few more of those things ironed out, partially because nobody wants to use software that breaks things, and partially because a release that is out of beta seems to bring a sense of entitlement from users, whether it is free and open source software or not, and dealing with all of the "This broke, you need to fix it for me NOW" is just something that nobody who volunteers their time and effort wants to deal with.

Use it if you are happy with those caveats, and you might find that it does everything you need right now, certainly better than BoxBilling would. Just remember that it is in active development, be prepared for breaking changes, and never update a live site without testing in a staging environment first and making more backups than you think you need.