Astral 360 Astral Toolbox

Installation

One-line install, installer options, DNSOnly support, updates, and uninstall for Astral Toolbox.

Astral Toolbox installs on any cPanel/WHM server (full installs and DNSOnly nodes) running AlmaLinux. Everything runs as root.

Requirements

  • A cPanel/WHM (or cPanel DNSOnly) server — detected via /usr/local/cpanel/whostmgr/docroot/cgi/.
  • Root shell access.
  • Binaries: curl, unzip, sha256sum, install (all present on a stock cPanel install).
  • PHP CLI: the installer prefers cPanel's bundled interpreter /usr/local/cpanel/3rdparty/bin/php and only falls back to php on the PATH. No EasyApache/system PHP is required — this is what makes DNSOnly installs work (see DNSOnly notes).

Quick install

Run as root. Three flavours, depending on how much control you want:

# 1) One-liner — non-interactive (no TTY through the pipe). Installs core only.
curl -fsSL https://static.astralinternet.com/WHM-Toolbox/install.sh | bash

# 2) One-liner with explicit store extensions (auto-enabled after install).
#    (search-logs ships in the core zip, so it's always present already.)
curl -fsSL https://static.astralinternet.com/WHM-Toolbox/install.sh \
    | bash -s -- --extensions=mail-disk-space,server-monitoring

# 3) Interactive: download then run. The installer fetches the catalog and shows
#    an in-terminal checkbox menu of the extensions available for this server
#    (arrow keys navigate, Space toggles, Enter confirms).
curl -fsSL https://static.astralinternet.com/WHM-Toolbox/install.sh -o install.sh \
    && chmod +x install.sh && ./install.sh

Once finished, log in to WHM and look for Astral Toolbox in the sidebar (Plugins section).

Extensions this server's IP is not authorized for are silently skipped — the exit code stays 0.

Installer options

Flag Effect
--extensions=slug1,slug2 Install and enable the named Store extensions. The server must be authorized for them. Skips the interactive prompt.
--non-interactive, -y Skip the interactive prompt; install core only. Implicit when stdin is not a TTY (e.g. curl \| bash).
--no-autostart Install without dropping the /etc/cron.d/toolbox-auto-update cron (the core still installs; updates become manual-only).

What the installer does

  1. Resolve the latest core release — polls https://static.astralinternet.com/WHM-Toolbox/core/manifest.php for the newest version, zip URL and checksum URL. Versions are never hard-coded.
  2. Download & verify — fetches the core zip and its .sha256 file, and aborts on any checksum mismatch.
  3. Extract & register — unzips to /usr/local/cpanel/whostmgr/docroot/cgi/toolbox/, makes toolbox.php executable (required on DNSOnly), pre-enables all bundled extensions on a fresh install, copies the sidebar icon, and registers the plugin with WHM: /usr/local/cpanel/bin/register_appconfig .../install/toolbox.conf
  4. Install the auto-update cron (unless --no-autostart) — drops /etc/cron.d/toolbox-auto-update with a randomized minute and 4-hour cycle offset so a fleet of servers doesn't hit the update server simultaneously. Re-running the installer never overwrites an existing cron file (delete it first to re-randomize).
  5. Install requested extensions — fetches the catalog (.../extensions/catalog.php, filtered by server IP), downloads each <slug>-<version>.zip, verifies its SHA-256, validates the archive structure (no absolute paths or .. escapes), extracts into extensions/<slug>/, and enables it.

Migrating from the legacy plugin

If /usr/local/cpanel/whostmgr/docroot/cgi/toolbox/ already hosts the older (v1) WHM-Toolbox, the installer detects it (absence of core/Kernel.php) and cleans it up before installing: legacy AppConfig registrations (toolbox, toolbox2), old cron drop-ins (toolbox-auto-update, toolbox-mail-scan), the cPanel resource-usage Perl hook, addon icons, and the plugin tree itself. Interactive runs prompt before removal; curl | bash runs remove automatically.

Security note

The one-liner trusts DNS + TLS to deliver an authentic install.sh. The script itself then SHA-256-verifies every archive it downloads, so a tampered archive cannot reach disk silently. If you operate in a hostile network where you don't trust DNS resolution, use flavour 3 (download, inspect, run).

cPanel DNSOnly servers

Astral Toolbox is DNSOnly-native as of core 2.0.12:

  • DNSOnly ships no EasyApache / user-facing PHP — the php wrapper on the PATH fails with "Default PHP is not configured!". The installer (and every cron the plugin writes) therefore uses cPanel's internal interpreter /usr/local/cpanel/3rdparty/bin/php, which exists on every cPanel and DNSOnly box.
  • The plugin entry point carries a #!/usr/local/cpanel/3rdparty/bin/php shebang and is installed executable, so cpsrvd can run it without a system PHP handler.
  • On a DNSOnly node most extensions have little to do (no /home accounts, no mail, no MySQL websites). Server Monitoring is the extension that makes sense there.

Tip: if you mirror install.sh or the release zips to your own CDN, upload them in binary mode. An ASCII-mode upload converts line endings to CRLF and breaks both bash (\r: command not found) and the PHP shebang.

Updates

Automatic (default)

  • /etc/cron.d/toolbox-auto-update runs cron/auto-update.php every 4 hours (randomized schedule per server).
  • It updates the core and every installed Store extension, with the same checksum verification as the installer.
  • Controlled by the Automatic updates toggle in Options → Version (the cron stays in place; the script no-ops when disabled).

Manual

From Options → Version:

  • Check for updates — clears the version cache and polls the update server.
  • Install update — downloads and applies the new core immediately (your data — var/state.json, extension *.user.json overrides — is preserved).
  • Reinstall current version — replaces every core file on disk; useful if a previous update was corrupted.

Store extensions are updated from Options → Store (an Update button appears next to any extension with a newer catalog version).

Adding & removing extensions

See Core configuration → Store for the full walkthrough. In short:

  • Add: Options → StoreInstall next to the extension. It downloads, verifies, extracts and enables in one step.
  • Remove: Options → StoreUninstall. The extension directory is removed, but any *.user.json settings files are preserved for a future reinstall.
  • Disable without removing: Options → ExtensionsDisable (keeps files and settings on disk).

Uninstalling Astral Toolbox

From the UI

Options → Version → Uninstall WHM-Toolbox (danger zone). This fires every enabled extension's onUninstall() hook (removing their cron drop-ins), then a background script unregisters the AppConfig, removes all /etc/cron.d/toolbox-* files, the addon icon, and the whole plugin tree. Your browser is redirected to the WHM home a few seconds later.

From the CLI

rm -rf /usr/local/cpanel/whostmgr/docroot/cgi/toolbox/
/usr/local/cpanel/bin/unregister_appconfig toolbox
rm -f /var/cpanel/apps/toolbox.conf
rm -f /etc/cron.d/toolbox-*

The log files extensions wrote under /var/log/toolbox-*.log are left in place (harmless); delete them manually if you want a spotless server.