Top-level: /opt/shm

• certificate/ — TLS materials for panel endpoints (ports 882/883/884): key.pem, cert.pem, chain.pem, fullchain.pem.
• logs/ — panel & job logs (rotated): access.log*, error.log*, login.log*, autossl.log*, update.log*.
• public/ — SHM web application (UI & endpoints).
  • Key entries: index.php, login.php, logout.php, submit.php, menu.php, header.php, footer.php.
  • Feature dirs: account/, server/, api/, assets/, functions/, vendor/.
  • Helpers: cli.php, cron.php.
• phpmyadmin/ — embedded phpMyAdmin instance (served on port 884 when enabled).
• roundcube/ — embedded Roundcube Webmail (served on port 883 when enabled).
• scripts/ — integration utilities invoked by SHM: dns_sync.sh, dovecot_auth.php, pureftpd-auth.php, rebuild_exim_maps.php, set_permissions.sh.
• services/ — panel-bundled service assets: nginx/, php/, node/.
• sessions/ — PHP session storage for SHM and embedded apps (numerous sess_* files).
• users/ — per-account working areas (one directory per account ).
• vftp/ — virtual-FTP backend data (Pure-FTPd DB pureftpd.pdb, utility scripts like pure-certd.sh).
• zones/ — domain zone definitions tracked by DNS Manager (YAML per zone).

Private state: /opt/shm/.shm

• accounts/ — per-account metadata files (account_*.yaml) and locks during mutations.
• certificates/ — per-account certificate state (YAML).
• configuration/ — platform configuration snapshots: config.yaml, services.yaml, monitor.yaml, remote_backup.yaml, version.yaml (with dated backups).
• listing/ — cached inventories for fast counts/lists: accounts.yaml, addons.yaml, parked.yaml, subdomains.yaml, emailaccounts.yaml, databases.yaml, dbusers.yaml, ftpaccounts.yaml, plus helpers like public_suffix_list.dat.
• packages/ — package and reseller definitions (package_*.yaml, reseller_*.yaml).
• playbooks/ — automation units the panel runs (installers, generators, account/domain/email/FTP operations, SSL tasks; includes dynamic/ and templates/).
• progress/ — operation progress markers (create_account.txt, delete_account.txt, progress.txt).
• resellers/ — reseller-scoped settings (e.g., account_*.yaml).
• scripts/ — support scripts used by playbooks and services: check_rate_limit.sh, dns-authenticator.sh, dns-cleanup.sh, jailmanager.sh.
• secrets/ — sensitive keys/tokens (e.g., dovecot_master.pass, roundcube_sso.key).
• services/ — service-specific assets (e.g., jail tooling).
• update/ — pre/post update hooks (pre-update.php, post-update.php).
• usage/ — per-account usage tracking (one directory per username).
• zones/ — zone data handled by DNS features (YAML per zone).

Tree Structure

/opt/shm
├─ certificate/         # panel TLS (882/883/884)
├─ logs/                # access/error/login/autossl/update
├─ phpmyadmin/          # web SQL UI (884)
├─ public/              # SHM web app (UI, endpoints, functions)
├─ roundcube/           # webmail (883)
├─ scripts/             # integration scripts
├─ services/            # bundled nginx/php/node
├─ sessions/            # PHP session storage
├─ users/               # per-account working dirs
├─ vftp/                # Pure-FTPd data
├─ zones/               # DNS zone YAML
└─ .shm/
   ├─ accounts/         # account_*.yaml
   ├─ certificates/     # per-account cert state (YAML)
   ├─ configuration/    # config.yaml, services.yaml, monitor.yaml, ...
   ├─ listing/          # cached inventories
   ├─ packages/         # package_* / reseller_*.yaml
   ├─ playbooks/        # ops units (install, create, generate, ssl, ...)
   ├─ profiles/         # profile_*.yaml
   ├─ progress/         # progress flags
   ├─ resellers/        # reseller configs
   ├─ scripts/          # helper scripts
   ├─ secrets/          # credentials/keys
   ├─ services/         # service assets
   ├─ update/           # pre/post update hooks
   ├─ usage/            # per-user usage
   └─ zones/            # zone data

Logs (common locations)

• Web: /var/log/nginx/, /var/log/httpd/
• Mail: /var/log/maillog, /var/log/exim/, /var/log/dovecot/
• DB: /var/log/mariadb/
• DNS: /var/log/pdns/
• Panel/app: standard system logs plus any app-specific logs under platform paths.

Accounts & jails

• /home/<user>/ — typical layout:
  • public_html/ — primary web root.
  • logs/ — per-site access/error logs (if exposed to users).
• /home/.jailshell/<user>/ — chroot for shell access; includes minimal /etc/, /bin/, /usr/ and profile snippets. Cross-account browsing is blocked.

Runtime toolchains (/usr/local/synconix)

• /usr/local/synconix/php56, php80, php81, php84, … — full SCL-like trees with their own bin/, lib/, etc/php.ini, and extensions.
• Each account maps to a dedicated PHP-FPM master (e.g., user-php80, user-php81) that serves only that account, loading from the account’s chroot.
• Optional compatibility libs (e.g., OpenSSL toolchains) may be placed under vendor subpaths if required by legacy PHP builds.