Skip to Content
DocsCLI Referencefix

qb fix - System Repair

Fix & Repair

Troubleshoot and resolve common system issues effortlessly

The qb fix commands provide a powerful toolkit to address common issues and perform system repairs. With a focus on simplicity and effectiveness, these commands enable you to troubleshoot and resolve various problems that may arise on your server, ensuring smooth and uninterrupted operations.

Column 1Column 2
qb fix python
Multi-version Python (3.11, 3.13) with PEP 668 compliance
qb fix php [VERSION]
Per-application PHP repair, version targeting, apt hold management
qb fix database
Truth-aware user_software reconciler + SQLite symlink repair
qb fix permissions
System groups + /opt/username ownership
qb fix home
User home directory permissions
qb fix dlindex
Re-render per-user nginx download index configs (<user>.dlindex.conf)
qb fix dashboard
Re-run v4 dashboard update pipeline
qb fix version
Complete binary refresh from upstream

Fix Python

Fix Python configuration and install missing extensions:

qb fix python

What it does:

  • Installs/repairs Python build dependencies and runtime packages (pip, docopt, virtualenv, etc.)
  • Ensures compiled Python 3.11 and 3.13 are present and functional, with pip/bootstrap synced
  • Applies PEP 668 safeguards (--break-system-packages when needed) and avoids downgrading system pip
  • Syncs baseline modules across 3.11, 3.13, and system Python; logs FIX_PYTHON to system_log

Distro-specific behavior:

Column 1Column 2Column 3
Debian 12 (Bookworm)
Native (skip install)
Compiled package
Debian 13 (Trixie)
Compiled package
Native (skip install)
Ubuntu 22.04 / 24.04
Compiled package
Compiled package

When to use:

  • Python apps won’t start or show ModuleNotFoundError
  • After distro/OS upgrades that changed Python
  • Broken virtualenvs or missing compiled Python runtimes (3.11/3.13)
  • Before/after installing Python-based QuickBox apps

Applications that depend on Python:

📥

Download Clients

Core apps that rely on Python

DelugeSABnzbdpyLoad

Automation & Media

Core apps that rely on Python

FlexGetBazarrSickChillSickGear
📊

Monitoring & Dashboards

Core apps that rely on Python

TautulliLazyLibrarianMylar3
System Python Updates

Major OS upgrades can break Python applications. Always run qb fix python after upgrading your operating system.

Fix PHP

Repair, verify, and manage the QuickBox per-application PHP stack:

qb fix php                          # Fix PHP 8.1 (default, backward compatible)
qb fix php [VERSION]                # Fix a specific PHP version
qb fix php [VERSION] --hold         # Lock PHP packages to prevent apt upgrades
qb fix php [VERSION] --remove-hold  # Unlock PHP packages to allow apt upgrades

QuickBox uses per-application PHP isolation rather than a single system-wide PHP version. Each application gets its own FPM pool running on the PHP version it requires. The qb fix php command repairs, verifies, and manages all installed PHP versions and their pool configurations.

[VERSION]

Target PHP version to fix. Valid values: 8.1, 8.3, 8.4. Defaults to 8.1 when omitted.

qb fix php 8.4
--hold

Apply apt-mark hold on all packages for the target PHP version, preventing unintended upgrades.

qb fix php 8.1 --hold
--remove-hold

Remove apt-mark hold on the target PHP version, allowing package upgrades.

qb fix php 8.4 --remove-hold
Mutually exclusive flags

--hold and --remove-hold cannot be used together. The command will exit with an error if both are specified.

PHP versions managed:

Column 1Column 2Column 3Column 4
8.1
Default pool + system alternative
ruTorrent, phpMyAdmin
/run/php/php8.1-fpm-{app}.sock
8.3
Reserved (future)
No apps assigned yet
N/A
8.4
Isolated pools
Nextcloud
/run/php/php8.4-fpm-{app}.sock

Full fix (no flags)

When run without --hold or --remove-hold, the command performs a comprehensive repair of the target PHP version.

For PHP 8.1 (when installed):

  • Configures the Sury PHP repository for your distribution (Debian or Ubuntu)
  • Temporarily unholds packages, refreshes apt, and reinstalls/repairs the full extension chain (40+ packages including FPM, CLI, opcache, memcached, msgpack, imagick, intl, etc.)
  • Configures php.ini for both FPM and CLI (upload limits, memory, OPcache, session security)
  • Removes Apache 2 if present to avoid conflicts (QuickBox uses nginx exclusively)
  • Regenerates the php8.1-fpm default pool config and re-enables required modules
  • Cleans up stale SourceGuardian binaries from pre-v4 builds
  • Re-holds PHP 8.1 packages to prevent accidental upgrades; updates the php symlink to php8.1

For PHP 8.4 (when installed):

  • Configures the Sury PHP repository (same as 8.1, idempotent)
  • Temporarily unholds packages, refreshes apt, and installs/repairs the extension chain (including php8.4-apcu, php8.4-mysql, and other 8.4-specific packages)
  • Configures php.ini for both FPM and CLI
  • Enables PHP 8.4 modules and re-holds packages after repair

For PHP 8.3:

  • Currently a stub — runs pool verification only (no apps are assigned to 8.3 yet)

Cross-version pool verification

After repairing the target version, the command also verifies FPM pools for all other installed PHP versions. For example, running qb fix php 8.1 will also check PHP 8.3 and 8.4 pools, and vice versa. This ensures the entire PHP stack is consistent, not just the targeted version.

For all PHP versions (8.1, 8.3, 8.4), pool verification:

  • Checks that the FPM service is enabled and running, restarting it if stopped
  • Queries the database to verify each application’s pool config file exists (e.g., rutorrent.conf, phpmyadmin.conf, nextcloud.conf)
  • Reports the number of active isolated pools per version
  • Flags orphaned installations where a pool directory exists but the FPM service is not enabled
  • Reloads FPM services to pick up any configuration changes

Version hold management

The --hold and --remove-hold flags provide quick-path operations that skip the full repair and exit immediately after applying the hold change.

# Lock PHP 8.1 packages to prevent apt from upgrading them
qb fix php 8.1 --hold
 
# Unlock PHP 8.4 before a planned upgrade, then re-lock after
qb fix php 8.4 --remove-hold
apt-get upgrade
qb fix php 8.4

Holds cover all packages for the target version (e.g., php8.1*) plus shared dependencies like php-pear and libfcgi0ldbl. The full fix operation automatically re-applies holds at the end, so you typically only need --hold after manual apt changes or --remove-hold before a planned upgrade.

Examples

# Default: fix PHP 8.1 (backward compatible with older command)
qb fix php
 
# Fix PHP 8.4 specifically (e.g., Nextcloud showing 502 errors)
qb fix php 8.4
 
# Lock PHP 8.1 to prevent apt upgrades
qb fix php 8.1 --hold
 
# Unlock PHP 8.4 before a planned upgrade
qb fix php 8.4 --remove-hold

When to use:

Use qb fix php when

  • PHP apps show 502/504 errors or missing extensions
  • After distro/OS upgrades or manual apt changes touching PHP
  • FPM pool config files are missing or corrupted
  • After installing or removing PHP-based applications
  • Need to prevent (or allow) PHP package upgrades via apt

What it resolves

  • Full repair of Sury repo, packages, php.ini, modules, and FPM pools
  • Cross-version verification ensures all PHP stacks are consistent
  • Hold management locks or unlocks packages for controlled upgrades
  • Pool verification confirms per-app FPM configs match installed software
  • Orphaned PHP installations are detected and flagged

Applications that depend on PHP:

🔧

PHP 8.1 Applications

Core apps that rely on PHP

ruTorrentphpMyAdmin
🆕

PHP 8.4 Applications

Core apps that rely on PHP

Nextcloud
Per-application PHP isolation

Each application gets its own FPM pool config (e.g., /etc/php/8.1/fpm/pool.d/rutorrent.conf, /etc/php/8.1/fpm/pool.d/phpmyadmin.conf, /etc/php/8.4/fpm/pool.d/nextcloud.conf). Pool configs are created by each app’s install script. The qb fix php command verifies they exist and restarts the relevant FPM service — it does not create pools from scratch.

v4 Dashboard does not use PHP

The v4 dashboard runs on Node.js/Fastify. PHP is only used by applications like ruTorrent, phpMyAdmin, and Nextcloud. If the dashboard is not working, see qb fix dashboard instead.

Fix Database

Reconcile duplicate user_software rows against live config truth, and (on legacy SQLite v3 installs) repair the database symlink:

qb fix database                 # dry-run (default) -- reports only
qb fix database --apply         # execute the reconciliation
qb fix database --cron          # apply mode with reduced output for scheduled runs
--dry-run

Report what would change without touching the database. This is the default -- you must pass --apply to make changes.

qb fix database --dry-run
--apply

Execute the reconciliation: delete losing duplicate rows, update ports on the kept row when truth was parseable.

qb fix database --apply
--cron

Same as --apply but with reduced output, intended for scheduled runs.

qb fix database --cron
Dry-run is the default

qb fix database runs in dry-run mode unless you explicitly pass --apply or --cron. Nothing is deleted or updated until you opt in. Every reconciler action — dry-run or applied — is also written to the system_log table with log_source='qb fix database'.

How the reconciler decides which row to keep

Legacy install bugs can leave multiple rows in the user_software table for the same (user_id, software_name) pair. The reconciler walks every duplicate group and consults the v4 dashboard on 127.0.0.1 for the app’s live config file — the file the service is actually reading. v3 Bash never parses app config files directly; it asks v4 (the authority) for the raw file contents via GET /api/system/apps/:appId/config and then greps the expected port fields out of the returned string.

For each duplicate group, one of three things happens:

Column 1Column 2Column 3
KEPT_BY_TRUTH
v4 returned the live config and a row's software_port / software_secure_port match the parsed values.
Keep that row; delete every other row in the group.
UPDATED_BY_TRUTH
v4 returned the live config and parsed real ports, but no row matches.
Keep the highest-id row, update its software_port / software_secure_port to the parsed truth, delete the rest.
TRUTH_PARSE_MISS
v4 returned the config file but the expected port fields could not be grepped out of it.
Fall back to MAX(id): keep the highest-id row, delete the rest. Emits a yellow truth_parse_miss warning.
KEPT_BY_MAX_ID
v4 is unreachable on 127.0.0.1, the app is not in the mapped truth set, or the endpoint errored.
Fall back to MAX(id): keep the highest-id row, delete the rest. Emits a yellow v4_unreachable warning once per run.

Apps with truth mapping today: sonarr, sonarr4k, radarr, radarr4k, lidarr, readarr, prowlarr, jellyfin, qbittorrent, deluge, rtorrent, rutorrent, plex. Any other app with duplicate rows still gets deduped — it just uses the MAX(id) fallback directly.

Example session

A dry-run identifies a duplicate sonarr group for user@host:

$ qb fix database
Checking QuickBox database...
v4-dashboard detected -- skipping legacy SQLite symlink repair
Running truth-aware reconciliation (dry-run)
Found 1 duplicate group in user_software
 
Group: user@host / sonarr (2 rows)
  Truth source: v4 (config.xml) -- Port=9020, SslPort=9878
  Row id=42 port=9020 secure=9878  <- MATCH (would keep)
  Row id=37 port=8989 secure=9898  <- would delete
 
Dry-run summary: would keep 1, delete 1, update 0
Re-run with --apply to execute.

Re-running with --apply commits the change:

$ qb fix database --apply
Checking QuickBox database...
Running truth-aware reconciliation
Group: user@host / sonarr (2 rows)
  Truth source: v4 -- keeping id=42 (KEPT_BY_TRUTH)
  Deleted 1 row
Reconciliation complete: kept 1, deleted 1, updated 0

On servers that do not have the v4 dashboard installed, qb fix database also repairs the legacy /srv/quickbox/db/qbpro.db symlink pointing at /opt/quickbox/config/db/qbpro.db, creates a backup (keeping the newest 3), and ensures www-data read access. When v4 is installed this step is skipped automatically — v4 manages its own database at /etc/v4-dashboard/data/db/qbpro.db through Prisma.

When to use:

Use qb fix database when

  • Dashboard shows duplicate apps for a user after a failed install or restore
  • An app shows the wrong port in the dashboard but works fine when opened directly
  • You want to audit duplicate user_software rows without committing changes
  • Legacy v3-only server with SQLite symlink drift under /srv/quickbox/db/

What it resolves

  • Dry-run reports every duplicate group with the kept row and the proposed deletions
  • --apply reconciles against the live config file v4 reads for each app
  • Falls back to MAX(id) when v4 is unreachable or the config parse misses, so the command never errors out on one bad group
  • Every action is logged to system_log with log_source='qb fix database' for later review
Always dry-run first

Run qb fix database (no flags) before qb fix database --apply. The dry-run shows you exactly which rows will be kept and which will be deleted, so you can verify the decisions against the live apps before committing the change. The reconciler writes DRY_RUN_RECONCILE entries to system_log for dry-run operations, which is useful for auditing.

v4-aware by design

The reconciler requires v4 on 127.0.0.1 to resolve truth. When v4 is unreachable (service stopped, port blocked, auth token missing), the command still runs — it just degrades to the historic MAX(id)-wins rule and emits a yellow warning at the top of the run. Start v4-dashboard.service first if you want the truth-based path.

Fix Permissions (per-user apps)

Normalize system groups and application directories for a user:

qb fix permissions -u username
# or
qb fix perms -u username

What it does:

  • Preserves existing groups from /etc/group, then ensures www-data is present; adds sudo only for shell users (shell_level = 1)
  • Recursively sets ownership of /opt/<username> to the user and group
  • Sets directories under /opt/<username> to 0755
  • Logs FIX_PERMISSIONS <username> to system_log

How it differs from qb fix home:

  • qb fix home -u username targets /home/<username> (files 0664, dirs 0755, home 0750, special handling for .ssh, .bin, rclone, Nextcloud)
  • qb fix permissions -u username targets /opt/<username> and group membership — use it if/when app installs/upgrades change ownership/ACLs. QuickBox handles this automatically during installs/reinstalls/updates, but this command is available when something fails or manual changes break the flow.

How QuickBox automatically maintains app config permissions

QuickBox runs a background service, qbpermmon.service, that automatically corrects ownership, file modes, and ACLs on monitored app config paths. Drift is detected and corrected within a minute of occurring.

How it works:

  • The binary (/usr/local/bin/qbpermmon) sweeps every monitored path on a 60-second interval. For each entry in the matrix, it stats the path and compares owner, group, and mode against the canonical values. If they already match, nothing happens. If they differ, the service runs chown + setfacl + chmod to restore the canonical state.
  • Enforcement is matrix-driven: a single config file (/opt/quickbox/config/system/qbpermmon.matrix.sh) declares the canonical owner, group, mode, and ACL for every monitored path. All 53 entries across 29 apps are defined there. If an app isn’t in the matrix, its paths aren’t monitored.
  • For each entry that needs correction, the service enforces all three of owner + group, file mode, and ACL in one pass — not just a chmod. Plex is the only app in the fleet with a dedicated system user (plex:plex); all other apps use the installing user.
  • Drift is detected at the next 60-second sweep — typical detection latency is well under a minute. The trade-off is near-zero CPU when nothing is wrong (the stat per path costs microseconds and only adds up to a few milliseconds per minute across the whole matrix).

Apps with automatic protection:

The matrix currently covers the *arr stack (Sonarr, Radarr, Lidarr, Readarr, Prowlarr), media servers (Plex Media Server), request and discovery tools (Jellyseerr, Overseerr, Seerr, Ombi), indexers (Jackett, NZBHydra2), download clients (rTorrent, SABnzbd, qBittorrent, Deluge, NZBGet, Transmission, pyLoad), reading apps (Kavita, Komga, LazyLibrarian), media management (Bazarr, Medusa), and utilities (Autobrr, Syncthing, rclone, TheLounge).

Limits — what qbpermmon is not:

  • It does not touch /opt/<username> or app binary directories. For those, use qb fix permissions -u username.
  • It does not repair home directory structure or .ssh permissions. For those, use qb fix home -u username.
  • Coverage is strictly matrix-driven. Paths not listed in the matrix are not monitored.
  • Runs as root; failures and corrective actions surface to journalctl -u qbpermmon.
About qbpermmon.service

qbpermmon.service is a Type=notify systemd unit with a 60-second watchdog. The service polls the matrix once per minute and only runs chown/setfacl/chmod on paths where actual drift is detected — when everything is correct, the work-per-minute is just a few stat calls. Output routes to the journal (SyslogIdentifier=qbpermmon). In practice, most app config permission drift is corrected automatically within a minute of occurring. qb fix home and qb fix permissions remain the right tools for broader repairs outside the matrix paths.

Fix dlindex

Re-render every user’s per-user nginx download index config so already-deployed installs pick up the latest symlink hardening, dynamic download-path discovery, and qbpermmon drop-ins for custom NAS paths:

qb fix dlindex                  # walk every user in user_information
qb fix dlindex -u username      # single user
-u USERNAME

Re-render the download index config for a single user only. Without this flag, every user in user_information is walked.

qb fix dlindex -u username

What it does:

Each torrent client install (Deluge, qBittorrent, rTorrent, Transmission) ships a per-user nginx fancyindex view of its download directory — the https://<server>/<username>.<client>.downloads URLs you can browse with a web browser. Those URL configs live at /etc/nginx/software/<username>.dlindex.conf and are rendered at install time from the templates under /opt/quickbox/install/templates/dlindex/.

qb fix dlindex re-renders that per-user config from the current templates. For each user it:

  • Resolves the user’s installed torrent clients via user_software.
  • Discovers each client’s actual download path and validates it against the allowlist (/home/<user>/, /mnt/, /media/).
  • Writes the rendered <user>.dlindex.conf with www-data:www-data ownership.
  • Adds a qbpermmon drop-in for any validated /mnt or /media leaf, so the permission monitor keeps custom NAS paths readable by www-data.
  • Tests the nginx configuration (nginx -t) and reloads nginx only on PASS — a broken config is never applied.
  • Emits one NDJSON status line per user; the server-wide walk also writes a FIX_DLINDEX entry to system_log. Single-user mode logs FIX_DLINDEX_<username>.

Users whose home directory is missing (deleted accounts that still have a row in user_information) are skipped with "reason":"home_missing".

When to use:

Use qb fix dlindex when

  • After a CLI update where dlindex templates or the symlink hardening logic changed
  • Browser download index returns 404 or shows the wrong path after switching a client to a custom /mnt or /media download directory
  • qbpermmon does not keep a custom NAS download path readable by www-data
  • Backfilling existing installs so they pick up the latest fancyindex hardening without reinstalling each torrent client

What it resolves

  • Re-renders <user>.dlindex.conf from the current templates for every user (or one user with -u)
  • Discovers each client's real download path and validates it against the allowlist
  • Writes a qbpermmon drop-in for custom /mnt or /media paths so permissions stay correct
  • Tests nginx and reloads only on PASS, never applying a broken config
Idempotent

Re-running qb fix dlindex is a no-op when configs already match the current templates — it rewrites the file either way, but nginx test + reload only fires on a successful test. Safe to run after any CLI update that touched the dlindex templates.

Browser download index URLs

The per-user download index is the URL pattern https://<server>/<username>.deluge.downloads, <username>.qbittorrent.downloads, <username>.rtorrent.downloads, and <username>.transmission.downloads — protected by the same htpasswd file as the rest of your QuickBox access. See each torrent client’s documentation page for the full URL list.

Fix Dashboard

Re-run the v4 dashboard update pipeline:

qb fix dashboard

What it does:

  • Equivalent to running qb update dashboard
  • Re-downloads and rebuilds the v4 dashboard from upstream
  • Restarts the v4-dashboard.service
  • Useful when the dashboard update failed partway through or the build is corrupted

When to use:

Use qb fix dashboard when

  • Dashboard showing errors or blank page after a failed update
  • Dashboard service won't start after system changes
  • Need to force a fresh dashboard rebuild
  • Dashboard version is out of sync with the CLI

What it resolves

  • Re-downloads the latest dashboard build
  • Rebuilds and restarts the dashboard service
  • Resolves partial update failures
  • Brings dashboard to the same version as the CLI
v4 Dashboard runs on Node.js

The v4 dashboard is a TypeScript/Fastify application, not PHP. Its service is v4-dashboard.service. If you are troubleshooting the dashboard, check systemctl status v4-dashboard — not PHP-FPM.

Fix Version

Force update QuickBox to the latest upstream version:

qb fix version

What it does:

  • Downloads all CLI binaries fresh from central.quickbox.io (the release proxy)
  • Replaces the following components with the latest upstream versions:

Binaries refreshed:

  • fix (the fix system itself), qb (CLI handler), manage (management binary)

Modules refreshed:

  • Fix modules: dbFix, homeFix, permFix, phpFix, pythonFix
  • Management modules: apiSettings, dbSettings, fail2banSettings, langSettings, mountSettings, nginxSettings, softwareSettings, telemetrySettings, themeSettings, trackerSettings, wbSettings, wgSettings, dnsSettings
  • Update pipeline: pipeline, pipeline-environment, pipeline-dependencies, pipeline-download, pipeline-system, pipeline-nginx, pipeline-dashboard, pipeline-database, pipeline-services, pipeline-finalize, dashboardUpdate

After downloading, it re-executes itself through the update pipeline to apply all changes.

Channel detection: If dev (/opt/qb_dev) or beta (/opt/qb_beta) flags are present, the command routes to the appropriate channel-specific updater (devpull/betapull) instead.

When to use:

Symptoms

  • QuickBox commands not working properly
  • After a failed automatic update
  • Core system files are out of sync
  • Missing new features from changelog
  • Update check shows available version but update failed

Resolution

  • Forces fresh download of all CLI binaries and modules
  • Synchronizes all system components via update pipeline
  • Repairs broken update state
  • Brings system to current upstream version
  • Dev/beta users are routed to their channel automatically

What’s preserved:

  • User accounts and passwords
  • All installed applications and their data
  • Application configurations
  • Database content
  • User files and downloads

What gets updated:

  • CLI binaries (qb, fix, manage)
  • All fix and management modules (20+ files)
  • The full update pipeline (environment, dependencies, download, system, nginx, dashboard, database, services, finalize)
Not a Reinstall

qb fix version is NOT a full reinstall — it’s a forced binary refresh and update pipeline re-run. All your data, applications, and configurations are preserved. Think of it as a “force refresh” to the latest version.

Common Workflows

Use these as quick checklists. Details and caveats live in the sections above so we avoid repeating full instructions.

Application Won’t Start

Systematic troubleshooting approach:

# 1. Check if it's a permission issue
qb fix home -u username
 
# 2. Restart the application
systemctl restart [application]@username
 
# 3. If PHP-based, fix the relevant PHP version
qb fix php 8.1    # ruTorrent, phpMyAdmin
qb fix php 8.4    # Nextcloud
 
# 4. If Python-based, fix Python
qb fix python
 
# 5. Check logs for errors
journalctl -u [application]@username -f

After System Upgrade

Post-upgrade maintenance routine:

# 1. Fix Python (often breaks during upgrades)
qb fix python
 
# 2. Fix PHP
qb fix php
 
# 3. Fix user permissions
qb fix home -u username
 
# 4. Update QuickBox if needed
qb update quickbox

Dashboard Not Working

v4 Dashboard (current) troubleshooting:

# 1. Check the dashboard service
systemctl status v4-dashboard
 
# 2. Restart the dashboard service
systemctl restart v4-dashboard
 
# 3. If still broken, re-run the dashboard update pipeline
qb fix dashboard
 
# 4. Check Nginx is running
systemctl status nginx
nginx -t
systemctl restart nginx
 
# 5. If still broken, force a full system refresh
qb fix version
v4 Dashboard uses Node.js, not PHP

The v4 dashboard service is v4-dashboard.service. Do not troubleshoot it with PHP-FPM commands. If PHP-based applications (like ruTorrent or Nextcloud) are broken, use qb fix php for those separately.

Multiple Users Having Issues

When all users experience problems:

# 1. Fix PHP (system-wide)
qb fix php
 
# 2. Fix Python (system-wide)
qb fix python
 
# 3. Fix each user's permissions
for user in user1 user2 user3; do
  echo "Fixing $user..."
  qb fix home -u $user
done
 
# 4. If issues persist, fix QuickBox
qb fix version

Troubleshooting Guide

”Command Not Found” After Fix

# Reload shell configuration
source ~/.bashrc
 
# Or logout and login again
exit

Fix Commands Don’t Resolve Issue

# 1. Check system logs
journalctl -xe
 
# 2. Generate support logs
qb generate logs
 
# 3. Ask for help in Discord
# Include the generated support logs

Permission Fix Doesn’t Work

# 1. Check if user exists
id username
 
# 2. Verify home directory
ls -la /home/username
 
# 3. Manual permission fix
chown -R username:username /home/username
chmod 755 /home/username
 
# 4. Try automated fix again
qb fix home -u username

PHP Fix Fails

# Check which PHP versions are installed
dpkg -l | grep php-fpm
 
# Check FPM status for each version
systemctl status php8.1-fpm
systemctl status php8.4-fpm
 
# Check installed extensions for a specific version
php8.1 -m
php8.4 -m
 
# Check if packages are held (preventing upgrades)
apt-mark showhold | grep php
 
# Fix a specific version
qb fix php 8.1
qb fix php 8.4
 
# If apt holds are interfering with a planned upgrade
qb fix php 8.4 --remove-hold
Avoid manual PHP management

Do not run apt-get install --reinstall php8.1 or manually upgrade PHP packages. QuickBox pins PHP versions and manages per-application FPM pools. Manual apt operations can break the isolation between PHP versions. Always use qb fix php [VERSION] to repair PHP issues. Use --remove-hold and --hold to control apt upgrades safely.

”The following packages have been kept back” (held PHP packages)

When apt upgrade or apt-get upgrade reports packages kept back or held — typically php8.1-bcmath, php8.1-cli, php8.1-fpm, php8.1-common, or related packages like libboost-dev — this is expected and intentional. QuickBox holds these packages to prevent an uncontrolled apt upgrade from breaking your PHP stack or its per-application FPM pools.

What the output looks like:

The following packages have been kept back:
  php8.1-bcmath php8.1-cli php8.1-common php8.1-fpm php8.1-opcache libboost-dev
0 upgraded, 0 newly installed, 0 to remove and 15 not upgraded.

To repair and re-apply the holds safely:

qb fix php

This temporarily unholds the packages, refreshes and reinstalls the full PHP extension chain, then re-applies the holds — all in one step.

To deliberately upgrade held PHP packages:

# 1. Remove the hold so apt can upgrade
qb fix php 8.1 --remove-hold
 
# 2. Run the upgrade
apt-get upgrade
 
# 3. Re-apply the hold and verify pools
qb fix php 8.1
Do not use apt-mark unhold directly

Do not run apt-mark unhold php8.1* manually. QuickBox manages the full hold lifecycle — including shared dependencies like php-pear and libfcgi0ldbl — as part of qb fix php. Using apt-mark directly bypasses this and can leave shared packages in an inconsistent hold state.

Held packages are not a problem

Seeing “packages kept back” for php8.1-* during a routine apt upgrade is normal on a QuickBox server. The holds are placed intentionally to protect your PHP stack. You only need to act if a specific PHP-based application (ruTorrent, phpMyAdmin, Nextcloud) is broken — in that case, run qb fix php to repair and refresh the stack.

Python Fix Doesn’t Help

# Check Python versions
python3 --version
python3.11 --version
python3.13 --version
 
# Check pip for each version
python3.11 -m pip --version
python3.13 -m pip --version
 
# Try fix again
qb fix python

Best Practices

Do

  • Try specific fixes before qb fix version
  • Fix permissions after manual file operations
  • Run qb fix php and qb fix python after OS upgrades
  • Target the specific PHP version when you know which app is broken (e.g., qb fix php 8.4 for Nextcloud)
  • Use qb fix php [VERSION] --remove-hold before planned apt upgrades, then qb fix php [VERSION] to re-hold after
  • Use qb fix dashboard for dashboard issues, not PHP fixes
  • Generate logs before asking for help
  • Test applications after running fixes

Don't

  • Run qb fix version without trying other fixes first
  • Manually install or upgrade PHP packages with apt
  • Run apt-mark unhold on PHP packages directly -- use qb fix php [VERSION] --remove-hold
  • Ignore error messages during fix operations
  • Run multiple fixes simultaneously
  • Troubleshoot the v4 dashboard with PHP-FPM commands
  • Forget to restart services after fixes

Prevention Tips

Avoid Permission Issues

# Always use proper commands for file operations
# Instead of: cp /source /home/user/
# Use: sudo -u username cp /source /home/username/
 
# Or fix after copying
cp /source /home/username/
qb fix home -u username

Maintain Healthy System

# Regular maintenance prevents issues
qb clean memory          # Weekly
qb update check          # Weekly
qb fix php               # After updates (fixes PHP 8.1 + verifies all versions)
qb fix php 8.4           # After updates if Nextcloud is installed
qb fix python            # After updates

Before Major Changes

Preparation checklist:

  • Create system snapshot or backup
  • Document current working state
  • Test changes in isolation first
  • Have rollback plan ready
  • Note which applications are currently working
  • Backup critical configurations manually
Clean Command

Clean logs and free up disk space

Update Command

Update QuickBox and check for new versions

User Management

Create and manage user accounts

Generate Logs

Generate system logs for troubleshooting

Need Help?

Join the Community

Media server operators sharing configs, getting support, and shaping the future of QuickBox Pro.

Dedicated Support
Feature Previews
Community Configs
Active Discussions
Join Discord Server

Additional Resources

Getting Started

Complete installation guide

CLI Reference

All available commands

Troubleshooting

Common issues and solutions

Last updated on
cleangenerate