Module Installation
How to install, uninstall, and manage modules on the ION Guard platform in a production environment.
Overview
Modules are distributed as encrypted packages (.enc) that contain the source code, migrations, compiled frontend, and settings. Installation is done through the web interface or via the command line.
Installation via the web interface
Requires Platform Admin.
- Go to Modules (
/modules) in the sidebar - Click "Install Module"
- Select the module's
.encfile (maximum 100 MB) - Wait for processing
What happens internally
- Decryption — The
.encpackage is unpacked with the module release key (MODULE_RELEASE_KEY), viaModuleReleaseEncryption. This key is fixed and shared across installations (it only serves to wrap/unwrap the distribution file). Do not confuse it with theMODULE_ENCRYPTION_KEY, which is generated per installation and encrypts sensitive runtime data (gateway credentials, tokens in the database) - Validation — Checks the ZIP structure: it requires
{Module}/{Module}ServiceProvider.php, all files under the{Module}/directory, and no path traversal (..or an absolute path) - Staging — Extracts to a temporary directory with a random name (
.{module}.staging-{rand}) on the same filesystem as the destination, so the swap is atomic - Atomic swap — Renames the existing module to
.bak-{timestamp}(if any) and moves the staging to its final position inapp/Modules/ - Migrations — Runs
php artisan migrate --forceand re-optimizes the cache (optimize+opcache_reset) - Assets — Publishes the frontend assets
- Docker Compose — Regenerates
modules_runtime.ymlwith the workers declared by the new module - Restart — Schedules the PHP-FPM restart (via inotify watcher, without access to the Docker socket) to register the ServiceProvider
Installation and uninstallation are recorded in the audit trail (module_installed / module_uninstalled).
In case of failure
If any step fails after extraction:
- The staging directory is removed
- The backup of the previous version (if it existed) is restored
- Assets are unpublished
- An error message is displayed in the interface
If the failure occurs after the migrations, they are not reverted automatically. You will need to run a manual rollback if necessary:
./scripts/comp.sh exec -T ionguard_php php artisan migrate:rollback
Module update
To update an already installed module, simply install the new version over the existing one. The system:
- Backs up the current version
- Installs the new version
- Runs the new migrations
- Keeps the previous version as a backup until success is confirmed
Uninstallation
Prerequisites
Before uninstalling, resolve all of the module's active alerts. Uninstallation is blocked if there are unresolved alerts.
Via the interface
- On the module card in Modules (
/modules), click "Uninstall" - Confirm in the dialog
What is removed
- Per-site enablement records (
site_modules) - Module files in
app/Modules/ - Published assets
- Workers in Docker Compose
What is preserved
- Database tables — Data created by the module remains
- Audit records — Log of the module's actions
- Backups — Existing backups are not affected
Installation logs
All module operations are recorded in a dedicated log:
storage/logs/modules.log
Each operation includes a request_id for traceability. The log is rotated daily with a default retention of 14 days.
Post-installation verification
After installing a module:
# Check whether the module is registered
./scripts/comp.sh exec -T ionguard_php php artisan tinker --execute="
app(\App\Modules\ModuleRegistry::class)->all()
"
# Check whether workers were created (if the module declares workers)
./scripts/comp.sh ps
# Health check
./scripts/healthcheck.sh
Per-site enablement
After installation, the module must be enabled for each site where it will be used. See Modules — User Guide for instructions.