F fyuhls
Version v0.1.2

File hosting that feels like an operator console, not a starter template.

fyuhls is a self-hosted PHP file hosting script for people who want a real platform with real control: accounts, packages, storage nodes, rewards, payouts, diagnostics, and operational tooling in one stack.

It is built for Linux-based shared hosting, VPS deployments, and dedicated servers where you want to run a branded upload business without rebuilding the boring infrastructure from zero.

Direct multipart uploads API tokens AES-256 sensitive-field protection Safer updater workflow Download state system
Read Documentation View GitHub Repository

Built like a control room

fyuhls is aimed at operators who need a deployable file hosting product with clear moving parts, not a vague demo shell.

Modern Storage Options

Run local storage or offload to object storage using provider presets and S3-compatible backends with active, read-only, and disabled server states.

Local R2 B2 / Wasabi / S3

Direct Multipart Uploads

Large-file flows use app-managed upload sessions, signed part URLs, resumable state, and direct object-storage transfer instead of forcing PHP to relay the whole file.

Resume support Signed parts Quota reservation

Rewards and Payouts

Run pay-per-download or pay-per-sale style models with withdrawal methods, fraud controls, and payout review tools built into the script.

PPD PPS Withdrawals

Rewards Fraud Review

Hold earnings, score suspicious traffic, inspect network and uploader risk signals, and manually clear, hold, or reverse questionable reward activity from a dedicated fraud console.

Held earnings Risk scoring Manual review

High-Performance Delivery

Serve downloads through PHP or optimized server-assisted handoff paths with Nginx, Apache, and LiteSpeed delivery modes available in the admin surface.

X-Accel-Redirect X-SendFile LiteSpeed

Encrypted Data Protection

Protect sensitive account, file, and payout-related fields with built-in AES-256 encryption across critical data flows.

AES-256 Sensitive fields Core security

Admin Infrastructure

Manage packages, users, files, live downloads, withdrawals, plugins, system status, cron behavior, and support exports from one admin area.

Config Hub Diagnostics Search

User and Package Control

Create packages with upload limits, storage limits, remote upload access, download controls, and plan-specific behavior.

User roles Package limits Quota handling

Public API and Tokens

Expose account-bound API access with personal tokens, managed upload shortcuts, multipart session control, owner-scoped file metadata, and application-signed download links.

Bearer tokens Managed upload Signed links

SEO Command Center

Control titles, descriptions, canonicals, sitemap rules, robots.txt, structured data, file-page templates, and verification tokens from a dedicated SEO area in the admin hub.

Sitemap Robots.txt Structured Data

Security Controls

Use login protection, optional 2FA, abuse reporting, proxy and VPN screening, encrypted sensitive data, and server-side validation across key flows.

2FA Encrypted fields Abuse defenses

Email and Queue System

Configure SMTP, send transactional mail, manage queued delivery, and edit templates for verification, password resets, and platform messaging.

SMTP Mail queue Templates

Automation Heartbeat

Run cleanup, maintenance, queue work, and scheduled platform tasks through a centralized heartbeat cron instead of scattered job logic.

Cron Cleanup Maintenance

Observability and Support

Track current downloads, inspect system status, review logs, and export sanitized diagnostics bundles when you need to debug a live install without leaking secrets.

Current downloads Status checks Sanitized export

Abuse, DMCA, and Requests

Handle contact requests, abuse reports, DMCA actions, and uploader-facing moderation workflows from the same admin stack instead of bolting those processes on later.

Abuse reports DMCA queue Requests inbox

Live Download Operations

Monitor active transfers in real time, review delivery behavior, and use that visibility for support, performance tuning, and abuse investigation.

Active transfers Delivery insight Ops visibility

Install and Support Tools

The script includes a web installer, a post-install check page, support bundle export, and a documentation section for setup and admin workflows.

Installer Post-check Help docs

Install flow

  1. Confirm the server is Linux-based and has PHP 8.2+, MySQL or MariaDB, PDO MySQL, OpenSSL, cURL, sockets, and clean URL support such as Apache mod_rewrite.
  2. Raise your PHP upload and execution limits before launch if you plan to handle large files. A practical baseline for 2GB+ uploads is upload_max_filesize = 256M, post_max_size = 300M, max_execution_time = 3600, and memory_limit = 512M.
  3. Extract the package locally so you have the full project folders such as public, src, config, storage, vendor, and docs.
  4. Create an application folder above your public web root and upload the full script there instead of dropping everything straight into public_html.
  5. Create a MySQL database and database user in cPanel, DirectAdmin, or your server panel, then grant that user access to the database. The installer expects both to already exist.
  6. Point your domain or subdomain document root to the public/ directory inside the installed project. On cPanel or DirectAdmin this usually means changing the domain path to something like /home/yourusername/domain.com/fyuhls/public.
  7. Visit /install.php in your browser and enter your database details, hidden config path, and initial admin account. For better security, put the hidden config path outside the public web directory.
  8. Run /post_install_check.php after setup to confirm database connection, schema version, storage permissions, GD, and optional SMTP readiness.
  9. Finish your first-run setup in the admin area by configuring packages, storage, uploads, downloads, security, email, SEO, monetization, and cron.
  10. Add the heartbeat cron job so cleanup, queue processing, and scheduled maintenance continue to run: * * * * * php /home/yourusername/fyuhls/src/Cron/Run.php.
  11. Delete install.php, post_install_check.php, and the schema file if they remain after setup.

The installer does not create databases or database users for you. For better security, keep the hidden config file outside the public web directory and make sure only the project's public/ folder is web-accessible.

View the full detailed installation instructions on GitHub.

Deployment baseline

  • Linux-based web hosting environment
  • PHP 8.2+ with PDO MySQL, OpenSSL, cURL, sockets, and common file/image extensions
  • MySQL or MariaDB database already created
  • Writable storage paths for uploads, cache, and logs
  • mod_rewrite or equivalent clean-URL support on your host
  • Tuned PHP upload limits if you plan to accept large files, with a practical 2GB+ baseline for chunked uploads
  • Cron access for scheduled cleanup, rewards, or maintenance jobs

Common Setup Reminders

  • Do not upload the whole script directly into public_html.
  • Only the installed project's public/ directory should be exposed as the document root.
  • SMTP is configured after installation from Admin > Config Hub > Email.
  • Rewards and affiliate options are configured later from Admin > Config Hub > Monetization.
  • Nginx users who need completed-download reward tracking should also apply the documented completion callback configuration.
View Full Installation Guide

Need the operator map?

The documentation page covers installation, storage setup, admin sections, rewards, file servers, and the day-to-day operational paths built into fyuhls.

Open Documentation

Operator questions

Short answers to the questions people usually ask before they commit to a first deployment.

Does fyuhls run on shared hosting?

Yes. Fyuhls is built to run on Linux-based shared hosting as well as VPS and dedicated servers, as long as you have a MySQL database, writable storage, and the required PHP extensions. The tradeoff is that shared hosting usually gives you less control over PHP limits, cron reliability, background processing, and large-upload performance, so bigger or heavier-traffic installs will generally be better on a VPS or dedicated server.

Does the installer create the database for me?

No. Create the database and database user first in cPanel, Plesk, or your server panel, then enter those details during installation.

Can I use external file storage?

Yes. The script supports local storage as well as Cloudflare R2, Backblaze B2, Wasabi, and generic S3-compatible providers.

Does it support resumable large uploads?

Yes. Fyuhls includes app-managed multipart upload sessions with signed part URLs, resume-aware session inspection, and managed-upload shortcuts for third-party tools.

Why is FTP or SFTP not included?

fyuhls is currently focused on local storage and S3-compatible backends because they are a better fit for large resumable uploads, signed delivery, and CDN-friendly scaling. FTP and SFTP would require a different relay-style transfer path, so they are intentionally left out for now.

Is rewards support included?

Yes. Rewards, payouts, and affiliate-ready monetization are part of the core script. Admins can enable or disable those features in the admin area.

Can I run it without rewards enabled?

Yes. Rewards and affiliate behavior can be turned off. When disabled, related frontend options are hidden and the server-side routes are gated.

Does the script include SEO controls?

Yes. fyuhls includes an SEO command center for homepage metadata, public page templates, robots.txt, sitemap.xml, structured data, and search-engine verification tokens.

Is there a real API or just browser forms?

There is a real public API. Users can create personal API tokens and use them for multipart uploads, managed-upload flows, file metadata, and application-signed download links.

Can admins change indexing rules without editing files?

Yes. Search indexing rules, sitemap inclusion, file-page templates, and robots handling can be changed from the admin area instead of editing templates manually.