X-Cart:Server Requirements (X-Cart 4.5, 4.6, 4.7)

From X-Cart 4 Classic
Jump to: navigation, search
X-Cart 4.5or above

Server requirements

Operating system

OS logos.png

Any operating system is good - as long as it allows deployment of the following required components:

  • PHP;
  • MySQL;
  • Web server with support for PHP (Nginx is recommended).

PHP, MySQL and Apache/Nginx web server requirements are listed further below.


Hardware required to achieve a good X-Cart performance depends on many factors, however the most important are Catalog size and Traffic. The table below provides recommended hardware specifications.

Catalog size up to 100 visitors/day up to 5,000 visitors/day up to 15,000 visitors/day
2000 SKUs a good shared/cloud hosting

VPS / Dedicated server

  • Dual-core CPU
  • RAM 1 GB
  • 250 Mbps connection

Dedicated server

  • Dual CPU dual-core
  • 500 Mbps connection
20,000 SKUs a good shared/cloud hosting

VPS / Dedicated server

  • Dual-core CPU
  • RAM 2 GB
  • 250 Mbps connection

Dedicated server

  • Dual CPU dual-core
  • RAM 16 GB, SAS HDD
  • 500 Mbps connection
200,000 SKUs

VPS hosting

  • Dual-core CPU
  • RAM 2 GB
  • 100 Mbps connection

Dedicated server

  • Dual-core CPU
  • 250 Mbps connection

Dedicated server

  • Dual CPU quad core
  • RAM 16 GB, SAS HDD
  • 500 Mbps connection

See also:

PHP configuration

PHP version

X-Cart 4.7.x: Any PHP version below 7.4.x should not be used. #PHP7 is recommended for X-Cart versions 4.7.6 and later for better performance. Free PHP7.0 / 7.1 / 7.2 / 7.3 / 7.4 patches for old versions
X-Cart 4.5.3-4.6.6: PHP version 5.2.0 or later is required.
Up to X-Cart 4.5.3: PHP versions 4.4.0 - 5.x. (PHP5 support is recommended, but not required).

PHP7.0 PHP7.1 PHP7.2 PHP7.3 PHP7.4 PHP8.0 PHP8.1
4.7.12 Check.svg Check.svg Check.svg Check.svg Check.svg
4.7.11 Check.svg Check.svg Check.svg Check.svg Patches
4.7.9 - 4.7.10 Check.svg Check.svg Check.svg Patches Patches
4.7.8 Check.svg Check.svg Patches Patches Patches
4.7.6 - 4.7.7 Check.svg Patches Patches Patches Patches
x.x.x - 4.7.5 Patches Patches Patches Patches Patches

php.ini settings

required values:

safe_mode = off
file_uploads = on
magic_quotes_sybase = off
sql.safe_mode = off
allow_url_fopen = on
ini_set = on
memory_limit >= 32M
(X-Cart v4.5.5 and later) register_globals = off

recommended values:

disable_functions = NULL
post_max_size >= 2M
upload_max_filesize >= 2M
max_execution_time >= 30
memory_limit >= 64M
max_input_time >= 30
sendmail_from = ...@domain.com (an email address, from which sending mail is allowed)

PHP extensions


  • PCRE
  • MySQLI or MySQL (MySQLI is supported starting with X-Cart version 4.6.4)


  • FTP - to be able to upload files to GoogleBase
  • Zlib - for data compression on the fly
  • GDLib 2.0 or better - required for automatic generation of product thumbnails form product images, for the 'Image Verification' module and for cache generation in the 'Detailed Product Images' module. GDLib must be compiled with libJpeg (ensure that PHP is configured with the option --with-jpeg-dir=DIR, where DIR is the directory where libJpeg is installed).
  • OpenSSL or Mcrypt - highly recommended to speed up the Blowfish data encrypting process. (OpenSSL is recommended starting with X-Cart version 4.7.9)
  • xml/Expat - for Intershipper, UPS or USPS shipping modules.
  • cURL - for some of the online credit card processing modules and for shipping modules (cURL version 7.39.0 or better is recommended).
  • iconv - for AJAX functionality.

Other recommendations

  • PHP should be compiled with the --enable-memory-limit option (strongly recommended).
  • PHP should be compiled with the --enable-mbstring option. mbstring is used to handle languages that use multibyte character encodings. For more information and a list of supported encodings, see the corresponding section of PHP manual. If you are planning to use languages that require UTF-8 encoding, set the mbstring.func_overload value to 7.
    In X-Cart versions 4.6.2 and later, mbstring is also needed for "responsive" display of notifications.
  • If you wish to use an external mail program (like qmail or postfix) instead of the PHP mail() function, this mail program must be installed and configured.
  • If you wish to use an SMTP server instead of the PHP mail() function to send mail from the store, the SMTP server must be installed and configured.
  • PHP function exec() must be allowed for the correct functioning of most of the CC payment processing modules used with X-Cart (SaferPay, Credomatic, CyberSource, HSBC, Ogone, Ogone Web, PayBox, PaySystems Client, VaultX), HTTPS modules (Net::SSLeay, CURL, OpenSSL, https_cli), GnuPG/PGP.
  • PHP functions popen() & pclose() must be allowed for the correct functioning of some HTTPS modules (CURL, Net::SSLeay, OpenSSL, https_cli), payment modules (Saferpay, CyberSource), SMTP mailer (PHPMailer).
  • Security recommendation: For stronger cryptographic protection of user passwords, it is recommended to use OpenSSL and PHP version 5.3.7 or later; PHP must be compiled with the --with-openssl[=DIR] option. If you are using a Unix-like OS, make sure the /dev/urandom special file is readable.

For help on PHP configuration settings, visit http://www.php.net.

PHP 7 typical configuration

  • Disable all extensions except these: calendar / cgi-fcgi / Core / ctype / curl / date / dom / filter / ftp / gd / gettext / hash / iconv / json / libxml / mbstring / mysqli / mysqlnd / openssl / pcre / posix / readline / Reflection / session / SimpleXML / soap / sodium / SPL / standard / sysvmsg / sysvsem / sysvshm / xml / xmlreader / xmlwriter / Zend OPcache / zlib
  • Use Server API FPM/FastCGI with nginx webserver
  • You can use File:PHP NGINX.tgz sample configs, Clean_URLs_in_Nginx and Configuring_HTTPS.

MySQL configuration

MySQL version

For X-Cart versions 4.7.х, MySQL 5.7.x/8.x is recommended for better performance, MySQL 8.x is supported starting with X-Cart version 4.7.10
Up to X-Cart 4.7.0 Supported versions: 4.1.2 - 5.7.x

MariaDB is also supported by X-Cart versions of the 4.7 branch.

MySQL server settings

MAX_CONNECTIONS >= 200 (required; try using a lower setting when having MySQL issues on a server with less than 4GB of RAM)

MySQL user privileges

Required basic privileges:


Privileges, required for software installation/upgrade:


MySQL user limitations

Required values:

MAX_QUESTIONS - no limitations
MAX_UPDATES - no limitations
MAX_QUERIES_PER_HOUR - no limitations
MAX_USER_CONNECTIONS - no limitations

Recommended values:

max_allowed_packet - 8-16 MB recommended
wait_timeout - minimum 7200 (28800 recommended)
Note: a 'Lost connections' error may appear if the values of the options 'max_allowed_packet' and 'wait_timeout' are too low.

Web-server configuration

Nginx is the recommended web server. The settings described below refer to Apache only.

Distributed configuration file

  • The name of the file must be ".htaccess" (AccessFileName .htaccess).
  • You must have sufficient permissions to change the settings of the web directory via the .htaccess file (AllowOverride = ALL).

PHP running mode

If PHP is installed as CGI, it must be compiled with --enable-force-cgi-redirect (without --enable-discard-path).

Apache modules

Basic modules:

  • mod_dir - is required for correct operation of DirectoryIndex
  • mod_access - is required for correct operation of Deny From All and Allow From All
  • mod_auth - is required for correct operation of HTTP authentication (HTTP authentication is used in Google Checkout module for additional Admin area protection)

Recommended modules

  • mod_userdir - is required for access to the website via a temporary URL (http://IP/~user).
  • mod_rewrite - is required for correct operation of the Clean URLs functionality.
  • mod_expires - is required to set up file caching.
  • mod_gzip / mod_deflate - is required for page compression.

Important: If using FastCGI apache module, be sure increase the default values for the FcgidIOTimeout and FcgidIdleTimeout settings in the apache/FastCGI configs. See " CSV import times out before completion..." import/export troubleshooting article for details.

HTTPS settings

  • DocumentRoot directories for HTTP and HTTPS must be the same.
  • PHP on HTTP and HTTPS must be run under the same user account.
  • The php.ini file must be the same for HTTP and HTTPS.

Disk space

A fresh installation of X-Cart 4.3.0 uses at least 30 megabytes of disk space (if installed without add-ons). In addition to that, some disk space will be needed for X-Cart's cache data, image files (if you choose to store them on the file system) and customizations.

MySQL space

The amount of space required for X-Cart database depends on the number of products, customers and orders that will be stored there. Accordingly, database space requirements may vary from as little as 5 megabytes for small shops to over 500 megabytes for large stores.

Advanced requirements and recommended settings

Network settings

  • Outgoing connections must be allowed for ports 80, 443 and 1129. Some payment and shipping systems may require additional ports.
  • The server firewall must allow loopback connections. This is required for HTML catalog feature.
  • External domains must be resolved on the level of PHP as well as on the system level. Such PHP functions as gethostbyaddr and gethostbyname must work without limitations.
  • Domains hosted on a hosting with localhost must be resolved to an external IP address if the server is behind NAT.

Other requirements

  • A valid SSL certificate from the list of SSL certificates accepted by Google Checkout is required for correct operation of Google Checkout module. For more information, see the section "What SSL certificates does Google Checkout accept?" of Google Checkout Merchant Help.
  • Windows or Linux operating system is required for HSBC payment method.
  • The following functionality requires no less than 64 MB of memory: backing up/restoring the database, import and product modification.
Important! These are the basic system requirements. Some specific settings may be needed for different store configurations.

Environment check

You can check whether your X-Cart store environment is optimal by following a link crafted according to the following pattern:


where http://www.example.com/xcart/ is the address of your installed X-Cart store, and XXXXXXXX is the Auth code for your X-Cart installation.

The result should be a table like the following:
Check requirements.png

Client-side requirements


The users of X-Cart's back end must have JavaScript enabled in the web browser.

For the users of X-Cart's storefront, enabled JavaScript is recommended: JavaScript is not required for the basic storefront functionality: a user can register, log in, add a product to cart and check out without JavaScript enabled; however, anything above that is not guaranteed to work without enabled JavaScript. For example, although a user will be able to buy a regular product with JavaScript disabled, they will not be able to buy a configurable product or a gift certificate.

If a user enters the store with JavaScript disabled, X-Cart displays a message asking this user to enable JavaScript in the web browser.


Both the users of X-Cart's storefront and back end must set their web browser to accept cookies. If a user enters the store using a browser that does not accept cookies and attempts to perform an operation that requires enabled cookies, X-Cart displays a message asking this user to enable cookies in the web browser.

Screen resolution

Minimum required screen resolution for the storefront is 800x600 (recommended: 1024x768 or higher).

Minimum required screen resolution for the back end is 1024x768.

Browser compatibility

  • Google Chrome 4 major versions (including latest version)
  • Mozilla FireFox 4 major versions (including latest version)
  • Safari 4 major versions (including latest version)
  • Edge 4 major versions (including latest version)
  • Opera 4 major versions (including latest version)