X-Cart:Server Requirements (X-Cart 4.5, 4.6, 4.7)
- 1 Server requirements
- 2 Environment check
- 3 Client-side requirements
Any operating system is good - as long as it allows deployment of the following required components:
- Web server with support for PHP (Nginx is recommended).
PHP, MySQL and Apache/Nginx web server requirements are listed further below.
Hardware required to achieve a good X-Cart performance depends on many factors, however the most important are Catalog size and Traffic. The table below provides recommended hardware specifications.
|Catalog size||up to 100 visitors/day||up to 5,000 visitors/day||up to 15,000 visitors/day|
|2000 SKUs||a good shared/cloud hosting||
VPS / Dedicated server
|20,000 SKUs||a good shared/cloud hosting||
VPS / Dedicated server
X-Cart 4.7.0 and later: Any PHP version below 7.2.x should not be used. #PHP7 is recommended for X-Cart versions 4.7.6 and later for better performance. Free PHP7.0 / 7.1 / 7.2 / 7.3 / 7.4 patches for old versions
X-Cart 4.5.3-4.6.6: PHP version 5.2.0 or later is required.
Up to X-Cart 4.5.3: PHP versions 4.4.0 - 5.x. (PHP5 support is recommended, but not required).
|4.7.9 - 4.7.10||Patches||Patches|
|4.7.6 - 4.7.7||Patches||Patches||Patches||Patches|
|x.x.x - 4.7.5||Patches||Patches||Patches||Patches||Patches|
- safe_mode = off
- file_uploads = on
- magic_quotes_sybase = off
- sql.safe_mode = off
- allow_url_fopen = on
- ini_set = on
- memory_limit >= 32M
- (X-Cart v4.5.5 and later) register_globals = off
- disable_functions = NULL
- post_max_size >= 2M
- upload_max_filesize >= 2M
- max_execution_time >= 30
- memory_limit >= 64M
- max_input_time >= 30
- sendmail_from = ...@domain.com (an email address, from which sending mail is allowed)
- MySQLI or MySQL (MySQLI is supported starting with X-Cart version 4.6.4)
- FTP - to be able to upload files to GoogleBase
- Zlib - for data compression on the fly
- GDLib 2.0 or better - required for automatic generation of product thumbnails form product images, for the 'Image Verification' module and for cache generation in the 'Detailed Product Images' module. GDLib must be compiled with libJpeg (ensure that PHP is configured with the option --with-jpeg-dir=DIR, where DIR is the directory where libJpeg is installed).
- OpenSSL or Mcrypt - highly recommended to speed up the Blowfish data encrypting process. (OpenSSL is recommended starting with X-Cart version 4.7.9)
- xml/Expat - for Intershipper, UPS or USPS shipping modules.
- cURL - for some of the online credit card processing modules and for shipping modules (cURL version 7.39.0 or better is recommended).
- iconv - for AJAX functionality.
- PHP should be compiled with the --enable-memory-limit option (strongly recommended).
- PHP should be compiled with the --enable-mbstring option. mbstring is used to handle languages that use multibyte character encodings. For more information and a list of supported encodings, see the corresponding section of PHP manual. If you are planning to use languages that require UTF-8 encoding, set the mbstring.func_overload value to 7.
In X-Cart versions 4.6.2 and later, mbstring is also needed for "responsive" display of notifications.
- If you wish to use an external mail program (like qmail or postfix) instead of the PHP mail() function, this mail program must be installed and configured.
- If you wish to use an SMTP server instead of the PHP mail() function to send mail from the store, the SMTP server must be installed and configured.
- PHP function exec() must be allowed for the correct functioning of most of the CC payment processing modules used with X-Cart (SaferPay, Credomatic, CyberSource, HSBC, Ogone, Ogone Web, PayBox, PaySystems Client, VaultX), HTTPS modules (Net::SSLeay, CURL, OpenSSL, https_cli), GnuPG/PGP.
- PHP functions popen() & pclose() must be allowed for the correct functioning of some HTTPS modules (CURL, Net::SSLeay, OpenSSL, https_cli), payment modules (Saferpay, CyberSource), SMTP mailer (PHPMailer).
- Security recommendation: For stronger cryptographic protection of user passwords, it is recommended to use OpenSSL and PHP version 5.3.7 or later; PHP must be compiled with the --with-openssl[=DIR] option. If you are using a Unix-like OS, make sure the /dev/urandom special file is readable.
For help on PHP configuration settings, visit http://www.php.net.
PHP 7 typical configuration
- Disable all extensions except these: calendar / cgi-fcgi / Core / ctype / curl / date / dom / filter / ftp / gd / gettext / hash / iconv / json / libxml / mbstring / mysqli / mysqlnd / openssl / pcre / posix / readline / Reflection / session / SimpleXML / soap / sodium / SPL / standard / sysvmsg / sysvsem / sysvshm / xml / xmlreader / xmlwriter / Zend OPcache / zlib
- Use Server API FPM/FastCGI with nginx webserver
- You can use File:PHP NGINX.tgz sample configs and Clean_URLs_in_Nginx.
For X-Cart versions 4.7.х, MySQL 5.7.x/8.x is recommended for better performance, MySQL 8.x is supported starting with X-Cart version 4.7.10
Up to X-Cart 4.7.0 Supported versions: 4.1.2 - 5.7.x
MySQL server settings
MAX_CONNECTIONS >= 200 (required; try using a lower setting when having MySQL issues on a server with less than 4GB of RAM)
MySQL user privileges
Required basic privileges:
Privileges, required for software installation/upgrade:
MySQL user limitations
- MAX_QUESTIONS - no limitations
- MAX_UPDATES - no limitations
- MAX_QUERIES_PER_HOUR - no limitations
- MAX_USER_CONNECTIONS - no limitations
- max_allowed_packet - 8-16 MB recommended
- wait_timeout - minimum 7200 (28800 recommended)
Nginx is the recommended web server. The settings described below refer to Apache only.
Distributed configuration file
- The name of the file must be ".htaccess" (AccessFileName .htaccess).
- You must have sufficient permissions to change the settings of the web directory via the .htaccess file (AllowOverride = ALL).
PHP running mode
If PHP is installed as CGI, it must be compiled with --enable-force-cgi-redirect (without --enable-discard-path).
- mod_dir - is required for correct operation of DirectoryIndex
- mod_access - is required for correct operation of Deny From All and Allow From All
- mod_auth - is required for correct operation of HTTP authentication (HTTP authentication is used in Google Checkout module for additional Admin area protection)
- mod_userdir - is required for access to the website via a temporary URL (http://IP/~user).
- mod_rewrite - is required for correct operation of the Clean URLs functionality.
- mod_expires - is required to set up file caching.
- mod_gzip / mod_deflate - is required for page compression.
Important: If using FastCGI apache module, be sure increase the default values for the FcgidIOTimeout and FcgidIdleTimeout settings in the apache/FastCGI configs. See " CSV import times out before completion..." import/export troubleshooting article for details.
- DocumentRoot directories for HTTP and HTTPS must be the same.
- PHP on HTTP and HTTPS must be run under the same user account.
- The php.ini file must be the same for HTTP and HTTPS.
A fresh installation of X-Cart 4.3.0 uses at least 30 megabytes of disk space (if installed without add-ons). In addition to that, some disk space will be needed for X-Cart's cache data, image files (if you choose to store them on the file system) and customizations.
The amount of space required for X-Cart database depends on the number of products, customers and orders that will be stored there. Accordingly, database space requirements may vary from as little as 5 megabytes for small shops to over 500 megabytes for large stores.
Advanced requirements and recommended settings
- Outgoing connections must be allowed for ports 80, 443 and 1129. Some payment and shipping systems may require additional ports.
- The server firewall must allow loopback connections. This is required for HTML catalog feature.
- External domains must be resolved on the level of PHP as well as on the system level. Such PHP functions as gethostbyaddr and gethostbyname must work without limitations.
- Domains hosted on a hosting with localhost must be resolved to an external IP address if the server is behind NAT.
- A valid SSL certificate from the list of SSL certificates accepted by Google Checkout is required for correct operation of Google Checkout module. For more information, see the section "What SSL certificates does Google Checkout accept?" of Google Checkout Merchant Help.
- Windows or Linux operating system is required for HSBC payment method.
- The following functionality requires no less than 64 MB of memory: backing up/restoring the database, import and product modification.
You can check whether your X-Cart store environment is optimal by following a link crafted according to the following pattern:
Both the users of X-Cart's storefront and back end must set their web browser to accept cookies. If a user enters the store using a browser that does not accept cookies and attempts to perform an operation that requires enabled cookies, X-Cart displays a message asking this user to enable cookies in the web browser.
Minimum required screen resolution for the storefront is 800x600 (recommended: 1024x768 or higher).
Minimum required screen resolution for the back end is 1024x768.
- Google Chrome 4 major versions (including latest version)
- Mozilla FireFox 4 major versions (including latest version)
- Safari 4 major versions (including latest version)
- Edge 4 major versions (including latest version)
- Opera 4 major versions (including latest version)