Published 2021-01-30.
Last modified 2021-01-31.
Time to read: 7 minutes.
posts collection, categorized under Open Source, PostgreSQL, Software, Ubuntu, e-commerce, nginx.
I needed a shopping cart that has good coupon and discount support and flexible pricing. My requirements were unique in that each item in the cart might be a custom product, with the price computed according to a formula on the server. The store had few standard SKUs.
I started to look into three options for obtaining a shopping cart with good coupon support: building it myself, using a commercial product, or customizing an open-source project. This article is the story of the ‘customize an open source’ track.
OpenCart
I wanted to evaluate the leading open-source shopping cart contender by installing it on a development machine and giving it real data. OpenCart is renowned as one of the better open-source shopping carts available today. As with many open-source projects, the company that provides the source code has a conflict of interest: if they make installing and configuring the software effortless, then their revenue would be much less than if they had a cadre of interested but frustrated developers. I looked at the hosting options and did not like their value or customizability.
OpenCart shows its age by using MySQL and its descendants, like Maria. Long ago, I moved on from MySQL to Postgres, and I have been pleased with Postgres. I decided to try to make OpenCart run on Postgres and Ubuntu. I knew before I started that OpenCart’s support for Postgres was weak.
If you find watching videos of gory slow-motion accidents entertaining, please read on.
Unit Tests
The first thing I look for when evaluating software for possible incorporation into a project is unit tests.
$ git grep -Ii test \ ":(exclude)*.css" \ ":(exclude)*.yml" \ ":(exclude)*.js" $ git grep -IiE 'phptest|Codeception' \ ":(exclude)*.css" \ ":(exclude)*.yml" \ ":(exclude)*.js"
There were no tests and no references to PHPUnit or Codeception. This was a big black mark against OpenCart.
Install Dependencies
If you need information about PostgreSQL, here is the mother ship. This is a good description of how to install Postgres.
I use PGAdmin when I want a graphical interface to PostgreSQL. Installation instructions are here. In a nutshell:
$ curl https://www.pgadmin.org/static/packages_pgadmin_org.pub | \ sudo apt-key add $ sudo sh -c \ 'echo "deb https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/$(lsb_release -cs) pgadmin4 main" > /etc/apt/sources.list.d/pgadmin4.list && apt update' $ yes | sudo apt install pgadmin4
I installed the rest of the dependencies like this:
$ yes | sudo apt install \
postgresql postgresql-contrib \
software-properties-common lynx \
php7.4 php-fpm php-gd php-curl php-postgre php-zip \
php5-pgsql
phpenmod is a Debian / Ubuntu command for enabling PHP extensions.
$ sudo phpenmod pgsql
I verified that the desired PHP extensions were installed typing php -m.
$ php -m | grep pg pdo_pgsql pgsql
Figuring Out Problems
I also installed the PHP debugger when I realized I needed to do some debugging. IntelliJ (which is the big brother of PHP Storm) did a terrific job of providing debug capability for command-line PHP.
$ yes | sudo apt install php-xdebug
I opened a new console and continuously viewed the nginx, PHP and PostgreSQL error logs.
This was a big help whenever I needed to figure out problems.
$ tail -f \
/var/log/nginx/*.log \
/var/log/php*.log \
/var/log/postgresql/postgresql-12*.log
Configure nginx
The only change I made to /etc/nginx/nginx.conf was to change the default MIME type from
application/octet-stream to text/html.
The change is highlighted in yellow; scroll the code to see it.
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_maxsize 2048;
# server_tokens off;
# server_names_hash_bucketsize 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
#default_type application/octet-stream;
default_type text/html;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log notice;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
I deleted /etc/nginx/sites-enabled/default and replaced it with
/etc/nginx/sites-enabled/php so PHP files would be parsed properly, no matter what directory they resided in.
# See https://tecadmin.net/setup-nginx-php-fpm-on-ubuntu-20-04/
server {
listen 80;
root /var/www/html;
index index.php index.html index.htm;
server_name example.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
}
Now it was time to restart nginx:
$ sudo systemctl restart nginx.service
Verify Services Are Running
$ sudo systemctl status nginx ● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2021-01-29 16:58:04 EST; 15h ago Docs: man:nginx(8) Main PID: 1584845 (nginx) Tasks: 9 (limit: 38389) Memory: 10.0M CGroup: /system.slice/nginx.service ├─1584845 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; ├─1584846 nginx: worker process ├─1584847 nginx: worker process ├─1584848 nginx: worker process ├─1584849 nginx: worker process ├─1584850 nginx: worker process ├─1584851 nginx: worker process ├─1584852 nginx: worker process └─1584853 nginx: worker process Jan 29 16:58:04 localhost systemd[1]: Starting A high performance web server and a reverse proxy server... Jan 29 16:58:04 localhost systemd[1]: Started A high performance web server and a reverse proxy server.
$ sudo systemctl status php7.4-fpm ● php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2021-01-30 08:32:36 EST; 10min ago Docs: man:php-fpm7.4(8) Process: 3430785 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/7.4/fp> Main PID: 3430782 (php-fpm7.4) Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec" Tasks: 3 (limit: 38389) Memory: 8.1M CGroup: /system.slice/php7.4-fpm.service ├─3430782 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf) ├─3430783 php-fpm: pool www └─3430784 php-fpm: pool www Jan 30 08:32:36 localhost systemd[1]: Starting The PHP 7.4 FastCGI Process Manager... Jan 30 08:32:36 localhost systemd[1]: Started The PHP 7.4 FastCGI Process Manager.
Verifing That PHP Works
I made the file /var/www/html/info.php, which is very common when working with PHP.
Just ensure that it does not appear on your production site,
or hackers will know more about your website than they should.
<?php phpinfo(); ?>
Now, I verified that PHP worked by viewing information about the setup.
The -I option causes curl to just return HTML headers, not the HTML body.
$ curl -I http://localhost/info.php HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 30 Jan 2021 18:50:30 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive
View info.php in a web browser to see the details.
Lynx is good for that from the command line:
$ lynx http://localhost/info.php
Set Up PostgreSQL
I only changed the value of listen_addresses in postgresql.conf.
Again, this change is highlighted in yellow; scroll down to see it.
# -----------------------------
# PostgreSQL configuration file
# -----------------------------
#
# This file consists of lines of the form:
#
# name = value
#
# (The "=" is optional.) Whitespace may be used. Comments are introduced with
# "#" anywhere on a line. The complete list of parameter names and allowed
# values can be found in the PostgreSQL documentation.
#
# The commented-out settings shown in this file represent the default values.
# Re-commenting a setting is NOT sufficient to revert it to the default value;
# you need to reload the server.
#
# This file is read on server startup and when the server receives a SIGHUP
# signal. If you edit the file on a running system, you have to SIGHUP the
# server for the changes to take effect, run "pg_ctl reload", or execute
# "SELECT pg_reload_conf()". Some parameters, which are marked below,
# require a server shutdown and restart to take effect.
#
# Any parameter can also be given as a command-line option to the server, e.g.,
# "postgres -c log_connections=on". Some parameters can be changed at run time
# with the "SET" SQL command.
#
# Memory units: kB = kilobytes Time units: ms = milliseconds
# MB = megabytes s = seconds
# GB = gigabytes min = minutes
# TB = terabytes h = hours
# d = days
#------------------------------------------------------------------------------
# FILE LOCATIONS
#------------------------------------------------------------------------------
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.
data_directory = '/var/lib/postgresql/12/main' # use data in another directory
# (change requires restart)
hba_file = '/etc/postgresql/12/main/pg_hba.conf' # host-based authentication file
# (change requires restart)
ident_file = '/etc/postgresql/12/main/pg_ident.conf' # ident configuration file
# (change requires restart)
# If external_pid_file is not explicitly set, no extra PID file is written.
external_pid_file = '/var/run/postgresql/12-main.pid' # write an extra PID file
# (change requires restart)
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*'
#listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
# - TCP settings -
# see "man 7 tcp" for details
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
# 0 selects the system default
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
# 0 selects the system default
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
# 0 selects the system default
#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
# 0 selects the system default
# - Authentication -
#authentication_timeout = 1min # 1s-600s
#password_encryption = md5 # md5 or scram-sha-256
#db_user_namespace = off
# GSSAPI using Kerberos
#krb_server_keyfile = ''
#krb_caseins_users = off
# - SSL -
#ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
#ssl_min_protocol_version = 'TLSv1'
#ssl_max_protocol_version = ''
#ssl_dh_params_file = ''
#ssl_passphrase_command = ''
#ssl_passphrase_command_supports_reload = off
#------------------------------------------------------------------------------
# RESOURCE USAGE (except WAL)
#------------------------------------------------------------------------------
# - Memory -
shared_buffers = 128MB # min 128kB
# (change requires restart)
#huge_pages = try # on, off, or try
# (change requires restart)
#temp_buffers = 8MB # min 800kB
#max_prepared_transactions = 0 # zero disables the feature
# (change requires restart)
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
# you actively intend to use prepared transactions.
#work_mem = 4MB # min 64kB
#maintenance_work_mem = 64MB # min 1MB
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
#max_stack_depth = 2MB # min 100kB
#shared_memory_type = mmap # the default is the first option
# supported by the operating system:
# mmap
# sysv
# windows
# (change requires restart)
dynamic_shared_memory_type = posix # the default is the first option
# supported by the operating system:
# posix
# sysv
# windows
# mmap
# (change requires restart)
# - Disk -
#temp_file_limit = -1 # limits per-process temp file space
# in kB, or -1 for no limit
# - Kernel Resources -
#max_files_per_process = 1000 # min 25
# (change requires restart)
# - Cost-Based Vacuum Delay -
#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
#vacuum_cost_page_hit = 1 # 0-10000 credits
#vacuum_cost_page_miss = 10 # 0-10000 credits
#vacuum_cost_page_dirty = 20 # 0-10000 credits
#vacuum_cost_limit = 200 # 1-10000 credits
# - Background Writer -
#bgwriter_delay = 200ms # 10-10000ms between rounds
#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
#bgwriter_flush_after = 512kB # measured in pages, 0 disables
# - Asynchronous Behavior -
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
#max_worker_processes = 8 # (change requires restart)
#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
#parallel_leader_participation = on
#max_parallel_workers = 8 # maximum number of max_worker_processes that
# can be used in parallel operations
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
# (change requires restart)
#backend_flush_after = 0 # measured in pages, 0 disables
#------------------------------------------------------------------------------
# WRITE-AHEAD LOG
#------------------------------------------------------------------------------
# - Settings -
#wal_level = replica # minimal, replica, or logical
# (change requires restart)
#fsync = on # flush data to disk for crash safety
# (turning this off can cause
# unrecoverable data corruption)
#synchronous_commit = on # synchronization level;
# off, local, remote_write, remote_apply, or on
#wal_sync_method = fsync # the default is the first option
# supported by the operating system:
# open_datasync
# fdatasync (default on Linux)
# fsync
# fsync_writethrough
# open_sync
#full_page_writes = on # recover from partial page writes
#wal_compression = off # enable compression of full-page writes
#wal_log_hints = off # also do full page writes of non-critical updates
# (change requires restart)
#wal_init_zero = on # zero-fill new WAL files
#wal_recycle = on # recycle WAL files
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
# (change requires restart)
#wal_writer_delay = 200ms # 1-10000 milliseconds
#wal_writer_flush_after = 1MB # measured in pages, 0 disables
#commit_delay = 0 # range 0-100000, in microseconds
#commit_siblings = 5 # range 1-1000
# - Checkpoints -
#checkpoint_timeout = 5min # range 30s-1d
max_walsize = 1GB
min_walsize = 80MB
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
#checkpoint_flush_after = 256kB # measured in pages, 0 disables
#checkpoint_warning = 30s # 0 disables
# - Archiving -
#archive_mode = off # enables archiving; off, on, or always
# (change requires restart)
#archive_command = '' # command to use to archive a logfile segment
# placeholders: %p = path of file to archive
# %f = file name only
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
#archive_timeout = 0 # force a logfile segment switch after this
# number of seconds; 0 disables
# - Archive Recovery -
# These are only used in recovery mode.
#restore_command = '' # command to use to restore an archived logfile segment
# placeholders: %p = path of file to restore
# %f = file name only
# e.g. 'cp /mnt/server/archivedir/%f %p'
# (change requires restart)
#archive_cleanup_command = '' # command to execute at every restartpoint
#recovery_end_command = '' # command to execute at completion of recovery
# - Recovery Target -
# Set these only when performing a targeted recovery.
#recovery_target = '' # 'immediate' to end recovery as soon as a
# consistent state is reached
# (change requires restart)
#recovery_target_name = '' # the named restore point to which recovery will proceed
# (change requires restart)
#recovery_target_time = '' # the time stamp up to which recovery will proceed
# (change requires restart)
#recovery_target_xid = '' # the transaction ID up to which recovery will proceed
# (change requires restart)
#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
# (change requires restart)
#recovery_target_inclusive = on # Specifies whether to stop:
# just after the specified recovery target (on)
# just before the recovery target (off)
# (change requires restart)
#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
# (change requires restart)
#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
# (change requires restart)
#------------------------------------------------------------------------------
# REPLICATION
#------------------------------------------------------------------------------
# - Sending Servers -
# Set these on the master and on any standby that will send replication data.
#max_wal_senders = 10 # max number of walsender processes
# (change requires restart)
#wal_keep_segments = 0 # in logfile segments; 0 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables
#max_replication_slots = 10 # max number of replication slots
# (change requires restart)
#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
# - Master Server -
# These settings are ignored on a standby server.
#synchronous_standby_names = '' # standby servers that provide sync rep
# method to choose sync standbys, number of sync standbys,
# and comma-separated list of application_name
# from standby(s); '*' = all
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
# - Standby Servers -
# These settings are ignored on a master server.
#primary_conninfo = '' # connection string to sending server
# (change requires restart)
#primary_slot_name = '' # replication slot on sending server
# (change requires restart)
#promote_trigger_file = '' # file name whose presence ends recovery
#hot_standby = on # "off" disallows queries during recovery
# (change requires restart)
#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
# -1 allows indefinite delay
#max_standby_streaming_delay = 30s # max delay before canceling queries
# when reading streaming WAL;
# -1 allows indefinite delay
#wal_receiver_status_interval = 10s # send replies at least this often
# 0 disables
#hot_standby_feedback = off # send info from standby to prevent
# query conflicts
#wal_receiver_timeout = 60s # time that receiver waits for
# communication from master
# in milliseconds; 0 disables
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
# retrieve WAL after a failed attempt
#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
# - Subscribers -
# These settings are ignored on a publisher.
#max_logical_replication_workers = 4 # taken from max_worker_processes
# (change requires restart)
#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
#------------------------------------------------------------------------------
# QUERY TUNING
#------------------------------------------------------------------------------
# - Planner Method Configuration -
#enable_bitmapscan = on
#enable_hashagg = on
#enable_hashjoin = on
#enable_indexscan = on
#enable_indexonlyscan = on
#enable_material = on
#enable_mergejoin = on
#enable_nestloop = on
#enable_parallel_append = on
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on
#enable_partitionwise_join = off
#enable_partitionwise_aggregate = off
#enable_parallel_hash = on
#enable_partition_pruning = on
# - Planner Cost Constants -
#seq_page_cost = 1.0 # measured on an arbitrary scale
#random_page_cost = 4.0 # same scale as above
#cpu_tuple_cost = 0.01 # same scale as above
#cpu_index_tuple_cost = 0.005 # same scale as above
#cpu_operator_cost = 0.0025 # same scale as above
#parallel_tuple_cost = 0.1 # same scale as above
#parallel_setup_cost = 1000.0 # same scale as above
#jit_above_cost = 100000 # perform JIT compilation if available
# and query more expensive than this;
# -1 disables
#jit_inline_above_cost = 500000 # inline small functions if query is
# more expensive than this; -1 disables
#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
# query is more expensive than this;
# -1 disables
#min_parallel_table_scansize = 8MB
#min_parallel_index_scansize = 512kB
#effective_cachesize = 4GB
# - Genetic Query Optimizer -
#geqo = on
#geqo_threshold = 12
#geqo_effort = 5 # range 1-10
#geqo_poolsize = 0 # selects default based on effort
#geqo_generations = 0 # selects default based on effort
#geqo_selection_bias = 2.0 # range 1.5-2.0
#geqo_seed = 0.0 # range 0.0-1.0
# - Other Planner Options -
#default_statistics_target = 100 # range 1-10000
#constraint_exclusion = partition # on, off, or partition
#cursor_tuple_fraction = 0.1 # range 0.0-1.0
#from_collapse_limit = 8
#join_collapse_limit = 8 # 1 disables collapsing of explicit
# JOIN clauses
#force_parallel_mode = off
#jit = on # allow JIT compilation
#plan_cache_mode = auto # auto, force_generic_plan or
# force_custom_plan
#------------------------------------------------------------------------------
# REPORTING AND LOGGING
#------------------------------------------------------------------------------
# - Where to Log -
#log_destination = 'stderr' # Valid values are combinations of
# stderr, csvlog, syslog, and eventlog,
# depending on platform. csvlog
# requires logging_collector to be on.
# This is used when logging to stderr:
#logging_collector = off # Enable capturing of stderr and csvlog
# into log files. Required to be on for
# csvlogs.
# (change requires restart)
# These are only used if logging_collector is on:
#log_directory = 'log' # directory where log files are written,
# can be absolute or relative to PGDATA
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
# can include strftime() escapes
#log_file_mode = 0600 # creation mode for log files,
# begin with 0 to use octal notation
#log_truncate_on_rotation = off # If on, an existing log file with the
# same name as the new log file will be
# truncated rather than appended to.
# But such truncation only occurs on
# time-driven rotation, not on restarts
# or size-driven rotation. Default is
# off, meaning append to existing files
# in all cases.
#log_rotation_age = 1d # Automatic rotation of logfiles will
# happen after that time. 0 disables.
#log_rotationsize = 10MB # Automatic rotation of logfiles will
# happen after that much log output.
# 0 disables.
# These are relevant when logging to syslog:
#syslog_facility = 'LOCAL0'
#syslog_ident = 'postgres'
#syslog_sequence_numbers = on
#syslog_split_messages = on
# This is only relevant when logging to eventlog (win32):
# (change requires restart)
#event_source = 'PostgreSQL'
# - When to Log -
#log_min_messages = warning # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic
#log_min_error_statement = error # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic (effectively off)
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
# and their durations, > 0 logs only
# statements running at least this number
# of milliseconds
#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements
# are logged regardless of their duration. 1.0 logs all
# statements from all transactions, 0.0 never logs.
# - What to Log -
#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = on
#log_checkpoints = off
#log_connections = off
#log_disconnections = off
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
log_line_prefix = '%m [%p] %q%u@%d ' # special values:
# %a = application name
# %u = username
# %d = database name
# %r = remote host and port
# %h = remote host
# %p = process ID
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %n = timestamp with milliseconds (as a Unix epoch)
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session
# processes
# %% = '%'
# e.g. '<%u%%%d> '
#log_lock_waits = off # log lock waits >= deadlock_timeout
#log_statement = 'none' # none, ddl, mod, all
#log_replication_commands = off
#log_temp_files = -1 # log temporary files equal or larger
# than the specified size in kilobytes;
# -1 disables, 0 logs all temp files
log_timezone = 'America/New_York'
#------------------------------------------------------------------------------
# PROCESS TITLE
#------------------------------------------------------------------------------
cluster_name = '12/main' # added to process titles if nonempty
# (change requires restart)
#update_process_title = on
#------------------------------------------------------------------------------
# STATISTICS
#------------------------------------------------------------------------------
# - Query and Index Statistics Collector -
#track_activities = on
#track_counts = on
#track_io_timing = off
#track_functions = none # none, pl, all
#track_activity_querysize = 1024 # (change requires restart)
stats_temp_directory = '/var/run/postgresql/12-main.pg_stat_tmp'
# - Monitoring -
#log_parser_stats = off
#log_planner_stats = off
#log_executor_stats = off
#log_statement_stats = off
#------------------------------------------------------------------------------
# AUTOVACUUM
#------------------------------------------------------------------------------
#autovacuum = on # Enable autovacuum subprocess? 'on'
# requires track_counts to also be on.
#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
# their durations, > 0 logs only
# actions running at least this number
# of milliseconds.
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
# (change requires restart)
#autovacuum_naptime = 1min # time between autovacuum runs
#autovacuum_vacuum_threshold = 50 # min number of row updates before
# vacuum
#autovacuum_analyze_threshold = 50 # min number of row updates before
# analyze
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
# (change requires restart)
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
# before forced vacuum
# (change requires restart)
#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
# autovacuum, in milliseconds;
# -1 means use vacuum_cost_delay
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
# autovacuum, -1 means use
# vacuum_cost_limit
#------------------------------------------------------------------------------
# CLIENT CONNECTION DEFAULTS
#------------------------------------------------------------------------------
# - Statement Behavior -
#client_min_messages = notice # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# log
# notice
# warning
# error
#search_path = '"$user", public' # schema names
#row_security = on
#default_tablespace = '' # a tablespace name, '' uses the default
#temp_tablespaces = '' # a list of tablespace names, '' uses
# only default tablespace
#default_table_access_method = 'heap'
#check_function_bodies = on
#default_transaction_isolation = 'read committed'
#default_transaction_read_only = off
#default_transaction_deferrable = off
#session_replication_role = 'origin'
#statement_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_min_age = 50000000
#vacuum_freeze_table_age = 150000000
#vacuum_multixact_freeze_min_age = 5000000
#vacuum_multixact_freeze_table_age = 150000000
#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples
# before index cleanup, 0 always performs
# index cleanup
#bytea_output = 'hex' # hex, escape
#xmlbinary = 'base64'
#xmloption = 'content'
#gin_fuzzy_search_limit = 0
#gin_pending_list_limit = 4MB
# - Locale and Formatting -
datestyle = 'iso, mdy'
#intervalstyle = 'postgres'
timezone = 'America/New_York'
#timezone_abbreviations = 'Default' # Select the set of available time zone
# abbreviations. Currently, there are
# Default
# Australia (historical usage)
# India
# You can create your own file in
# share/timezonesets/.
#extra_float_digits = 1 # min -15, max 3; any value >0 actually
# selects precise output mode
#client_encoding = sql_ascii # actually, defaults to database
# encoding
# These settings are initialized by initdb, but they can be changed.
lc_messages = 'en_US.UTF-8' # locale for system error message
# strings
lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
lc_numeric = 'en_US.UTF-8' # locale for number formatting
lc_time = 'en_US.UTF-8' # locale for time formatting
# default configuration for text search
default_text_search_config = 'pg_catalog.english'
# - Shared Library Preloading -
#shared_preload_libraries = '' # (change requires restart)
#local_preload_libraries = ''
#session_preload_libraries = ''
#jit_provider = 'llvmjit' # JIT library to use
# - Other Defaults -
#dynamic_library_path = '$libdir'
#------------------------------------------------------------------------------
# LOCK MANAGEMENT
#------------------------------------------------------------------------------
#deadlock_timeout = 1s
#max_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_relation = -2 # negative values mean
# (max_pred_locks_per_transaction
# / -max_pred_locks_per_relation) - 1
#max_pred_locks_per_page = 2 # min 0
#------------------------------------------------------------------------------
# VERSION AND PLATFORM COMPATIBILITY
#------------------------------------------------------------------------------
# - Previous PostgreSQL Versions -
#array_nulls = on
#backslash_quote = safe_encoding # on, off, or safe_encoding
#escape_string_warning = on
#lo_compat_privileges = off
#operator_precedence_warning = off
#quote_all_identifiers = off
#standard_conforming_strings = on
#synchronize_seqscans = on
# - Other Platforms and Clients -
#transform_null_equals = off
#------------------------------------------------------------------------------
# ERROR HANDLING
#------------------------------------------------------------------------------
#exit_on_error = off # terminate session on any error?
#restart_after_crash = on # reinitialize after backend crash?
#data_sync_retry = off # retry or panic on failure to fsync
# data?
# (change requires restart)
#------------------------------------------------------------------------------
# CONFIG FILE INCLUDES
#------------------------------------------------------------------------------
# These options allow settings to be loaded from files other than the
# default postgresql.conf. Note that these are directives, not variable
# assignments, so they can usefully be given more than once.
include_dir = 'conf.d' # include files ending in '.conf' from
# a directory, e.g., 'conf.d'
#include_if_exists = '...' # include file only if it exists
#include = '...' # include file
#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------
All of my changes, highlighted in yellow, are at the bottom of pg_hba.conf.
Scroll down to see them.
# PostgreSQL Client Authentication Configuration File # =================================================== # # Refer to the "Client Authentication" section in the PostgreSQL # documentation for a complete description of this file. A short # synopsis follows. # # This file controls: which hosts are allowed to connect, how clients # are authenticated, which PostgreSQL usernames they can use, which # databases they can access. Records take one of these forms: # # local DATABASE USER METHOD [OPTIONS] # host DATABASE USER ADDRESS METHOD [OPTIONS] # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] # hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] # hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] # # (The uppercase items must be replaced by actual values.) # # The first field is the connection type: "local" is a Unix-domain # socket, "host" is either a plain or SSL-encrypted TCP/IP socket, # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a # non-SSL TCP/IP socket. Similarly, "hostgssenc" uses a # GSSAPI-encrypted TCP/IP socket, while "hostnogssenc" uses a # non-GSSAPI socket. # # DATABASE can be "all", "sameuser", "samerole", "replication", a # database name, or a comma-separated list thereof. The "all" # keyword does not match "replication". Access to replication # must be enabled in a separate record (see example below). # # USER can be "all", a username, a group name prefixed with "+", or a # comma-separated list thereof. In both the DATABASE and USER fields # you can also write a file name prefixed with "@" to include names # from a separate file. # # ADDRESS specifies the set of hosts the record matches. It can be a # host name, or it is made up of an IP address and a CIDR mask that is # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that # specifies the number of significant bits in the mask. A host name # that starts with a dot (.) matches a suffix of the actual host name. # Alternatively, you can write an IP address and netmask in separate # columns to specify the set of hosts. Instead of a CIDR-address, you # can write "samehost" to match any of the server's own IP addresses, # or "samenet" to match any address in any subnet that the server is # directly connected to. # # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". # Note that "password" sends passwords in clear text; "md5" or # "scram-sha-256" are preferred since they send encrypted passwords. # # OPTIONS are a set of options for the authentication in the format # NAME=VALUE. The available options depend on the different # authentication methods -- refer to the "Client Authentication" # section in the documentation for a list of which options are # available for which authentication methods. # # Database and usernames containing spaces, commas, quotes and other # special characters must be quoted. Quoting one of the keywords # "all", "sameuser", "samerole" or "replication" makes the name lose # its special character, and just match a database or username with # that name. # # This file is read on server startup and when the server receives a # SIGHUP signal. If you edit the file on a running system, you have to # SIGHUP the server for the changes to take effect, run "pg_ctl reload", # or execute "SELECT pg_reload_conf()". # # Put your actual configuration here # ---------------------------------- # # If you want to allow non-local connections, you need to add more # "host" records. In that case you will also need to make PostgreSQL # listen on a non-local interface via the listen_addresses # configuration parameter, or via the -i or -h command line switches. # DO NOT DISABLE! # If you change this first entry you will need to make sure that the # database superuser can access the database using some other method. # Noninteractive access to all databases is required during automatic # maintenance (custom daily cronjobs, replication, and similar tasks). # # Database administrative login by Unix domain socket local all postgres md5 # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer # IPv4 local connections: host all all 0.0.0.0/0 md5 host all all 0.0.0.0/32 md5 # IPv6 local connections: host all all ::1/128 md5 # Allow replication connections from localhost, by a user with the # replication privilege. local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5
Now that PostgreSQL was configured, I restarted it:
$ sudo systemctl restart postgresql
Connecting PostgreSQL to PHP
I created a new database called opencart with this command:
$ psql -U postgres -c "create database opencart;" CREATE DATABASE Time: 1057.887 ms (00:01.058)
I entered PHP interactive mode to verify that PHP could connect properly to the new PostgreSQL database. This command sequence just creates a simple table and deletes it.
$ php -a Interactive mode enabled php > pg_connect("host=localhost dbname=opencart user=postgres password=hithere"); php > pg_query("create table test(id integer)"); php > pg_query("drop table test"); php > exit
Configuring OpenCart
The two configuration files that OpenCart provides are empty. They need to be renamed before OpenCart can be installed.
$ sudo mv /work/ecommerce/opencart/upload/config{-dist,}.php $ sudo mv /work/ecommerce/opencart/upload/admin/config{-dist,}.php
These files will contain configuration information after the OpenCart admin user configures the system.
The files also need to have their owner or group set to the same user that the web server runs as.
For nginx, this username and group are both called www-data.
$ find . -name config.php -exec sudo chown www-data:dev {} \;
I dislike the idea of having a web application modify its configuration data while running. This is inherently insecure. However, many PHP programs from the era in which OpenCart was originally written operated that way. I have always been acutely uncomfortable with this practice.
Equally distasteful to me was the hack that PHP programmers often do to support multi-tenant
web applications where users who self-administer their sites have limited storage options
(20 years ago, this was an issue; the rest of the world has moved on):
storing logs within the program file structure.
This is insecure.
OpenCart logs belong in /var/log/opencart.
I did not modify the code; instead, I rolled my eyes and made the log files in
opencart/upload/system/storage/logs/ group writable.
$ sudo chmod g+w opencart/upload/system/storage/logs/*.log
Installing OpenCart
Web-Based Installer
The web-based OpenCart installer is fragile and not well maintained. It dies near the end of its work when attempting to install using a Postgres database.
Clicking on http://localhost/upload/install/
Completing the installation only requires that the database be set up.
system/helper/db_schema.php contains PHP code for defining the database schema using MySQL,
and the SQL to populate the database is found in upload/install/opencart.sql.
At this point, I gave up and tried the command-line installer.
Command-Line Installer
OpenCart has a command-line installer, which is not mentioned in the online installation documentation. I always prefer to use a command-line installer, if possible, because any problems encountered are easier to diagnose and fix than with web-based installers.
In contrast to the publicly promoted web-based installer, the command-line installer appears to be well maintained for and by the current authors, who obviously also operate OpenCart Cloud (more on that in a minute). Once again, we see the inherent conflict of interest in traditional open-source software.
Here is a sample command line for installing OpenCart.
The script should be run from the opencart/upload/install directory.
$ php cli_install.php install \
--db_database opencart \
--db_driver postgre \
--db_hostname localhost \
--db_password postgres_password \
--db_port 5432 \
--db_username postgres \
--email email@example.com \
--http_server http://localhost/opencart/ \
--password admin_password \
--username admin \
| lynx -stdin
I needed to provide proper values for the following options:
--db_database-
There is no default value for this option.
It makes sense to name the database
opencart, but one might have reasons to give it another name. --db_hostname- The database might not run on the same network node as OpenCart's web server.
--db_password- Friends do not let friends use empty passwords, even on personal machines.
--db_port- I usually use the default PostgreSQL port, 5432.
--db_username- It is more secure to not use the
postgresdefault username. --email- Email address of the OpenCart administrator.
--http_server- More than just the domain name, this option also specifies the protocol, HTTP port and the path to the OpenCart directory on the web server.
--password- OpenCart admin user password.
The --db-prefix Option
The above omits the --db_prefix option, whose default value is oc_.
This is because the installer uses upload/install/opencart.sql, which is hard-coded to use the default value.
The --cloud Option
The above also omits the --cloud option.
This option has no documentation.
After looking at the source code, I think this parameter is exclusively for
OpenCart Cloud installations.
This means that most people could omit the option because its value defaults to 0,
which means the installation is not intended for Open Cloud.
Why do I think that? Looking at the code, I see this parameter suppresses database configuration and the saving of configuration information. Also, cloud installations require that the admin user password be pre-hashed, which suggests to me that this script can be initiated from another installation script used by Open Cloud.
Using Default Values
If you are installing on a development machine,
it is likely to run both the Postgres database and the PHP website,
and the software is likely to be set up using default values.
Assuming that the PostgreSQL username is the default, postgres, and the database is called opencart,
you just need to specify the following parameters:
$ php cli_install.php install \
--db_driver postgre \
--db_database opencart \
--db_password postgres_password \
--db_port 5432 \
--db_username postgres \
--email email@example.com \
--http_server http://localhost/opencart/ \
--password admin_password \
| lynx -stdin
Patching Source Code
I ran cli_install.php, found problems, fixed them, reran cli_install.php, found more problems, fixed them, etc. etc.
Clearly, no one has ever run cli_install.php to completion when --cloud option was set to 0.
Defining Constants
The people who use cli_install.php provide values for two constants before the program runs.
I found some code in upload/index.php that defined them.
Using those statements as a guide, I added some lines after line 57 of
upload/system/startup.php so these constants were defined:
// mslinn added:
define('DIR_EXTENSION', DIR_OPENCART . 'extension/');
define('HTTP_SERVER', 'file:' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/');
// end mslinn
Checking The Postgres Driver
Clearly no-one has ever tried to install using the PostgreSQL driver before.
I had to modify line 198 of upload/install/cli_install.php to add a check,
highlighted in yellow, for the PostgreSQL driver extension:
if (!extension_loaded('mysqli') && !extension_loaded('pgsql')) {
$error .= 'ERROR: MySQLi extension needs to be loaded for OpenCart to work!' . "\n";
}
Running the Command-Line Installer
The command-line installer spewed out miles and miles of HTML (mostly the GNU license) and died with an error message. So, I fixed the problem and reran it. It died somewhere else with a different error. So, I fixed that problem too and ran it again. It died yet again somewhere else with yet another error. And again, and again, and again...
The last problem I found before quitting was an error message resulting from the command-line installer attempting to rewrite an HTML header. Really! A command-line installer does not need to present HTML to the user. This command-line installer program is clearly a cheap hack.
Evaluation Results
At this point, I felt that I now had a good idea of the quality of this open-source project:
The business model for the company that stewards OpenCart is also clear: hire cheap programmers of modest ability and charge for their time by the hour. OpenCart is not something I would want to base an e-commerce business on.
Since OpenCart is supposedly the best open-source shopping cart today, I will next look into building something just for me that provides me with a competitive advantage.
