opencart / opencart.github.io Goto Github PK

OpenCart Documentation

HTML 86.77% JavaScript 3.04% CSS 10.19%

opencart.github.io's Introduction

OpenCart

Overview

OpenCart is a free open source e-commerce platform for online merchants. OpenCart provides a professional and reliable foundation from which to build a successful online store.

How to install

Please read the installation instructions included in the repository or download file.

How to upgrade from previous versions

Please read the upgrading instructions included in the repository or download file.

Reporting a bug

Read the instructions below before you create a bug report.

Search the OpenCart forum, ask the community if they have seen the bug or know how to fix it.
Check all open and closed issues on the GitHub bug tracker.
If your bug is related to the OpenCart core code then please create a bug report on GitHub.
READ the changelog for the master branch
Use Google to search for your issue.
Make sure that your bug/issue is not related to your hosting environment.

If you are not sure about your issue, it is always best to ask the community on our bug forum thread

Important!

If your bug report is not related to the core code (such as a 3rd party module or your server configuration) then the issue will be closed without a reason. You must contact the extension developer, use the forum or find a commercial partner to resolve a 3rd party code issue.
If you would like to report a serious security bug please PM an OpenCart moderator/administrator on the forum. Please do not report concept/ideas/unproven security flaws - all security reports are taken seriously but you must include the EXACT details steps to reproduce it. Please DO NOT post security flaws in a public location.

How to contribute

Fork the repository, edit and submit a pull request.

Please be very clear on your commit messages and pull request, empty pull request messages may be rejected without reason.

Your code standards should match the OpenCart coding standards. We use an automated code scanner to check for most basic mistakes - if the test fails your pull request will be rejected.

How to run the application Locally (Docker Image)

Windows OS

make sure you have Docker Desktop installed on your Local Machine
in the terminal in the file containing the projects run docker-compose up -d

Versioning

The version is broken down into 4 points e.g 1.2.3.4 We use MAJOR.MINOR.FEATURE.PATCH to describe the version numbers.

A MAJOR is very rare, it would only be considered if the source was effectively re-written or a clean break was desired for other reasons. This increment would likely break most 3rd party modules.

A MINOR is when there are significant changes that affect core structures. This increment would likely break some 3rd party modules.

A FEATURE version is when new extensions or features are added (such as a payment gateway, shipping module etc). Updating a feature version is at a low risk of breaking 3rd party modules.

A PATCH version is when a fix is added, it should be considered safe to update patch versions e.g 1.2.3.4 to 1.2.3.5

Releases

OpenCart will announce to developers 1 week prior to public release of FEATURE versions, this is to allow for testing of their own modules for compatibility. For bigger releases (ones that contain many core changes, features and fixes) an extended period will be considered following an announced release candidate (RC). Patch versions (which are considered safe to update with) may have a significantly reduced developer release period.

The master branch will always contain an "_rc" postfix of the next intended version. The next "_rc" version may change at any time.

Developer release source code will not change once tagged.

If a bug is found in an announced developer release that is significant (such as a major feature is broken) then the release will be pulled. A patch version will be issued to replace it, depending on the severity of the patch an extended testing period may be announced. If the developer release version was never made public then the preceding patch version tag will be removed.

To receive developer notifications about release information, sign up to the newsletter on the OpenCart website - located in the footer. Then choose the developer news option.

License

GNU General Public License version 3 (GPLv3)

opencart.github.io's People

Contributors

Stargazers

Watchers

Forkers

stevenwolfe number33 somappasrinivasan chris-wm hkopencart lcbyz felix-ho ozthing php-solutataions iorikiir go2do joekonst isenselabs nklatt vipinvtra byfire cenxun mrbarletta rifal89 prince-brown rodcarls airedalesoftware ankitjain28may carlosfdz lindakovacs jinexus rahulk-k ronwar chronicrd jesseoc adirasmadins anantjain6 ocapplab ecommerce-gad anaymalpani sagakom sapak12 ruopencart josephjlee opencart-eg eka7a mohmed98 atrio-emc davidsoerdjana opencartsale starch3r beelash jongwoo328 equotix likemusic klen-production-enviornment isabella232 ben-ajenoui max4aters zarumaru gogithb sadikkuzu khnaz35 stasdrvn ip-cam awebdesign dogytech habtish-yimer hottlink zhbenhuang

opencart.github.io's Issues

"ecommerce" should be replaced with "e-commerce"

According to Oxford and Cambridge dictionary, the correct word is "e-commerce"

Ref:
https://en.oxforddictionaries.com/definition/us/e-commerce
https://dictionary.cambridge.org/dictionary/english/e-commerce

Can't add, edit or delete products to/from orders in admin, no any error message (bluehost)

I have the same problem which is products not showing up when I add, edit or delete in Sale->Orders in admin section (json get response empty from api/cart/products) and without getting any error message.

gif video of issue (http://o4itea.com/add-edit-delet.gif)
response in console (http://o4itea.com/sale-order.jpg)

Actually, this problem does not exist with WAMP(local sarver) or goddady .com host but only when I use bluehost .com host. (php 7.2)

Can you please help me

Originally posted by @o4itea in opencart/opencart#7500 (comment)

No search option in the documentation

It's not an issue it's an idea that would be very helpful to add search option for the documentation.

Pspro

With this base

Add nginx and php-fpm configuration for opencart

Hello everyone,
It's almost 2021 and everyone is using nginx and php-fpm. It's fast, secure and scalable. There is absolutely no reason to use apache.
Because I do not know the opencart project in depth I have been looking and looking for good examples for how to properly setup nginx for opencart (and be able to handle SEO urls). Modern SSL with let encrypt should be included as well. There is absolutely no reason to not have full site on SSL when you can have ssl certificate for free.

I have come up with a lot of poor and outdated results and somehow working configuration but I am still having doubts that it's good and secure as it should be.

I am looking for something similar as they have for october cms https://octobercms.com/docs/setup/configuration#nginx-configuration but more detailed.

Is it really that hard to supply opencart users with proper configuration so everyone that is using nginx has a secure store for it's costumers? I am really hoping something can be added to the documentation and possibly also to https://www.nginx.com/resources/wiki/start/

I am also liking the https://www.digitalocean.com/community/tools/nginx / https://github.com/digitalocean/nginxconfig.io it's seems like a great resource for creating nginx configurations. Would be great if opencart could be added to it. Someone already opened digitalocean/nginxconfig.io#109 but his contribution is poor.

I will share what I currently have for my configuration. I have been pulling different bits from different places to come up with this:

DISCLAIMER: This is not a production ready configuration! Use on your own risk. I am not responsible if your web server is hacked or your users information data is leaked! You have been warned!

1. First this is if you have your own certificate and you would not like to use let encrypt.

Most of the changes are following this guide https://github.com/trimstray/nginx-admins-handbook

server {
	listen 192.168.1.100:80;
	server_name opencart.example.com;
	return 301 https://$host$request_uri;
	server_tokens off;
	}
	server {
	listen 192.168.1.100:443 default_server ssl http2;
	server_name _ "" default_server;
	return 444;
        access_log /var/log/nginx/default_server.access.log main;
        error_log /var/log/nginx/default_server.error.log warn;
        ssl_certificate /etc/ssl/certs/opencart.example.com.crt;
        ssl_certificate_key /etc/ssl/certs/opencart.example.com.key;
	server_tokens off;
	}
	server {
	listen 192.168.1.100:443 ssl http2;
	server_name opencart.example.com;
	root /var/www/html/opencart;
	index index.html index.htm index.php;
        ssl_certificate /etc/ssl/certs/opencart.example.com.crt;
        ssl_certificate_key /etc/ssl/certs/opencart.example.com.key;
	server_tokens off;
	# intermediate configuration https://ssl-config.mozilla.org/
	ssl_protocols TLSv1.3 TLSv1.2;
	ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256";
	ssl_ecdh_curve X25519:secp521r1:secp384r1:prime256v1;
	ssl_prefer_server_ciphers off;
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
	add_header Referrer-Policy "no-referrer";

	access_log /var/log/nginx/opencart.example.com-ssl.access.log;
	error_log /var/log/nginx/opencart.example.com-ssl.error.log;

	location / {
		try_files $uri @opencart;
	}
	location @opencart {
		rewrite ^/(.+)$ /index.php?_route_=$1 last;
	}
	location = /favicon.ico {
		log_not_found off;
		access_log off;
	}
	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}
	# https://github.com/trimstray/nginx-admins-handbook/blob/master/doc/RULES.md#beginner-protect-sensitive-resources
	location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess|config.php) {
	return 404;
	deny all;
        access_log /var/log/nginx/restricted-files-access-root.log main;
        access_log /var/log/nginx/restricted-files-error-root.log main;
	}
	location ~* /(catalog|ie_pro|image|system)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ {
	return 404;
	deny all;
        access_log /var/log/nginx/restricted-files-access-system.log main;
        access_log /var/log/nginx/restricted-files-error-system.log main;
	}
	location ~*  \.(jpg|jpeg|png|gif|css|js|ico)$ {
	expires max;
	log_not_found off;
	}
	location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/oc.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;	

	error_page 404 /404.html;
	error_page 500 502 503 504 403 /50x.html;

	location = /index.php?route=error/not_found {

	root /usr/share/nginx/html;
	internal;
	}

	location = /custom_50x.html {

	root /usr/share/nginx/html;
	internal;
	}
}

2. Second configuration is if you would like to use let encrypt for SSL certificate.

I have split configuration files here using https://www.digitalocean.com/community/tools/nginx

/etc/nginx/conf.d/stub_status.conf

server {
    listen 127.0.0.1:80;
    server_name 127.0.0.1;
    location /nginx_status {
        stub_status on;
        access_log off;
        allow 127.0.0.1;
        deny all;
    }
}

/etc/nginx/conf.d/opencart.example.com.conf

server {
    listen                  192.168.1.100:443 ssl http2;
    listen                  [::]:443 ssl http2;
    server_name             opencart.example.com;
    set                     $base /var/www/html;
    root                    $base/opencart;

    # SSL
    ssl_certificate         /etc/letsencrypt/live/opencart.example.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/opencart.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/opencart.example.com/chain.pem;

    # security
    include                 nginxconfig.io/security.conf;

    # logging
    access_log              /var/log/nginx/opencart.example.com.access.log;
    error_log               /var/log/nginx/opencart.example.com.error.log warn;


    index                   index.php;

    # additional config
    include nginxconfig.io/general.conf;
    include nginxconfig.io/opencart.conf;

    # handle .php
    location ~ \.php$ {
        include nginxconfig.io/php_fastcgi.conf;
    }
}

# HTTP redirect
server {
    listen      192.168.1.100:80;
    listen      [::]:80;
    server_name opencart.example.com;
    include     nginxconfig.io/letsencrypt.conf;

    location / {
        return 301 https://opencart.example.com$request_uri;
    }
}

/etc/nginx/nginxconfig.io/security.conf

# security headers
add_header X-Frame-Options           "SAMEORIGIN" always;
add_header X-XSS-Protection          "1; mode=block" always;
add_header X-Content-Type-Options    "nosniff" always;
add_header Referrer-Policy           "no-referrer-when-downgrade" always;
add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

# . files
location ~ /\.(?!well-known) {
    deny all;
}

/etc/nginx/nginxconfig.io/php_fastcgi.conf

# 404
try_files                     $fastcgi_script_name =404;

# default fastcgi_params
include                       fastcgi_params;

# fastcgi settings
fastcgi_pass                  unix:/run/php-fpm/oc.sock;
fastcgi_index                 index.php;
fastcgi_buffers               8 16k;
fastcgi_buffer_size           32k;

# fastcgi params
fastcgi_param DOCUMENT_ROOT   $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";

/etc/nginx/nginxconfig.io/opencart.conf

#Source https://github.com/digitalocean/nginxconfig.io/issues/109
location = /sitemap.xml {
    rewrite ^(.*)$ /index.php?route=feed/google_sitemap break; 
}
location = /googlebase.xml {
    rewrite ^(.*)$ /index.php?route=feed/google_base break; 
}
location / {
	try_files $uri @opencart;
}
location @opencart {
rewrite ^/(.+)$ /index.php?_route_=$1 last;
}
location ~* \.(engine|inc|info|ini|install|log|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
    deny all;
}
location = /apple-touch-icon.png {
  log_not_found off;
  access_log off;
}
location = /apple-touch-icon-precomposed.png {
  log_not_found off;
  access_log off;
}
location ~ ~$ {
    access_log off;
    log_not_found off;
    deny all;
}
location ~* /(?:cache|logs|image|download)/.*\.php$ {
    deny all;
}
location ~* \.(eot|otf|ttf|woff)$ {
    add_header Access-Control-Allow-Origin *;
}
location ~ /\.ht {
    deny all;
}
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess|config.php) {
    return 404;
    deny all;
 }

location ~* /(catalog|ie_pro|image|system)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ {
    return 404;
    deny all;
}
error_page 404 /404.html;
error_page 500 502 503 504 403 /50x.html;
location = /index.php?route=error/not_found {
root /usr/share/nginx/html;
internal;
}

/etc/nginx/nginxconfig.io/letsencrypt.conf

# ACME-challenge
location ^~ /.well-known/acme-challenge/ {
    root /var/www/_letsencrypt;
}

/etc/nginx/nginxconfig.io/general.conf

# favicon.ico
location = /favicon.ico {
    log_not_found off;
    access_log    off;
}

# robots.txt
location = /robots.txt {
    log_not_found off;
    access_log    off;
}

# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
    expires    7d;
    access_log off;
}

# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
    add_header Access-Control-Allow-Origin "*";
    expires    7d;
    access_log off;
}

# gzip
gzip              on;
gzip_vary         on;
gzip_proxied      any;
gzip_comp_level   6;
gzip_types        text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

/etc/nginx/nginx.conf

# Generated by nginxconfig.io
user                 nginx;
pid                  /var/run/nginx.pid;
worker_processes     auto;
worker_rlimit_nofile 65535;

events {
    multi_accept       on;
    worker_connections 65535;
}

http {
    charset              utf-8;
    sendfile             on;
    tcp_nopush           on;
    tcp_nodelay          on;
    types_hash_max_size  2048;
    client_max_body_size 16M;

    # MIME
    include              mime.types;
    default_type         application/octet-stream;

    #https://amplify.nginx.com/docs/guide-metrics-and-metadata.html#additional-nginx-metrics
    log_format  main_ext '$remote_addr - $remote_user [$time_local] "$request" '
                         '$status $body_bytes_sent "$http_referer" '
                         '"$http_user_agent" "$http_x_forwarded_for" '
                         '"$host" sn="$server_name" '
                         'rt=$request_time '
                         'ua="$upstream_addr" us="$upstream_status" '
                         'ut="$upstream_response_time" ul="$upstream_response_length" '
                         'cs=$upstream_cache_status' ;
    # Logging
    access_log           /var/log/nginx/access.log main_ext;
    error_log            /var/log/nginx/error.log warn;

    # Limits
    limit_req_log_level  warn;
    limit_req_zone       $binary_remote_addr zone=login:10m rate=10r/m;

    # SSL
    ssl_session_timeout  1d;
    ssl_session_cache    shared:SSL:10m;
    ssl_session_tickets  off;

    # Diffie-Hellman parameter for DHE ciphersuites
    ssl_dhparam          /etc/nginx/dhparam.pem;

    # Mozilla Intermediate configuration
    ssl_protocols        TLSv1.2 TLSv1.3;
    ssl_ciphers          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    # OCSP Stapling
    ssl_stapling         on;
    ssl_stapling_verify  on;
    resolver             1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
    resolver_timeout     2s;

    # Load configs
    include              /etc/nginx/conf.d/*.conf;
}

I am also using nginx amplify to check for configuration errors. Some errors noted below that I probably should fix? Any advice?

If you are experienced with nginx you will probably quickly see that I am not experienced and I have probably done a lot of things wrong and configuration can be improved. I am still learning.

I would be happy to hear your opinions, suggestions how to improve and make my store secure for my costumers. Your help it's highly appreciated! Thank you for making an amazing open source product that I can use!

Some links for github that may or may not have been used...
hestiacp/hestiacp#629
hestiacp/hestiacp@28942d1
https://gist.github.com/xXxSPYxXx/8908402
https://github.com/ckopanos/nginx-opencart
https://github.com/david-rahrer/nginx-opencart

Problem in setting the repo

I am unable to load the page, i clone the repo and running it at localhost but it is not opening as it should have to open like http://docs.opencart.com/

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.