How to Install Zen Cart on Debian 9

Zen Cart is a free open source e-commerce content management and shopping cart platform. The software is written in PHP programming language and often installed on Linux under Apache/Nginx web servers, PHP and MySQL/MariaDB database management system, also known as LAMP or LEMP stack.  Zen Cart e-commerce solution is used to easily create online shops for different businesses and advertise and sell services and merchandise.

In this guide, I’ll show you how to install and configure the latest version Zen Cart on Debian 9, in order to create a free online shopping store.


  • Minimal Installation of Debian 9 server on a bare-metal machine or on a virtual private server
  • A static IP address configured for one of your system network interfaces cards
  • sudo root privileges for a local or remote account or direct access to root account
  • A domain name, private or public, depending on your deployment, with the proper DNS records configured for web services. If don’t have a valid or a registered domain name you can perform the installation and access the website via your server IP address
  • If you want to use website registration, comment moderation and other features, your should have a running mail server properly configured at your premises with remote access to its IMAP and SMTP services.


Before starting to install and configure Zen Cart from sources in your own server, first assure the system meets all the software requirements for compiling and installing the application.  On the first step, update your system repositories and software packages by issuing the following command.

apt update
apt upgrade

Next, set up the name for your system by executing the following command (replace your hostname variable accordingly).

hostnamectl set-hostname zencart

Verify machine hostname and hosts file by issuing the following commands.

cat /etc/hostname 
hostname –s
hostname –f

On the next step, execute the following command in order to install some necessary utilities that will be used to further manage your system from command line.

apt install wget bash-completion zip unzip curl

 Finally, reboot Debian server in order to apply kernel updates and the hostname changes properly.

systemctl reboot

Install Apache and PHP

Zen Cart is a web-based CMS e-commerce platform written mostly in PHP server-side programming language. In order to execute the PHP file scripts of the application, a web server, such as Apache HTTP server, and a PHP processing gateway must be installed and operational in the system.  In order to install Apache web server and the PHP interpreter alongside with all required PHP modules needed by the application to run properly, issue the following command in your server console.

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-curl php7.0-gd php7.0-mbstring php7.0-xml

After Apache and PHP have been installed, test if the web server is up and running and listening for network connections on port 80 by issuing the following command with root privileges. 

netstat –tlpn

In case netstat network utility is not installed by default in your Debian system, execute the following command to install it.

apt install net-tools

By inspecting the netstat command output you can see that the Apache web server is listening for incoming network connections on port 80. For the same task you can also use the ss command, which is automatically installed by default in Debian 9.

ss- tulpn

Configure the Firewall

In case you have a firewall enabled in your system, such as UFW firewall application, you should add a new rule to allow HTTP traffic to pass through the firewall by issuing the following command.

ufw allow WWW


ufw allow 80/tcp

If you’re using iptables raw rules to manage Firewall rules in your Debian server, add the following rule to allow port 80 inbound traffic on the firewall so that visitors can browse the online shop.

apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
systemctl iptables-persistent save 
systemctl iptables-persistent reload

Configurae Apache and SSL/TLS

Next, enable and apply the following Apache modules required by the e-commerce application to run properly, by issuing the following command.

a2enmod rewrite expires env alias deflate mime
systemctl restart apache2

Finally, test if Apache web server default web page can be displayed in your client's browsers by visiting your Debian machine IP address or your domain name or server FQDN via the HTTP protocol, as shown in the following image. If you don’t know your machine IP address, execute ifconfig or 'ip a' commands to reveal the IP address of your server.


Apache default page

In order to install and access Zen Cart web admin panel backed and the frontend website via HTTPS protocol that will secure the traffic for your clients, issue the following command to enable Apache web server SSL module and SSL site configuration file.

a2enmod ssl 
a2ensite default-ssl.conf

Next, open Apache default SSL site configuration file with a text editor and enable URL rewrite rules by adding the following lines of code after DocumentRoot directive, as shown in the following sample:

nano /etc/apache2/sites-enabled/default-ssl.conf

SSL site configuration file excerpt:

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted

 Also, make the following change to VirtualHost line to look like as shown in the following excerpt:

<VirtualHost *:443>

SSL Vhost

Close the SSL Apache file and open the /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as for SSL configuration file. Insert the lines of code after DocumentRoot statement as shown in the following example.

 <Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted

Directory settings in vhost

Finally, restart Apache daemon to apply all rules configured so far and visit your domain via HTTP protocol. Because you’re using the automatically Self-Signed certificates pairs issued by Apache at installation, an error warning should be displayed in the browser. 

systemctl restart apache2


SSL page

Accept the warning concerning the untrusted certificate in order to continue and be redirected to Apache default web page.

Apache Default page

In case the UFW firewall application blocks incoming network connections to HTTPS port, you should add a new rule to allow HTTPS traffic to pass through firewall by issuing the following command.

ufw allow 'WWW Full'


ufw allow 443/tcp

If iptables is the default firewall application installed to protect your Debian system at network level, add the following rule to allow port 443 inbound traffic in the firewall so that visitors can browse your domain name.

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
systemctl iptables-persistent save 
systemctl iptables-persistent reload

In the next step, we need to make some further changes to PHP default configuration file in order to assure that the following PHP variables are enabled and the PHP timezone setting is correctly configured and matches your system's geographical location.  Open the /etc/php/7.0/apache2/php.ini file for editing and assure that the following lines are set up as follows. Also, initially, make a backup of PHP configuration file.

cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini

Search, edit and change the following variables in php.ini configuration file:

file_uploads = On
memory_limit = 128 M
upload_max_file_size = 64M
post_max_size = 64M
date.timezone = Europe/London

Increase post_max_size and upload_max_file_size variables as suitable to support large file attachments and replace the variable accordingly to your physical time by consulting the list of time zones provided by PHP docs at the following link

If you want to increase the load speed of your website pages via OPCache plugin available for PHP7, append the following OPCache settings at the bottom of the PHP interpreter configuration file, as detailed below:


Close the php.ini configuration file and verify the end of PHP configuration file to check if the variables have been correctly added by issuing the below command.

tail /etc/php/7.0/apache2/php.ini

After you’ve made all the changes explained above, restart the apache daemon to apply the new changes by issuing the following command.

systemctl restart apache2

Finally, create a PHP info file by executing the following command and check if the PHP time zone has been correctly configured by visiting the PHP info script file from a browser at the following URL, as illustrated in the below image. Scroll down to date setting to check the php time zone configuration.

echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php


Zen Cart e-commerce web application stores different configurations, such as users, sessions, contacts, products, catalogs and others, in an RDBMS database. In this guide, we’ll configure Zen Cart application to use MariaDB database as backend. Issue the following command to install MariaDB database and the PHP module needed to access the mysql database.

apt install mariadb-server mariadb-client php7.0-mysql

After you’ve installed MariaDB, verify if the daemon is running and listens for connections on localhost, port 3306, by running netstat command.

netstat –tlpn | grep mysql

Then, log in to MySQL console and secure MariaDB root account by issuing the following commands.

mysql -h localhost
use mysql;
update user set plugin='' where user='root';
flush privileges;

On the next step, secure MariaDB by executing the script mysql_secure_installation provided by the installation packages from Debian stretch repositories. While running the script will ask a series of questions designed to secure MariaDB database, such as: to change MySQL root password, to remove anonymous users, to disable remote root logins and delete the test database. Execute the script by issuing the following command and assure you type yes to all questions asked in order to fully secure MySQL daemon. Use the following script output excerpt as a guide.

sudo mysql_secure_installation



In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.


Enter current password for root (enter for none):

OK, successfully used password, moving on...


Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.


You already have a root password set, so you can safely answer 'n'.


Change the root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.


Remove anonymous users? [Y/n] y

 ... Success!


Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.


Disallow root login remotely? [Y/n] y

 ... Success!


By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.


Remove test database and access to it? [Y/n] y

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!


Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.


Reload privilege tables now? [Y/n] y

 ... Success!


Cleaning up...


All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

In order to test MariaDB security, try login to the database from the console with no root password. The access to the database should be denied if no password is provided for the root account, as illustrated in the following command excerpt:

root@cubecart:~# mysql -h localhost -u root
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

If the password is supplied, the login process should be granted to MySQL console, as shown in the command sample:

root@cubecart:~# mysql -h localhost -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>

Next, log in to the MariaDB database console, create a database for Zen Cart application and a user with a password that will be used to manage the application database, by issuing the following commands. Replace the database name, user and password accordingly. 

mysql –u root -p
create database zencart;
grant SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP on zencart.* to 'zencart_user'@'localhost' identified by 'password1';
flush privileges;

In order to apply all changes made so far, restart MySQL and Apache daemons and verify if daemons are running by issuing the following commands.

systemctl restart mysql apache2
systemctl status mysql apache2

Install Zen Cart 

After all system requirements are met for your e-commerce online shop installation, visit SourceForge Zen Cart official download page at and download the latest zip package compressed archive by with the help of the wget utility, as illustrated in the following sample.


After the zip archive download finishes, extract Zen Cart zip compressed archive directly and list the extracted files by issuing the following commands. Also, remove the default index.html file installed by Apache web server to webroot path and also delete the info.php file created earlier. 

rm /var/www/html/index.html 
rm /var/www/html/info.php

The installation files for Zen Cart are located in your current working directory in the extracted zen-cart directory. Issue ls command to view zen-cart directory files. Copy all the content of the zen-cart-v1 directory to your web server document root path by issuing the following command.

ls -al zen-cart-v[tab]
cp -rf zen-cart-v1.5.5e-03082017/* /var/www/html/

Change directory to web server document root and issue the following command to create the configuration files required by Zen Cart application to write store settings.

cd /var/www/html/
cp includes/dist-configure.php includes/configure.php
cp admin/includes/dist-configure.php admin/includes/configure.php 

Next, execute the following commands in order to grant Apache runtime user with full write permissions to the web root path. Use ls command to list permissions for application’s installed files located in the /var/www/html/ directory.

chown -R www-data:www-data /var/www/html/
ls –al /var/www/html/

ZenCart unpacked

Now, proceed Zen Cart online shop installation process by opening a browser and navigate your server’s IP address or domain name or server FQDN via the HTTPS protocol. On the first installation screen Zen Cart installer will present you a summary of a list of issues concerning you you’re seeing the page . Because the application hasn’t been installed yet, hit on on Click here link in order to start the the installation process, as illustrated in the following image.


ZenCart web installer

In the next installation screen, the installer will perform a series of pre-installation checks against the server PHP settings and installed PHP extension in order to determine if all system requirements to install Zen Cart e-commerce application are met.  It will also check if the Apache HTTP runtime user can write to a series of directories from webroot path, as shown in the below images. After reviewing all system inspections checks, hit on Continue button to move forward with the installation process.

System inspectionOn the next screen, setup your Zen Cart online store. First, check the License agreement checkbox and verify the Admin Server Domain URL address to redirect to your domain name via HTTPS application protocol. Next, check Enable SSL for Storefront in Catalog (Storefront) Settings and verify domain URL addresses. In the last filed, verify if the store physical path matches your web server document root path and hit on Continue button to proceed further with the installation process.

System setup

In the next installation screen, add MySQL database address, name and credentials created earlier for the Zen Cart database. Leave the Load Demo Data unchecked and select your database character set to UTF8 and the prefix to zen_. Choose the SQL Cache Method to File and hit on the Continue button to move to the next installation stage.

Database setup

Next, add an Admin Superuser account for your Zen Cart online store and an email address for the admin account. Make sure you note down the admin store password and the admin directory name and hit on Continue button to start the installation process.

Admin setup

After the installation completes, the installer will display two buttons for accessing Zen Cart Backed Administration panel, which will be used to manage your online shop, and the Storefront store link, which will be displayed to your clients.

Setup finished

In order to visit your online store, first hit on Go to your Storefront button and the frontend of your e-commerce application will be displayed in your browser as illustrated in the below screenshot. You can also visit the store frontend by navigating to your server IP address or domain name via HTTPS protocol.


ZenCart installed

Before logging in to your store backed admin panel, first, return to server console and issue the following command to remove Zen Cart installation directory.

rm -rf /var/www/html/zc_install/

In order to manage your Zen Cart online store, hit on the Admin Backend link which will redirect you to the store backend. Use the admin credentials configured during the installation process in order to log in to Zen Cart backend panel, as shown in the below screenshot.

You can also visit the Zen Cart admin web panel by navigating to your server IP address or domain name via HTTPS protocol to admin directory URL address random string configured during the installation process.


ZenCart loginAfter logging in to Zen Cart backed admin panel, complete the initial setup wizard with your own store details and git on the Update button to write changes, as shown in the following screenshot.

ZenCart Initial setup wizard

In order to secure Zen Cart application, return to server console and issue the following commands to change permissions for includes/configure.php file and for configure.php file from admin directory to be owned by the root account.

chown root:root /var/www/html/includes/configure.php 
chown root:root /var/www/html/brOil-QUl-cHain/includes/configure.php

Finally, in order to force visitors to browse Zen Cart frontend website and to securely access the backend interface via HTTPS protocol that encrypts the traffic between the server and client browsers, return to your server’s terminal and create a new .htaccess file by issuing the following command.

nano /var/www/html/.htaccess

Change PHP settings to match your own server resources and add the HTTPS redirect rules as shown in the below .htaccess file excerpt:

# Modify PHP settings
php_flag register_globals off
php_flag magic_quotes_gpc Off
php_value max_execution_time 200
php_value max_input_time 200
php_value upload_max_filesize 999M
php_value post_max_size 999M

# Redirect to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

That’s all! You have successfully installed and configured Zen Cart e-commerce application in Debian 9.2. However, because Apache HTTP server uses an untrusted Self-Signed certificate to encrypt the traffic between the server and visitor’s browsers, a warning message will always be generated and displayed in their browsers. This warning is bad for your online shop business. In this case you should buy a certificate issued by a trusted Certificate Authority or get a free certificate pair from Let’s Encrypt CA.

For other custom configurations regarding Zen Cart application, visit the documentation page at the following address:

Share this page:

0 Comment(s)