You are browsing documentation for version 5.1 of OroCommerce, supported until March 2026. Read the documentation for version 6.0 (the latest LTS version) to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Environment Setup for Community Edition 

This topic provides a detailed description of the environment setup process for Community Edition of Oro applications.

Before proceeding, please refer to the System Requirements for the recommended environmental components and their supported versions. If you use the same environment and components described in the System Requirements, you can reuse the commands provided in this guide without modification. Otherwise, please adjust them to match the syntax supported by the tools of your choice.

Prepare a Server with OS 

Get a dedicated physical or virtual server with at least 4Gb RAM with the Oracle Linux v8 installed. Ensure that you can run processes as a root user or user with sudo permissions.

Environment Setup 

Enable Required Package Repositories 

Add the EPEL and remi repositories by running:

dnf -y install dnf-plugin-config-manager
dnf -y module enable postgresql:13 nodejs:16 php:remi-8.2
dnf -y upgrade

Add Oro public repository:

cat >"/etc/yum.repos.d/oropublic.repo" <<__EOF__

Install Nginx, NodeJS, PHP, PostgreSQL Server 

dnf -y --setopt=install_weak_deps=False --best install pngquant jpegoptim findutils rsync glibc-langpack-en psmisc wget bzip2 unzip p7zip p7zip-plugins parallel patch nodejs npm git-core jq bc postgresql postgresql-server postgresql-contrib php-common php-cli php-fpm php-opcache php-mbstring php-mysqlnd php-pgsql php-pdo php-json php-process php-ldap php-gd php-intl php-bcmath php-xml php-soap php-sodium php-tidy php-imap php-pecl-zip php-pecl-mongodb
dnf -y --setopt=install_weak_deps=False --best --nogpgcheck install oro-nginx oro-nginx-mod-http-cache_purge oro-nginx-mod-http-cookie_flag oro-nginx-mod-http-geoip oro-nginx-mod-http-gridfs oro-nginx-mod-http-headers_more oro-nginx-mod-http-naxsi oro-nginx-mod-http-njs oro-nginx-mod-http-pagespeed oro-nginx-mod-http-sorted_querystring oro-nginx-mod-http-testcookie_access oro-nginx-mod-http-xslt-filter

Install Composer 

Run the commands below, or use another Composer installation process described in the official documentation.

php -r "copy('', 'composer-setup.php');" && php composer-setup.php
php -r "unlink('composer-setup.php');"
mv composer.phar /usr/bin/composer

Perform Security Configuration 

Configure SELinux 

For the production environment, it is strongly recommended to keep SELinux enabled in the enforcing mode.


The actual SELinux configuration depends on the real production server environment and should be configured by an experienced system administrator.

In this guide, we are loosening the SELinux mode to simplify installation in the local and development environment by setting the permissive option for the setenforce mode.

However, your environment configuration may differ. If that is the case, please adjust the commands that will follow in the next sections to match your configuration.

sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
setenforce permissive

Configure Users Permissions 

For security reasons, we recommend performing all Oro application-related processes on behalf of two different linux users:

  • Administrative user (for example, oroadminuser) — A user should be able to perform administration operations like application installation, update, etc.

  • Application user (for example, nginx) — A user should be able to perform runtime operations that require no changes in the application source code files.

In this guide, to simplify installation in the local and development environment, we are loosening this requirement and using the superuser permissions to perform Oro application administrative tasks. However, for your staging or production environment, please adjust the commands that will follow in the next sections to run environment management commands as well as application install and update via a dedicated admin user.

Commands for running the web server, php-fpm process, cron commands, background processes, etc., are executed via the dedicated application user (nginx). Reuse them without modification if you keep the same username. Otherwise, adjust them accordingly.

Enable Installed Services 

systemctl start postgresql php-fpm nginx
systemctl enable postgresql php-fpm nginx

Environment Configuration 


Prepare PostgreSQL Database 

Initialize a PostgreSQL Database Cluster 

postgresql-setup --initdb

Enable Password Protected PostgreSQL Authentication 

By default, PostgreSQL is configured to use ident authentication.

To use the password-based authentication instead, replace the ident with the md5 in the pg_hba.conf file.

Open the file /var/lib/pgsql/data/pg_hba.conf and change the following strings:

host    all             all               ident
host    all             all             ::1/128                 ident

to match these ones:

host    all             all               md5
host    all             all             ::1/128                 md5

Change the Password for the postgres User 

To set the password for the postgres user to the new secure one, run the following commands:

systemctl start postgresql
su postgres


You will be prompted to enter the new password.

Create a Database for the Oro Application 

To create the oro database that will be used by the Oro application, run the following commands:

\c oro

Configure Web Server 

For the production mode, it is strongly recommended to use the HTTPS protocol for the Oro application’s public websites and reserve the HTTP mode for development and testing purposes only.

The samples of Nginx configuration for HTTPS and HTTP mode are provided below. Update the /etc/nginx/conf.d/default.conf file with the content that matches the type of your environment.

Sample nginx Configuration for HTTP Websites (Use in Development and Staging Environment Only)

server {
    server_name <your-domain-name> www.<your-domain-name>;
    root  <application-root-folder>/public;

    index index.php;

    gzip on;
    gzip_proxied any;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_vary on;

    location / {
        # try to serve file directly, fallback to index.php
        try_files $uri /index.php$is_args$args;

    location ~ ^/(index|index_dev|config|install)\.php(/|$) {
        fastcgi_pass php-fpm;
        # or
        # fastcgi_pass unix:/var/run/php/php7-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS off;
        fastcgi_buffers 64 64k;
        fastcgi_buffer_size 128k;

    location ~* ^[^(\.php)]+\.(jpg|jpeg|gif|png|ico|css|pdf|ppt|txt|bmp|rtf|js)$ {
        access_log off;
        expires 1h;
        add_header Cache-Control public;

    error_log /var/log/nginx/<your-domain-name>_error.log;
    access_log /var/log/nginx/<your-domain-name>_access.log;

Sample nginx Configuration for HTTPS Websites (Safe for Production Environment)

server {
    listen 80;
    server_name <your-domain-name> www.<your-domain-name>;
    return 301 https://$server_name$request_uri;

server {
    listen 443 ssl;
    server_name <your-domain-name> www.<your-domain-name>;

    ssl_certificate_key /etc/ssl/private/;
    ssl_certificate /etc/ssl/private/;
    ssl_protocols TLSv1.2;

    root <application-root-folder>/public;

    index index.php;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    # Increase this value in file uploads is allowed for larger files
    client_max_body_size 8m;

    gzip on;
    gzip_proxied any;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_vary on;

    try_files $uri $uri/ @rewrite;

    location @rewrite {
        rewrite ^/(.*)$ /index.php/$1;

    location ~ /\.ht {
        deny all;

    location ~* ^[^(\.php)]+\.(jpg|jpeg|gif|png|ico|css|txt|bmp|js)$ {
        add_header Cache-Control public;
        expires 1h;
        access_log off;

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        include                         fastcgi_params;
        fastcgi_pass                    php-fpm;
        fastcgi_index                   index.php;
        fastcgi_intercept_errors        on;
        fastcgi_connect_timeout         300;
        fastcgi_send_timeout            300;
        fastcgi_read_timeout            300;
        fastcgi_buffer_size             128k;
        fastcgi_buffers                 4   256k;
        fastcgi_busy_buffers_size       256k;
        fastcgi_temp_file_write_size    256k;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  PATH_INFO        $fastcgi_path_info;
        fastcgi_param  HTTPS            on;

    # Websockets connection path (configured in the .env-app.local file)
    location /ws {
        reset_timedout_connection on;

        # prevents 502 bad gateway error
        proxy_buffers 8 32k;
        proxy_buffer_size 64k;

        # redirect all HTTP traffic to localhost:8080;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_redirect off;
        proxy_read_timeout 86400;

        # enables WS support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        error_log /var/log/nginx/<your-domain-name>_wss_error.log;
        access_log /var/log/nginx/<your-domain-name>_wss_access.log;

    error_log /var/log/nginx/<your-domain-name>_https_error.log;
    access_log /var/log/nginx/<your-domain-name>_https_access.log;
  • Replace <application-root-folder> with the absolute path where you are going to install the Oro application.

  • Replace <your-domain-name> with the configured domain name that would be used for the Oro application.

  • Change ssl_certificate_key and ssl_certificate with the actual values of your active SSL certificate.

Optionally, you can enable and configure Apache PageSpeed module for Nginx to improve web page latency as described in the Performance Optimization of the Oro Application Environment article.


If you choose the Apache web server instead of the Nginx one, the example of the web server configuration you can find in the Web Server Configuration article.

For the changes to take effect, restart nginx by running:

systemctl restart nginx

Configure Domain Name Resolution 

If you are going to use the Oro application in the local environment only, modify the /etc/hosts file on the server by adding the following line: localhost <your-domain-name>

After this change, the <your-domain-name> URLs opened in the local environment are handled by the local webserver.

To make your Oro application accessible from remote locations, configure a DNS server to point your domain name to your server IP address.

Configure PHP 

To configure PHP, perform the following changes in the configuration files:

  • In the www.conf file (/etc/php-fpm.d/www.conf) — Change the user and the group for PHP-FPM to nginx and set recommended values for other parameters.

    user = nginx
    group = nginx
    catch_workers_output = yes
  • In the php.ini file (/etc/php.ini) — Change the memory limit and cache configuration to the following:

    memory_limit = 1024M
  • In the opcache.ini file (/etc/php.d/10-opcache.ini) — Modify the OPcache parameter to match the following values:


For the changes to take effect, restart PHP-FPM by running:

systemctl restart php-fpm

Configure Storage For Import Files 

Product images and File entity field files can be imported by a path to an image or a file during the import.

This path can be either:

  • a URL,

  • an absolute path,

  • a relative path. In this case, the files are searched in the Gaufrette filesystem configured to store files to import. By default, it is configured to use the {PROJECT}/var/data/import_files local directory as storage.

This path can be reconfigured with Gaufrette adapter configuration.

For example, to change the path location, add a new configuration of the import_files Gaufrette adapter in the Resources/config/oro/app.yml file of your bundle:

                directory: '/new/path/to/import_files'

Use the Gaufrette filesystem abstraction layer as storage, this configuration can be changed to use any supported filesystem adapter supported by Gaufrette library.

For example, the configuration to use GridFS storage can be the following:

                mongodb_gridfs_dsn: 'mongodb://'

Business Tip

Looking to take advantage of the recent trend in digital commerce? Learn more about a wholesale B2B marketplace and how you can implement it for your business.

What’s Next