WebCheckout runs on a stand-alone dedicated Linux server (or virtual machine). This document outlines the requirements for a self-hosted solution, recommended for teams with working-knowledge of the Linux operating system, and want complete control of the system running WebCheckout. Self-hosted customers are responsible for all system operations which require sudo access.

What is covered by WebCheckout Support:

  • Installation of the WebCheckout application and its systemd files
  • Configuration of the configuration files shipped with WebCheckout
  • Upgrading and Migrating the WebCheckout application and its data
  • Diagnosing and troubleshooting technical and user errors with the WebCheckout application
  • Monitoring the operation of WebCheckout

What is not covered by WebCheckout Support:

  • Installing any application or dependency other than the WebCheckout application
  • Updating any application or dependency other than the WebCheckout application
  • Configuring any part of the client’s system other than the WebCheckout application

The following requirements must be met in order for WebCheckout Support to install and upgrade the WebCheckout application. If the server does not meet these requirements, it will prevent application installation or upgrade. These requirements are subject to change.

If you require WebCheckout Support to provide any services that fall outside what is covered, please consider our hosted services or contact support@webcheckout.net for a quote on system administration work.

Hardware Requirements

  • CPU: Intel 64 bit CPU running 2.5GHz or greater, minimum 2 cores, 4 cores highly recommended.
  • RAM: 8 GB
  • Disk Space: 80+ GB
    • We recommend a RAID 0+1 mirroring configuration for redundancy, and strongly recommend SSD disk.
    • The application, logs and backups will reside in /home/webcheckout by default. If partitioning /home separately, ~65% of non-OS disk space should be allocated.
    • If partitioning the PostgreSQL data directory separately (under /var by default), ~35% of non-OS disk space should be allocated.
    • We recommend a 10+ GB swap partition.
    • Depending on your backup solution, it is also advised to add a 3rd drive specifically for backup storage.

Software Requirements

Operating System

WebCheckout is supported on the following Linux distributions, but WebCheckout Support strongly recommends Debian and Ubuntu systems.

  • Debian 12
    • netcat-openbsd is required on Debian systems
  • Ubuntu 22
  • Red Hat Enterprise Linux 8.x

ssh Access

Key-based ssh access to the WebCheckout server as the (non-root) ‘webcheckout’ user is required for WebCheckout Support to install the application (unless client security policy specifically requires password-based).

Database

  • PostgreSQL version 13.x: both server and client is required.
  • The psql client package is required.
  • Ensure that the uuid-ossp extension is present in the PostgreSQL installation.
  • Remote access to PostgreSQL is not required unless client is running custom reporting. Unless access from another address is specifically needed by client team, PostgreSQL should be configured so that only local server access is trusted. (view sample hb_pga.conf).
  • A ‘webcheckout’ postgresql user must exist with the create database permission.
  • A database must be created for the WebCheckout application to use. We recommend creating the database as the webcheckout postgresql user, and calling the database “webcheckout”
  • These database configurations are required for performance reasons:
    • autovacuum = on
    • autovacuum_vacuum_scale_factor = 0.01
    • autovacuum_vacuum_cost_limit = 1000
  • If 8 GB of RAM is available, the following PostgreSQL configurations are recommended (view sample postgresql.conf):
    • shared_buffers: 2048 MB
    • temp_buffers: 100 MB
    • work_mem: 20 MB
    • checkpoint_completion_target: 0.9
    • If your server has more than 8 GB of RAM, you may consider increasing some of these values.

Web Server (Apache)

  • Apache version 2.4 is required.
    • The Webcheckout Apache configuration lives in the ‘webcheckout’ user’s home directory (/home/webcheckout/local_apache_config/.conf). The file must be included in the Apache configurations found in /etc via symlink.
  • The following Apache modules are required and must be enabled:
    • proxy
    • ssl (if desiring to access the server directly over https, some customers may offload via a proxy or firewall instead)
    • rewrite
    • headers
    • xml2enc

SSL Certificates

Self-hosted clients must obtain a valid SSL certificate for the URL of their WebCheckout instance. Wildcard certificates are acceptable. WebCheckout will assist with the generation of a Certificate Signing Request (CSR) and installation of the certificate, but it is the client’s responsibility to obtain a new certificate prior to the end date of an expiring certificate.

Other Required Packages

The additional following packages must be installed before WebCheckout installation or upgrade of WebCheckout:

  • Java 11 and 21 from Azul Systems, which is only available from the third party repository called Zulu. (Oracle Java is not an acceptable alternative.)
    • Customers on December 2023 and earlier, you can install Java 21 in advance of the scheduled upgrade, but ensure that it is not set as the system default Java version, which should remain Java 11. You can do this with the update-alternatives command (Debian/Ubuntu) or alternatives command (RHEL). At upgrade, WebCheckout Technical Support will reach out to request Java 21 be set as the default version.
  • Node.js 18.x LTS
    • Please note, update to Node v18.x should be done just prior to the start of the WebCheckout upgrade. The updated version of these services are incompatible with prior releases.
  • NPM 8.x (or above)
    • Please note, update to NPM v8.x should be done just prior to the start of the WebCheckout upgrade. The updated version of these services are incompatible with prior releases.

The application lynx cannot be installed on the server and must be removed if it exists.

Service Management

WebCheckout manages its processes via a collection of systemd Unit Files.

WebCheckout Support can provide your system administrator with the systemd files to necessitate management of the WebCheckout application as a service.

Mail Transfer Agent (MTA)

If using the WebCheckout Email Messaging module, your server will need to be configured with an MTA (Mail Transfer Agent) so that the WebCheckout application’s messages can be delivered.

WebCheckout Support is not responsible for installation, configuration, or management of the MTA and email message authentication.

Other Recommendations

Although not required, we recommend the following packages for server management and troubleshooting.

  • sysstat
  • screen

SELinux Info

It is important to note that WebCheckout will not function in an unconfigured, enforcing SELinux environment. If your server is running SELinux, please be prepared to change your security contexts appropriately for Apache to interact with the WebCheckout application. WebCheckout Support does not support SELinux configurations.

Hosted Option

A hosted solution allows us to serve you better: We harden, optimize, and monitor the server using our industry standard tools as well as apply security patches and “peripheral” upgrades (Apache, Postgres, etc). Naturally, we still schedule any downtime with you in advance. Our goal is to eliminate the IT requirements for your organization and keep you focused on serving customers. Please contact sales@webcheckout.net for more information.