E-commerce Azure

UnoPim on Ubuntu 24.04 on Azure User Guide

| Product: UnoPim on Ubuntu 24.04 LTS on Azure

Overview

UnoPim is the free, open source product information management (PIM) system built on the Laravel framework by Webkul. It centralises product data in a single admin panel: a catalog of products with rich attributes, attribute families, nested categories, role based user management, bulk import and export, and a REST API for feeding downstream sales channels and storefronts. The cloudimg image delivers UnoPim fully installed and configured on Ubuntu 24.04 — a Laravel 12 application on PHP 8.3 with OPcache, served by nginx over HTTPS with php-fpm, backed by MySQL 8.0. Migrations and seeders are already applied and the application is marked installed, so you land directly on the admin sign-in with no setup wizard to complete. Backed by 24/7 cloudimg support.

What is included:

  • UnoPim 2.1.6 (MIT licensed), served from /var/www/unopim/public
  • nginx (TLS on :443, with :80 redirected to HTTPS) + PHP 8.3 (php8.3-fpm with OPcache) + MySQL 8.0, all from Ubuntu 24.04 main/universe
  • A per-VM self-signed TLS certificate generated on first boot, so the admin panel loads over a secure context
  • A background queue worker (unopim-queue.service) for imports, exports, webhooks and completeness recalculation
  • Per-VM administrator email + password, MySQL password and Laravel APP_KEY, all generated at first boot and written to a root-only file — the well-known upstream default admin@example.com / admin123 does not ship
  • nginx.service, php8.3-fpm.service, mysql.service and unopim-queue.service as systemd units, enabled and active
  • 24/7 cloudimg support

UnoPim admin dashboard

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2ms (2 vCPU / 8 GiB RAM) is a good starting point; scale up for larger catalogs or heavier import workloads. NSG inbound: allow 22/tcp from your management network and 443/tcp (HTTPS) plus 80/tcp (which redirects to HTTPS) from your users.

Step 1 — Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for UnoPim by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTPS (443). Then Review + create and Create.

Step 2 — Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name unopim \
  --image <marketplace-image-urn> \
  --size Standard_B2ms \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name unopim --port 443 --priority 1010

Step 3 — Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 — Confirm the services are running

The four services that back UnoPim should all report active, the admin panel answers HTTP 200 over HTTPS, and the plain HTTP port redirects to it:

systemctl is-active nginx php8.3-fpm mysql unopim-queue
curl -ks -o /dev/null -w 'admin login https -> %{http_code}\n' https://127.0.0.1/admin/login
curl -s  -o /dev/null -w 'http redirect  -> %{http_code}\n' http://127.0.0.1/

Expected: four lines of active, then admin login https -> 200 and http redirect -> 301.

Service status and HTTPS admin login

Step 5 — Retrieve your administrator credentials

On the first boot of every VM, a one-shot service (unopim-firstboot.service) generates credentials that are unique to that VM: a fresh Laravel application key, a fresh MySQL password, and a fresh administrator email and password. It also generates a per-VM self-signed TLS certificate and sets the VM's own address as the application URL. No shared or default credentials ship in the image — the well-known upstream default admin@example.com / admin123 is neutralised at build time and does not authenticate.

sudo cat /root/unopim-credentials.txt

The file (mode 0600, root only) contains the administrator email (unopim.admin.user), the administrator password (unopim.admin.pass), the admin panel URL, and the database credentials. UnoPim signs in by email.

Per-VM credentials file with passwords masked

The image is secure by default: the stock admin@example.com / admin123 is rejected, while the per-VM administrator from the credentials file signs in successfully. You can prove both from the VM's own shell — each reads a CSRF token, posts a real admin sign-in, and prints where UnoPim redirects (a successful login lands on /admin/dashboard; a rejected one returns to /admin/login):

ADMIN_USER=$(sudo grep '^unopim.admin.user=' /root/unopim-credentials.txt | cut -d= -f2-)
ADMIN_PASS=$(sudo grep '^unopim.admin.pass=' /root/unopim-credentials.txt | cut -d= -f2-)
CJ=$(mktemp)
TOK=$(curl -ks -c "$CJ" https://127.0.0.1/admin/login | grep -oE 'name="_token" value="[^"]+"' | head -1 | sed 's/.*value="//;s/"//')
curl -ks -o /dev/null -w 'per-VM admin -> %{redirect_url}\n' -b "$CJ" -c "$CJ" \
  -d "_token=$TOK" --data-urlencode "email=$ADMIN_USER" --data-urlencode "password=$ADMIN_PASS" \
  https://127.0.0.1/admin/login
rm -f "$CJ"

Stock admin123 rejected while the per-VM administrator is accepted

Step 6 — Sign in to the admin panel

Browse to https://<vm-public-ip>/admin and sign in with the administrator email and password from the credentials file. Because the image ships a per-VM self-signed certificate, your browser shows a one-time certificate warning on first visit — click through it, or install your own domain certificate into /etc/nginx/ssl/.

UnoPim admin sign-in page

After signing in you land on the dashboard, which summarises your catalog — total products, categories, attributes, attribute families, locales, currencies and channels — with recent product activity.

Step 7 — Manage your catalog

From the admin panel's Catalog menu you manage Products, Categories, Category Fields, Attributes, Attribute Groups and Attribute Families. The application ships ready for your own data: choose Catalog → Products → Create Product, pick an attribute family and SKU, and fill in the attributes, then use the REST API or Data Transfer to import and export in bulk.

Products grid in the admin panel

Attribute families group the attributes that describe a class of product, so every product of that family shares a consistent, complete data structure. The image ships with a Default family you can extend or replace.

Attribute Families in the admin panel

Step 8 — Confirm the version and the stack

grep -m1 '"version"' /var/www/unopim/composer.json
php -r 'echo PHP_VERSION."\n";'
mysql --version
systemctl is-active unopim-firstboot.service

Expected: UnoPim 2.1.6, PHP 8.3.x, MySQL 8.0.x, and the first-boot service active.

Version, stack and first-boot service

First-boot service and security model

A one-shot unopim-firstboot.service runs After=mysql.service and Before=nginx.service, so the per-VM credentials and TLS certificate are in place before the first page is ever served. It rotates the MySQL password in lock-step with the application .env, regenerates the Laravel APP_KEY, rotates the administrator email and password, sets APP_URL and the trusted hosts from the VM's own address, and writes the credentials file at mode 0600 (root only) before dropping a sentinel so it runs exactly once.

systemctl status unopim-firstboot.service --no-pager | head -6
sudo stat -c '%a %U:%G %n' /root/unopim-credentials.txt

Administration from the CLI

Admin tasks use Laravel's artisan as the www-data user, for example to list the available commands:

sudo -u www-data php /var/www/unopim/artisan list | head -30

Common operations include php artisan cache:clear, php artisan optimize:clear, and inspecting the queue worker with systemctl status unopim-queue. Imports, exports, webhooks and completeness recalculation run through the queue worker, so leave unopim-queue.service enabled.

Enabling Elasticsearch for large catalogs

The image runs UnoPim on its database driver with no external search dependency, which suits small and medium catalogs. For large catalogs you can enable Elasticsearch: install an Elasticsearch 8.x node, set ELASTICSEARCH_ENABLED=true and the connection settings in /var/www/unopim/.env, then run sudo -u www-data php /var/www/unopim/artisan config:clear and reindex with sudo -u www-data php /var/www/unopim/artisan unopim:product:index.

Enabling HTTPS with your own domain

The image already serves HTTPS with a per-VM self-signed certificate. For production, point a real domain at the VM's public IP, open 443/tcp in the NSG, then replace the self-signed certificate with a trusted one using Let's Encrypt (replace the domain):

sudo apt-get update && sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.com

After the certificate is issued, set the new address as the application URL and add it to the trusted hosts in /var/www/unopim/.env (APP_URL=https://your-domain.com and add the domain to TRUSTED_HOSTS), then sudo -u www-data php /var/www/unopim/artisan optimize:clear.

Backup and maintenance

The database lives in MySQL and the application tree, including uploaded media, under /var/www/unopim — snapshot the OS disk in Azure for a point-in-time backup, or dump the database with (the database password is in the credentials file):

sudo mysqldump unopim > unopim-backup.sql

Keep the OS patched with sudo apt update && sudo apt upgrade (unattended security upgrades are enabled by default). The stack restarts cleanly with sudo systemctl restart nginx php8.3-fpm mysql unopim-queue.

Support

This image is backed by 24/7 cloudimg support. Contact us by email and chat for help with UnoPim deployment, upgrades, catalog modelling, attributes and attribute families, import and export, REST API integration, multi-channel and multi-locale configuration, performance tuning and database administration.

All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.