Store URLs
Each website in an ÃÛ¶¹ÊÓƵ Commerce or Magento Open Source installation has a base URL that is assigned to the storefront, and another URL that is assigned to the Admin. ÃÛ¶¹ÊÓƵ uses variables to define internal links in relation to the base URL, which makes it possible to move an entire store from one location to another without updating the links. Standard base URLs begin with http
, and secure base URLs begin with https
.
- Base URL —
http://www.yourdomain.com/magento/
- Secure Base URL —
https://www.yourdomain.com/magento/
- URL with IP address —
http://###.###.###.###/magento/
orhttps://###.###.###.###/magento/
Use a secure protocol
The base URLs for your store were initially set up during your ÃÛ¶¹ÊÓƵ Commerce installation. If a security certificate was available at the time, you could specify for HTTPS
URLs to be used for the store, Admin, or both. If your ÃÛ¶¹ÊÓƵ Commerce installation includes multiple stores or you plan to later add more stores, you can include the store code in the URL. All ÃÛ¶¹ÊÓƵ resources and operations can be used with secure protocol.
If a security certificate was not available for the domain at the time of the installation, make sure to update the configuration before launching your store. After a security certificate is established for your domain, you can configure either or both base URLs to operate with encrypted Secure Sockets Layer (SSL) and (TLS) protocol.
ÃÛ¶¹ÊÓƵ Commerce and Magento Open Source can be configured to deliver all pages over HTTPS
by default. If your store has been running up with standard protocol, you can improve security by enabling (HSTS) and upgrading any unsecure page requests. HSTS is an opt-in protocol that prevents browsers from rendering standard HTTP
pages that are transmitted with unsecure protocol for the specified domain. Because search engines might have already indexed each page of your store with standard HTTP
URLs, you can configure Commerce to upgrade any unsecure page requests to HTTPS
automatically , so you don’t lose any traffic. When Commerce is configured to use secure URLs for both the storefront and Admin, two additional fields appear that allow you to enable HSTS
.
Configure the base URL
-
On the Admin sidebar, go to Stores > Settings > Configuration.
-
Under General in the left panel, choose Web.
-
Expand the Base URL section.
-
Base URL — Enter the fully qualified base URL for your store. Make sure to end the URL with a forward slash, so it can be extended with additional URL Keys from your store. For example:
http://yourdomain.com/
note note NOTE Do not change the placeholder in the Base Link URL field. It is a placeholder that is used to create relative links to the base URL. -
Base URL for Static View Files — (Optional) Specify an alternate location for the base URL for static view files by entering the path starting with the following placeholder:
{{unsecure_base_url}}
-
Base URL for User Media Files — (Optional) Specify an alternate location for the base URL for user media files by entering the path starting with the following placeholder:
{{unsecure_base_url}}
For a typical installation, there is no need to update the paths for the static view files or media files because they are relative to the base URL.
{width="600" modal="regular"}
note note NOTE Placeholders enclosed in double braces are markup tags for variables. -
-
When complete, click Save Config.
Configure the secure base URL
If your domain has a valid security certificate, you can configure the URLs of both the storefront and Admin to transmit data over a secure (https) channel. Without a valid security certificate, your store cannot operate with secure (SSL/TLS) protocol.
-
Expand the Base URLs (Secure) section and do the following:
{width="600" modal="regular"}
-
Secure Base URL — Enter the full secure base URL, followed by a forward slash. For example:
https://yourdomain.com/
-
Secure Base Link URL — Do not change the placeholder in the secure base link URL field. It is used to create relative links to the secure base URL.
-
Secure Base URL for Static View Files — (Optional) Specify an alternate location for the secure base URL for static view files by entering the path starting with the following placeholder:
{{secure_base_url}}
-
Secure Base URL for User Media Files — (Optional) Specify an alternate location for the secure base URL for user media files by entering the path starting with the following placeholder:
{{secure_base_url}}
-
-
To enhance security, set both of the following options to
Yes
.- Use Secure URLs on Storefront
- Use Secure URLs in Admin
-
For Enhanced Security Settings, do the following:
-
Enable HTTP Strict Transport Security (HSTS) — If you want your store to display only secure HTTPS page requests, set to
Yes
. -
Upgrade Insecure Requests — To upgrade any requests for standard unsecured HTTP pages to secure HTTPS, set to
Yes
.
-
-
Set the Offloader Header for your server.
Most Commerce installations use the default
X-Forward-Proto
to identify the protocol as eitherHTTP
orHTTPS
. If your server configuration uses a different offloader_header, enter it here. -
When complete, click Save Config.
Include the store code in URLs
Yes
, you must include store codes in your browser URLs. This setting ensures that URL rewrites are mapped correctly and all pages are opened successfully, without “404 Page Not Found†errors.-
On the Admin sidebar, go to Stores > Settings > Configuration.
-
Under General in the left panel, choose Web.
-
Expand the URL Options section.
-
Set Add Store Code to your preference:
- URL with Store Code:
http://www.yourdomain.com/magento/[store-code]/index.php/url-identifier
- URL without Store Code:
http://www.yourdomain.com/magento/index.php/url-identifier
{width="600" modal="regular"}
- URL with Store Code:
-
When complete, click Save Config.
-
Click the Cache Management link in the message at the top of the workspace. Then, follow the instructions to refresh the cache.
URL troubleshooting
If after following the configuration instructions, some pages continue to be served with the unsecure URLÂ (http://
), do the following:
- Change the (unsecure) base URL to the secure HTTPS URL.
- On the server, edit the
.htaccess
file (or load balancer) so the unsecure URL is redirected to the secure URL.
Use a custom Admin URL
As a security best practice, ÃÛ¶¹ÊÓƵ recommends that you use a unique Admin URL instead of the default admin or a common term such as backend. Although it does not directly protect your site from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access.
In a typical installation, the Admin URLÂ and path immediately follow the base URL. The Admin path is one directory below the root.
- Default Base URL:
http://yourdomain.com/magento/
- Default Admin Path:
admin
- Default Admin URL and Path:
http://yourdomain.com/magento/admin
Although it is possible to change the Admin URL and path to another location, any mistake removes access to the Admin, and must be corrected from the server.
Method 1: Change from the Admin
-
On the Admin sidebar, go to Stores > Settings > Configuration.
-
In the left panel, expand Advanced and choose Admin.
-
Expand the Admin Base URL section.
-
Set the configuration options for the custom URL:
{width="600" modal="regular"}
If needed, clear the Use system value checkbox to change the setting.
-
Set Use Custom Admin URL to
Yes
. -
Enter the Custom Admin URL:
http://yourdomain.com/magento/
note note NOTE The Admin URL must be in the same Commerce installation, and have the same document root as the storefront. -
Set Custom Admin Path to
Yes
. -
For Custom Admin Path, enter the path to use as the custom admin folder name.
Example:
sample_custom_admin
-
-
When complete, click Save Config.
-
After the changes are saved, sign out of the Admin and log back in using the new Admin URL and path.
Method 2: Change the Admin path from the server command line
-
Open the
app/etc/env.php
file in a text editor, and change the value of thefrontName
parameter of thebackend
section. Then, save the file.Make sure to use only lowercase characters.
note note NOTE This method allows you to change the Admin Path, but not the Admin URL. note tip TIP For ÃÛ¶¹ÊÓƵ Commerce on cloud infrastructure, you can set up a custom admin path using the ADMIN_URL
variable in the Cloud UI. See the Admin variables topic in the Commerce on Cloud Infrastructure Guide.-
Default Admin Path
code language-php?start_inline=1 'backend' => [ 'frontName' => 'admin' ],
-
New Admin Path
code language-php?start_inline=1 'backend' => [ 'frontName' => 'backend' ],
-
-
Use one of the following methods to clear the cache:
-
On the Admin sidebar, go to System > Tools > Cache Management. Then, click Flush Magento Cache.
-
On the server, execute the following:
code language-bash php bin/magento cache:flush
note note NOTE The changes made using the Method 1 have the priority over the changes made in the app/etc/env.php
file. -
Method 3: Change the Admin path using the Commerce CLI
You can use the CLI setup:config:set
command to change the Admin Path. The following example uses the --backend-frontname
option to change the path from the Commerce root to a new Admin path:
bin/magento setup:config:set --backend-frontname="backend_front_name"
This command updates the backend
> frontName
configuration option in the app/etc/env.php
file.
Restore the default Admin URL and Admin path
In case you have set an invalid Admin URL or an Admin Path and lost access to the backend, there is a way to fix it from the command line.
-
To revert to the default Admin URL, execute this command:
code language-bash php bin/magento config:set admin/url/use_custom 0
-
To revert to the default Admin Path (set in the
app/etc/env.php
as described in the Method 2), execute this command :code language-bash php bin/magento config:set admin/url/use_custom_path 0
-
Use one of the following methods to clear the cache:
-
On the Admin sidebar, go to System > Tools > Cache Management. Then, click Flush Magento Cache.
-
On the server, execute the following:
code language-bash php bin/magento cache:flush
-