Documentation Commerce Stores and Purchase Experience

Store URLs

Last update: May 5, 2025

CREATED FOR:

Beginner
Intermediate
Admin
User

Each website in an Adobe Commerce or Magento Open Source installation has a base URL that is assigned to the storefront, and another URL that is assigned to the Admin. Adobe uses variables to define internal links in relation to the base URL, which makes it possible to move an entire store from one location to another without updating the links. Standard base URLs begin with http, and secure base URLs begin with https.

Base URL — http://www.yourdomain.com/magento/
Secure Base URL — https://www.yourdomain.com/magento/
URL with IP address — http://###.###.###.###/magento/ or https://###.###.###.###/magento/

IMPORTANT

Do not change the Admin URL from the default base URL configuration. To change the Admin URL or path, see Use a custom Admin URL.

Use a secure protocol

The base URLs for your store were initially set up during your Adobe Commerce installation. If a security certificate was available at the time, you could specify for HTTPS URLs to be used for the store, Admin, or both. If your Adobe Commerce installation includes multiple stores or you plan to later add more stores, you can include the store code in the URL. All Adobe resources and operations can be used with secure protocol.

If a security certificate was not available for the domain at the time of the installation, make sure to update the configuration before launching your store. After a security certificate is established for your domain, you can configure either or both base URLs to operate with encrypted Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol.

IMPORTANT

Adobe strongly recommends transmitting all pages of a production site, including content and product pages, using a secure protocol.

Adobe Commerce and Magento Open Source can be configured to deliver all pages over HTTPS by default. If your store has been running up with standard protocol, you can improve security by enabling HTTP Strict Transport Security (HSTS) and upgrading any unsecure page requests. HSTS is an opt-in protocol that prevents browsers from rendering standard HTTP pages that are transmitted with unsecure protocol for the specified domain. Because search engines might have already indexed each page of your store with standard HTTP URLs, you can configure Commerce to upgrade any unsecure page requests to HTTPS automatically , so you don’t lose any traffic. When Commerce is configured to use secure URLs for both the storefront and Admin, two additional fields appear that allow you to enable HSTS.

Configure the base URL

On the Admin sidebar, go to Stores > Settings > Configuration.
Under General in the left panel, choose Web.
Expand the Base URL section.
- Base URL — Enter the fully qualified base URL for your store. Make sure to end the URL with a forward slash, so it can be extended with additional URL Keys from your store. For example: http://yourdomain.com/
  
  NOTE
  Do not change the placeholder in the Base Link URL field. It is a placeholder that is used to create relative links to the base URL.
- Base URL for Static View Files — (Optional) Specify an alternate location for the base URL for static view files by entering the path starting with the following placeholder:
  
  {{unsecure_base_url}}
- Base URL for User Media Files — (Optional) Specify an alternate location for the base URL for user media files by entering the path starting with the following placeholder:
  
  {{unsecure_base_url}}
  
  For a typical installation, there is no need to update the paths for the static view files or media files because they are relative to the base URL.
NOTE
Placeholders enclosed in double braces are markup tags for variables.
When complete, click Save Config.

Configure the secure base URL

If your domain has a valid security certificate, you can configure the URLs of both the storefront and Admin to transmit data over a secure (https) channel. Without a valid security certificate, your store cannot operate with secure (SSL/TLS) protocol.

Expand the Base URLs (Secure) section and do the following:
- Secure Base URL — Enter the full secure base URL, followed by a forward slash. For example: https://yourdomain.com/
- Secure Base Link URL — Do not change the placeholder in the secure base link URL field. It is used to create relative links to the secure base URL.
- Secure Base URL for Static View Files — (Optional) Specify an alternate location for the secure base URL for static view files by entering the path starting with the following placeholder:
  
  {{secure_base_url}}
- Secure Base URL for User Media Files — (Optional) Specify an alternate location for the secure base URL for user media files by entering the path starting with the following placeholder:
  
  {{secure_base_url}}
To enhance security, set both of the following options to Yes.
- Use Secure URLs on Storefront
- Use Secure URLs in Admin
For Enhanced Security Settings, do the following:
- Enable HTTP Strict Transport Security (HSTS) — If you want your store to display only secure HTTPS page requests, set to Yes.
- Upgrade Insecure Requests — To upgrade any requests for standard unsecured HTTP pages to secure HTTPS, set to Yes.
Set the Offloader Header for your server.

Most Commerce installations use the default X-Forward-Proto to identify the protocol as either HTTP or HTTPS. If your server configuration uses a different offloader_header, enter it here.
When complete, click Save Config.

Include the store code in URLs

NOTE

When the Add Store Code to URLs option is set to Yes, you must include store codes in your browser URLs. This setting ensures that URL rewrites are mapped correctly and all pages are opened successfully, without “404 Page Not Found” errors.

On the Admin sidebar, go to Stores > Settings > Configuration.
Under General in the left panel, choose Web.
Expand the URL Options section.
Set Add Store Code to your preference:
- URL with Store Code: http://www.yourdomain.com/magento/[store-code]/index.php/url-identifier
- URL without Store Code: http://www.yourdomain.com/magento/index.php/url-identifier
When complete, click Save Config.
Click the Cache Management link in the message at the top of the workspace. Then, follow the instructions to refresh the cache.

URL troubleshooting

If after following the configuration instructions, some pages continue to be served with the unsecure URL (http://), do the following:

Change the (unsecure) base URL to the secure HTTPS URL.
On the server, edit the .htaccess file (or load balancer) so the unsecure URL is redirected to the secure URL.

Use a custom Admin URL

As a security best practice, Adobe recommends that you use a unique Admin URL instead of the default admin or a common term such as backend. Although it does not directly protect your site from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access.

NOTE

Check with your hosting provider before implementing a custom Admin URL. Some hosting providers require a standard URL to meet firewall protection rules.

In a typical installation, the Admin URL and path immediately follow the base URL. The Admin path is one directory below the root.

Default Base URL: http://yourdomain.com/magento/
Default Admin Path: admin
Default Admin URL and Path: http://yourdomain.com/magento/admin

Although it is possible to change the Admin URL and path to another location, any mistake removes access to the Admin, and must be corrected from the server.

NOTE

As a precaution, do not try to change the Admin URL yourself unless you know how to edit configuration files on the server. For Adobe Commerce projects deployed on cloud infrastructure, change the Admin URL by following the instructions in the Adobe Commerce on Cloud Infrastructure Guide.

Method 1: Change from the Admin

On the Admin sidebar, go to Stores > Settings > Configuration.
In the left panel, expand Advanced and choose Admin.
Expand the Admin Base URL section.
Set the configuration options for the custom URL:

If needed, clear the Use system value checkbox to change the setting.
- Set Use Custom Admin URL to Yes.
- Enter the Custom Admin URL: http://yourdomain.com/magento/
  
  NOTE
  The Admin URL must be in the same Commerce installation, and have the same document root as the storefront.
- Set Custom Admin Path to Yes.
- For Custom Admin Path, enter the path to use as the custom admin folder name.
  
  Example: sample_custom_admin
When complete, click Save Config.
After the changes are saved, sign out of the Admin and log back in using the new Admin URL and path.

Method 2: Change the Admin path from the server command line

Open the app/etc/env.php file in a text editor, and change the value of the frontName parameter of the backend section. Then, save the file.

Make sure to use only lowercase characters.

NOTE
This method allows you to change the Admin Path, but not the Admin URL.

TIP
For Adobe Commerce on cloud infrastructure, you can set up a custom admin path using the ADMIN_URL variable in the Cloud UI. See the Admin variables topic in the Commerce on Cloud Infrastructure Guide.
- Default Admin Path
  'backend' => [ 'frontName' => 'admin' ],
- New Admin Path
  'backend' => [ 'frontName' => 'backend' ],
Use one of the following methods to clear the cache:
- On the Admin sidebar, go to System > Tools > Cache Management. Then, click Flush Magento Cache.
- On the server, execute the following:
  php bin/magento cache:flush
NOTE
The changes made using the Method 1 have the priority over the changes made in the app/etc/env.php file.

Method 3: Change the Admin path using the Commerce CLI

You can use the CLI setup:config:set command to change the Admin Path. The following example uses the --backend-frontname option to change the path from the Commerce root to a new Admin path:

bin/magento setup:config:set --backend-frontname="backend_front_name"

This command updates the backend > frontName configuration option in the app/etc/env.php file.

Restore the default Admin URL and Admin path

In case you have set an invalid Admin URL or an Admin Path and lost access to the backend, there is a way to fix it from the command line.

To revert to the default Admin URL, execute this command:
php bin/magento config:set admin/url/use_custom 0
To revert to the default Admin Path (set in the app/etc/env.php as described in the Method 2), execute this command :
php bin/magento config:set admin/url/use_custom_path 0
Use one of the following methods to clear the cache:
- On the Admin sidebar, go to System > Tools > Cache Management. Then, click Flush Magento Cache.
- On the server, execute the following:
  php bin/magento cache:flush

recommendation-more-help