After July 2021, the 2.3.x release line no longer received quality updates or user guide updates. PHP 7.3 reached end of support in December 2021, and Adobe Commerce 2.3.x reached end of support in September 2022. We strongly recommend upgrading to Adobe Commerce 2.4.x to help maintain PCI compliance.

Store URLs

This site contains archived merchant documentation for a version of Adobe Commerce and Magento Open Source that has reached end-of-support. The documentation available here is intended for historical reference only and is not maintained. The Adobe Commerce Merchant Documentation for current releases is published on the Adobe Experience League.

Each website in a Magento installation has a base URL that is assigned to the storefront, and another URL that is assigned to the Admin. Magento uses variables to define internal links in relation to the base URL, which makes it possible to move an entire store from one location to another without updating the links. Standard base URLs begin with http, and secure base URLs begin with https.

  • Base URLhttps://www.yourdomain.com/magento/
  • Secure Base URLhttps://www.yourdomain.com/magento/
  • URL with IP addresshttps://###.###.###.###/magento/ or https://###.###.###.###/magento/

Do not change the Admin URL from the default Base URL configuration. To change the Admin URL or path, see Using a Custom Admin URL.

Use Secure Protocol

The base URLs for your store were initially set up during your Magento installation. If a security certificate was available at the time, you could specify for HTTPS URLs to be used for the store, Admin, or both. If your Magento installation includes multiple stores or you plan to later add more stores, you can include the store code in the URL. All Magento resources and operations can be used with secure protocol.

If a security certificate was not available for the domain at the time of the installation, make sure to update the configuration before launching your store. After a security certificate is established for your domain, you can configure either or both base URLs to operate with encrypted Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol.

Magento strongly recommends for all pages of a production site, including content and product pages, to be transmitted with secure protocol.

Magento can be configured to deliver all pages over HTTPS by default. If your store has been running up until now with standard protocol, you can improve security by enabling HTTP Strict Transport Security (HSTS) and upgrading any unsecure page requests that are received by the store. HSTS is an opt-in protocol that prevents browsers from rendering standard HTTP pages that are transmitted with unsecure protocol for the specified domain. Because search engines might have already indexed each page of your store with standard HTTP URLs, you can configure Magento to automatically upgrade any unsecure page requests to HTTPS, so you don’t lose any traffic. When Magento is configured to use secure URLs for both the store and Admin, two additional fields appear that allow you to enable HSTS.

Configure the base URL

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. Under General in the left panel, choose Web.

  3. Expand Expansion selector the Base URL section.

    • Base URL — Enter the fully qualified base URL for your store. Make sure to end the URL with a forward slash, so it can be extended with additional URL Keys from your store. For example: https://yourdomain.com/

      Do not change the placeholder in the Base Link URL field. It is a placeholder that is used to create relative links to the base URL.

    • Base URL for Static View Files — (Optional) Specify an alternate location for the base URL for static view files by entering the path starting with the following placeholder:

      {{unsecure_base_url}}

    • Base URL for User Media Files — (Optional) Specify an alternate location for the base URL for user media files by entering the path starting with the following placeholder:

      {{unsecure_base_url}}

      For a typical installation, there is no need to update the paths for the static view files or media files because they are relative to the base URL.

    General configuration - web base URLs Base URLs

    Placeholders enclosed in double braces are markup tags for variables.

  4. When complete, click Save Config.

Configure the secure base URL

If your domain has a valid security certificate, you can configure the URLs of both the storefront and Admin to transmit data over a secure (https) channel. Without a valid security certificate, your store cannot operate with secure (SSL/TLS) protocol.

  1. Expand Expansion selector the Base URLs (Secure) section. Then, do the following:

    General configuration - secure base URLs Base URLs (Secure)

    • Secure Base URL — Enter the full secure base URL, followed by a forward slash. For example: https://yourdomain.com/

    • Secure Base Link URL — Do not change the placeholder in the secure base link URL field. It is used to create relative links to the secure base URL.

    • Secure Base URL for Static View Files — (Optional) Specify an alternate location for the secure base URL for static view files by entering the path starting with the following placeholder:

      {{secure_base_url}}

    • Secure Base URL for User Media Files — (Optional) Specify an alternate location for the secure base URL for user media files by entering the path starting with the following placeholder:

      {{secure_base_url}}

  2. To enhance security, set both of the following options to Yes.

    • Use Secure URLs on Storefront
    • Use Secure URLs in Admin

  3. For Enhanced Security Settings, do the following:

    General configuration - URL enhanced security Enhanced Security

    • Enable HTTP Strict Transport Security (HSTS) — If you want your store to display only secure HTTPS page requests, set to Yes.

    • Upgrade Insecure Requests — To upgrade any requests for standard unsecured HTTP pages to secure HTTPS, set to Yes.

  4. Most Magento installations use the default X-Forward-Proto Offloader Header to identify the protocol as either HTTP or HTTPS. If your server configuration uses a different offloader_header, enter it here.

  5. When complete, click Save Config.

Include the store code in URLs

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. Under General in the left panel, choose Web.

  3. Expand Expansion selector the URL Options section.

  4. Set Add Store Code to your preference:

    • URL with Store Code: https://www.yourdomain.com/magento/[store-code]/index.php/url-identifier
    • URL without Store Code: https://www.yourdomain.com/magento/index.php/url-identifier

    General configuration - web URL options URL Options

  5. When complete, click Save Config.

  6. Click the Cache Management link in the message at the top of the workspace. Then, follow the instructions to refresh the cache.

    Cache management message

Troubleshooting

If after following the configuration instructions, some pages continue to be served with the unsecure URL (https:///), do the following:

  • Change the (unsecure) base URL to the secure HTTPS URL.
  • On the server, edit the .htaccess file (or load balancer) so the unsecure URL is redirected to the secure URL.
© 2024 Adobe. All rights reserved.