Magento Commerce, 2.2.x

Store URLs

Each website in a Magento installation has a base URLUniform Resource Locator: The unique address of a page on the internet. that is assigned to the storefront, and another URL that is assigned to the AdminThe password-protected back office of your store where orders, catalog, content, and configurations are managed.. Magento uses variables to define internal links in relation to the base URL, which makes it possible to move an entire store from one location to another without updating the links. Standard base URLs begin with http, and secure base URLs begin with https.

  • Base URL

    Secure Base URL

    URL with IP address


Important! Do not change the Admin URL from the default Base URL configuration. To change the Admin URL or path, see: Using a Custom Admin URL.

Use Secure Protocol

The base URLs for your store were initially set up during the Web Configuration step of the Magento installation. If a security certificateInformation that is used by the SSL protocol to establish a secure connection. was available at the time, you could specify for secure (https) URLs to be used for the store, Admin, or both. If your Magento installation includes multiple stores, or if you plan to later add more stores, you can include the store code in the URL. All Magento resources and operations can be used with secure protocol.

If a security certificate wasn't available for the domainThe address of a website on the web; what the customer types in their browser address bar to access the store. at the time of the installation, make sure to update the configuration before launching your store. After a security certificate is established for your domain, you can configure either or both base URLs to operate with encrypted Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol.

Magento strongly recommends for all pages of a production site, including content and product pages, to be transmitted with secure protocol.

Magento can be configured to deliver all pages over https by default. If your store has been running up until now with standard protocol, you can improve security by enabling HTTP Strict Transport Security (HSTS). and by upgrading any insecure page requests that are received by the store. HSTS is an opt-inThe process by which a user consents to receiving emails from an online store. protocol that prevents browsers from rendering standard http pages that are transmitted with unsecure protocol for the specificed domain. Because search engines might have already indexed each page of your store with standard http URLs, you can configure Magento to automatically upgrade any unsecure page requests to https, so you don't lose any traffic. When Magento is configured to use secure URLs for both the store and Admin, two additional fields appear that allow you to enable HSTS.


If after following the configuration instructions, some pages continue to be served with the unsecure URL (http://), do the following:

  • Change the (unsecure) base URL to the secure (https://) URL.
  • On the server, edit the .htaccess file (or load balancer) so the unsecure URL is redirected to the secure URL.