HTTP Expert

Magento locked base URL

A clean, modern vector illustration of a desktop browser window on a white background. The address bar reads "magento.com" with a padlock icon on the left and a bookmark icon on the right. Inside the content area is a minimalist storefront preview: a 2x2 grid of pastel product cards (blue, mint, peach, lavender) with tiny image placeholders and two-line labels, plus a small shopping cart icon in the top-right corner. The palette uses white, light gray, and soft pastels in a flat design.

Written by

Madalin

in

The following content has been generated with AI’s help.

Human:

I want to configure Magneto’s base url, both http and https, also admin, to pick the configuration from either env.php or config.php and lock changing this in the admin interface. Guide me how to do it.

AI:

Below is a practical, safe way to make Magento read your base URLs from code (env.php or config.php) and prevent admins from changing them in the backend. I cover (A) the recommended, supported approach using Magento’s config dump (app/etc/config.php) which locks the fields, and (B) how to put values in env.php if you prefer environment-specific settings. I also show how to verify and how to revert.

Summary (recommended)

  • Use the CLI to set the base URLs, then run bin/magento app:config:dump to persist those settings into app/etc/config.php. When config values live in app/etc/config.php they are read-only in the Admin UI (locked).

Important notes before you begin

  • Always keep backups of app/etc/env.php and app/etc/config.php before changing them.
  • Base URLs must include a trailing slash, e.g. https://example.com/
  • For HTTPS to work, ensure your webserver and certificates are configured correctly.
  • Run these steps during maintenance window on production.

A. Recommended: Export the base URL settings into app/etc/config.php (locks admin UI)
1) Set the base URLs (optional if already set in Admin):

  • CLI (recommended):
    bin/magento config:set web/unsecure/base_url http://example.com/
    bin/magento config:set web/secure/base_url https://example.com/
    (also set secure flags if needed)
    bin/magento config:set web/secure/use_in_frontend 1
    bin/magento config:set web/secure/use_in_adminhtml 1

2) Dump the configuration to files so it becomes file-based (and locked in Admin):

  • Dump the specific paths you want locked:
    bin/magento app:config:dump web/unsecure/base_url web/secure/base_url web/secure/use_in_frontend web/secure/use_in_adminhtml
  • This writes the configuration into app/etc/config.php under the “system” section.

3) Deploy / clear caches:
bin/magento cache:flush
(If in production mode, run static content & di compile as needed.)

4) Verify:

  • Admin: Go to Stores > Configuration > General > Web. The fields that are now file-backed will be disabled and show a message like “This configuration is stored in the configuration file and cannot be edited in the Admin.”
  • CLI: bin/magento app:config:status will show which settings are file-based.

5) To change the values in the future:

  • Edit app/etc/config.php manually (or use app:config:import if you manage configuration differently), then deploy and flush cache.
  • After removing a key from config.php, the Admin will be able to edit that setting again (unless overridden elsewhere).

B. Alternative: Put per-environment values in app/etc/env.php

  • Use this if you want environment-specific values (for example different dev/stage/prod hosts).
  • Magento reads env.php early; config keys in env.php can act as defaults or environment overrides (useful for deploy-time settings).

Example snippet to add to app/etc/env.php (merge into the array that file returns):
‘system’ => [
‘default’ => [
‘web’ => [
‘unsecure’ => [
‘base_url’ => ‘http://example.com/’
],
‘secure’ => [
‘base_url’ => ‘https://example.com/’,
‘use_in_frontend’ => ‘1’,
‘use_in_adminhtml’ => ‘1’
]
]
]
],

  • Save file and flush cache: bin/magento cache:flush
  • Note: values in DB (core_config_data) may still override these; to make them effectively authoritative you should remove DB entries or use the config dump approach (A). The env.php method is best for environment-specific defaults but the explicit locking mechanism is the app/etc/config.php dump method.

C. Admin area URL (backend frontName) and admin base specifics

  • The admin frontName is set in env.php under ‘backend’ => [‘frontName’ => ‘admin_xyz’] — this is file-based and not editable in Admin.
  • Admin uses the normal base URLs (web/secure/base_url and web/unsecure/base_url). If you need the admin on a separate host, you can set store- or website-scoped values or use config paths like web/unsecure/base_link_url or specify scope-specific config (dump all required paths).

D. Extras / verification / troubleshooting

  • See current file-backed config entries:
    bin/magento app:config:status
  • To remove a file-backed setting:
  • Remove the key(s) from app/etc/config.php (or use bin/magento app:config:dump:new if used) and flush cache. Then Admin can change them again.
  • If you manually edit app/etc/config.php or env.php, make sure file permissions are correct and re-deploy caches.

E. Example workflow for typical production deployment

  1. On local or staging set and test config values via Admin or bin/magento config:set.
  2. When ready to lock, run:
    bin/magento app:config:dump web/unsecure/base_url web/secure/base_url web/secure/use_in_frontend web/secure/use_in_adminhtml
  3. Commit app/etc/config.php to version control and deploy to production.
  4. Flush cache on deploy.

That’s it — recommended: use the app:config:dump flow to persist + lock base URLs in app/etc/config.php. Use env.php only if you require environment-specific configuration as a fallback. If you want, tell me your Magento version and whether you host admin on the same domain or a different hostname and I’ll provide the exact command list and a config.php/env.php example tailored to your case.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts