Configuration
The app/etc/env.php configuration file of your project should be fine-tuned for optimal performance and security.
Admin prefix
The admin URL is the entry point to the Magento Admin. It is important to change the default admin URL to a custom one to prevent unwanted access to the admin panel login screen.
To change the admin URL, update the backend configuration:
<?php
return [
...
'backend' => [
'frontName' => 'admin_123_xyz' // Change this to a custom admin URL
],
...
];Database
See previous page.
Cache
Instead of using the default file-based cache, you can use Redis for better performance. To configure Redis, update the cache configuration:
<?php
return [
...
'cache' => [
'frontend' => [
'default' => [
'id_prefix' => (getenv('MAGENTO_REDIS_PREFIX') ?: 'default') . '_',
'backend' => \Magento\Framework\Cache\Backend\Redis::class,
'backend_options' => [
'server' => getenv('MAGENTO_REDIS_HOST'),
'password' => getenv('MAGENTO_REDIS_PASSWORD') ?: '',
'port' => getenv('MAGENTO_REDIS_PORT') ?: '6379',
'database' => getenv('MAGENTO_REDIS_DATABASE_DEFAULT') ?: '0',
'compress_data' => '',
'compress_data' => '1',
'compression_lib' => 'gzip',
],
],
'page_cache' => [
'id_prefix' => (getenv('MAGENTO_REDIS_PREFIX') ?: 'fpc') . '_',
'backend' => \Magento\Framework\Cache\Backend\Redis::class,
'backend_options' => [
'server' => getenv('MAGENTO_REDIS_HOST'),
'password' => getenv('MAGENTO_REDIS_PASSWORD') ?: '',
'port' => getenv('MAGENTO_REDIS_PORT') ?: '6379',
'database' => getenv('MAGENTO_REDIS_DATABASE_FPC') ?: '1',
'compress_data' => '1',
'compression_lib' => 'gzip',
]
]
],
'allow_parallel_generation' => false,
],
...
];Redis ID Prefix
The id_prefix option is used to prefix the cache keys.
This is particularly useful when you deploy a new release of your Magento / Adobe Commerce application in Kubernetes, to avoid cache key conflicts between releases.
Indeed, when releasing a new version of your application, new Pods will progressively replace the old ones, meaning that you will have two versions of your application running at the same time.
In the diagram above, you can see that the old release and the new release of your application are both using the same Redis instance.
If you don't use a prefix, the cache keys generated by the old release and the new release will conflict with each other, leading to unexpected behavior.
IMPORTANT
The id_prefix value should be unique for each release of your application, using the MAGENTO_REDIS_PREFIX environment variable. It could for example be the Git commit hash of the release, or the release version.
L2 Cache
When running multiple instances of your Magento / Adobe Commerce application, each Pod will fetch the cache from the Redis server for every request.
This can lead to a high load on the Redis server, network congestion, and increased latency.
To mitigate this, you can use a L2 cache, which is a local cache that stores locally on each Pod a copy of the cache data fetched from the Redis server, avoiding fetching the cache data from the Redis server for every request.
To ensure the local cache is always up-to-date, Magento / Adobe Commerce will check the cache version from the Redis server, and only fetch the cache data if the local cache is outdated.
The sequence diagram below illustrates the process of fetching the cache data from the Redis server and storing it in the local cache:
Locking
Magento / Adobe Commerce uses locks in some parts of the application to avoid race conditions.
The default lock provider is the database (db), which can be switched to Redis (cache) for better performance:
<?php
return [
...
'lock' => [
'provider' => 'cache',
],
...
];NOTE
The cache lock provider is only useful when using Redis as the cache backend.
Sessions
Magento / Adobe Commerce uses the file system to store session data by default.
This should be switched to Redis:
<?php
return [
...
'session' => [
'save' => 'redis',
'redis' => [
'host' => getenv('MAGENTO_REDIS_HOST'),
'port' => getenv('MAGENTO_REDIS_PORT') ?: '6379',
'password' => getenv('MAGENTO_REDIS_PASSWORD') ?: '',
'database' => getenv('MAGENTO_REDIS_DATABASE_SESSION') ?: '2',
'compression_library' => 'gzip',
],
],
...
];Crypt key
The crypt/key configuration is used to encrypt and decrypt sensitive data in Magento / Adobe Commerce, such as payment gateway credentials.
It is also used to sign JSON Web Tokens (JWT) used for API authentication (customers and admin users).
IMPORTANT
You should use a different crypt key for each environment (development, staging, production) to ensure that sensitive data encrypted in one environment cannot be decrypted in another environment, and to avoid JWT replay attacks.
TIP
The crypt/key config can contain several keys, separated by a space. Magento / Adobe Commerce stores encrypted data prefixed with the index of the key used to encrypt it. This allows you to rotate the keys without losing the ability to decrypt data encrypted with the old keys.
Deployment
During each request, Magento / Adobe Commerce checks if config data in the deployment configuration files was changed.
If so, it will display an error message, prompting you to run the bin/magento app:config:import or bin/magento setup:upgrade command to apply the changes.
To avoid issues when deploying a new release of your application, you can enable the Blue-Green deployment feature, which disables this check:
<?php
return [
...
'deployment' => [
'blue_green' => [
'enabled' => true
]
],
...
];Remote storage
Magento / Adobe Commerce uses the file system to store media files by default.
This should be switched to Amazon S3 as a remote storage service for better performance and scalability.
To configure Amazon S3, update the remote_storage configuration:
<?php
return [
...
'remote_storage' => [
'driver' => 'aws-s3',
'config' => [
'bucket' => getenv('MAGENTO_REMOTE_STORAGE_PUBLIC_BUCKET'),
'region' => getenv('MAGENTO_REMOTE_STORAGE_REGION')
]
],
...
];NOTE
This assumes that you have already set up an Amazon S3 bucket, and that either the AWS access and secret keys are available as environment variables, or that the Pods have an IAM role with the necessary permissions to access the bucket (i.e. Pod Identities or IRSA).
Queuing
Magento / Adobe Commerce uses AMQP (RabbitMQ) for queuing by default.
However, in most use cases, using the database as a queue backend is sufficient:
> show tables like 'queue%';
+--------------------------------+
| Tables_in_magento (queue%) |
+--------------------------------+
| queue |
| queue_lock |
| queue_message |
| queue_message_status |
| queue_poison_pill |
+--------------------------------+The options can be configured in the queue configuration:
<?php
return [
...
'queue' => [
'default_connection' => 'db',
],
...
];<?php
return [
...
'queue' => [
'amqp' => [
'host' => getenv('MAGENTO_RABBITMQ_HOST'),
'port' => getenv('MAGENTO_RABBITMQ_PORT') ?: '5672',
'user' => getenv('MAGENTO_RABBITMQ_USER') ?: 'rabbitmq',
'password' => getenv('MAGENTO_RABBITMQ_PASSWORD'),
'virtualhost' => getenv('MAGENTO_RABBITMQ_VHOST') ?: '/'
]
],
...
];NOTE
In both cases, the queue/consumers_wait_for_messages setting should be set to 1 to avoid having the consumers restarting indefinitely when there are no messages in the queue.
GraphQL
GraphQL introspection should be disabled in production to prevent leaking sensitive information about your Magento / Adobe Commerce application.
To disable GraphQL introspection, update the graphql configuration:
<?php
return [
...
'graphql' => [
'disable_introspection' => true
],
...
];