I’m at a bit of a loss and wondering what everyone here is doing about this.
It’s been a while since I have hosted Umbraco sites, but I’m coming back to it. In the years since I last touched Umbraco (v8), I have changed a lot about how I host things. One of those things is putting the entire site behind CloudFront. I want the whole site behind CloudFront, not just media/static assets.
This usually isn’t too much of an issue with other projects, but Umbraco’s now got this requirement that the back office requires HTTPS. Cool, I get it, but I don’t need my hand held in this way.
End goal:
https ↔ CloudFront ↔ http ↔ Kestrel ↔ Umbraco.
CloudFront serves everything as https, so really, CloudFront is wrapping the http coming from Kestrel. I guess Umbraco doesn’t like this when opening the back office and is throwing this error:
error:invalid_request
error_description:The specified 'redirect_uri' is not valid for this client application.
error_uri:https://documentation.openiddict.com/errors/ID2043
Front-end of the site loads fine, though.
I guess I could make Kestrel serve over https, but I’m not handling anything sensitive between these servers in AWS’ data center and that’s a lot of TLS encryption/decryption overhead for minimal benefit. Surely this has been considered?
Anyone have similar issues? Are there some configuration switches to throw? TLS all the things, yes, but me no need like this.
This is a companion discussion topic for the original entry at https://our.umbraco.com/forum/114588-umbraco-kestrel-and-cloudfront