0

I have an application that is hosted on AWS. It has an ALB in front of the application servers. In order to handle a huge load, I have also added Cloudfront in front of the AWS Application Load Balancer (ALB). Cloudfront is configured for dynamic website content. I'm using a custom domain name for the CloudFront along with an SSL certificate.

When loading the application, I'm getting errors like:

(blocked:mixed-content)

I thought that, if we enable SSL on CloudFront it will be enough for security similar to the SSL offloading feature on Load Balancer.

Do we need to enable SSL on ALB in order to avoid this error?

If yes, do we need to add a domain name for the ALB and issue a certificate?

Is there any other fix for this issue? Any help will be appreciated.

Neron Joseph
  • 1,675
  • 22
  • 39
  • You will need to use SSL on your ALB as well. On Cloudfront you could redirect all http to https, then ALB listens on port 443 and on the server side of the ALB you need port 80 only. You then need to add an SSL cert to the ALB. Are you using an AWS ACM cert? – WarrenG Oct 29 '19 at 10:13
  • Is there any issue if the communication between Cloudfront and ALB are non-encrypted? Right now, it hasn't enabled HTTPS. – Neron Joseph Oct 29 '19 at 12:23

1 Answers1

1

Actually, In the frontend code, I have added the ALB URL of the backend. When I replace that with the newly created Cloudfront URL, the issue got resolved.

Right now, the frontend and backend URLs are HTTPS, hence resolved the issue.

Neron Joseph
  • 1,675
  • 22
  • 39