I'm at a bit of a loss and wondering what everyone here is doing about this.
It's been a while since I have hosted Umbraco sites, but I'm coming back to it. In the years since I last touched Umbraco (v8), I have changed a lot about how I host things. One of those things is putting the entire site behind CloudFront. I want the whole site behind CloudFront, not just media/static assets.
This usually isn't too much of an issue with other projects, but Umbraco's now got this requirement that the back office requires HTTPS. Cool, I get it, but I don't need my hand held in this way.
CloudFront serves everything as https, so really, CloudFront is wrapping the http coming from Kestrel. I guess Umbraco doesn't like this when opening the back office and is throwing this error:
error:invalid_request
error_description:The specified 'redirect_uri' is not valid for this client application.
error_uri:https://documentation.openiddict.com/errors/ID2043
Front-end of the site loads fine, though.
I guess I could make Kestrel serve over https, but I'm not handling anything sensitive between these servers in AWS' data center and that's a lot of TLS encryption/decryption overhead for minimal benefit. Surely this has been considered?
Anyone have similar issues? Are there some configuration switches to throw? TLS all the things, yes, but me no need like this.
This NEEDS to live under Umbraco -> CMS -> WebRouting.
If your application is still exhibiting this 2043 error, double-check that you have WebRouting at the correct level in the dictionary. (I had a mistake where I had added the above snippet under Umbraco -> CMS -> Global -> WebRouting.)
But this actually caused my issue in my local development enviroment, and so I removed it. Now it's working, and I suppose UmbracoApplicationUrl should be used in the production settings appsettings.Production.json.
Finally, as some tangental but related conversation, it's nice to be back working with Umbraco after several years. Being able to develop on my Mac with Rider is a great and productive experience.
Serving with Kestrel on Linux feels silky smooth compared to what I remember with IIS.
Umbraco, Kestrel and CloudFront
I'm at a bit of a loss and wondering what everyone here is doing about this.
It's been a while since I have hosted Umbraco sites, but I'm coming back to it. In the years since I last touched Umbraco (v8), I have changed a lot about how I host things. One of those things is putting the entire site behind CloudFront. I want the whole site behind CloudFront, not just media/static assets.
This usually isn't too much of an issue with other projects, but Umbraco's now got this requirement that the back office requires HTTPS. Cool, I get it, but I don't need my hand held in this way.
End goal:
https <-> CloudFront <-> http <-> Kestrel <-> Umbraco.
CloudFront serves everything as https, so really, CloudFront is wrapping the http coming from Kestrel. I guess Umbraco doesn't like this when opening the back office and is throwing this error:
Front-end of the site loads fine, though.
I guess I could make Kestrel serve over https, but I'm not handling anything sensitive between these servers in AWS' data center and that's a lot of TLS encryption/decryption overhead for minimal benefit. Surely this has been considered?
Anyone have similar issues? Are there some configuration switches to throw? TLS all the things, yes, but me no need like this.
Update: FIXED BY MY OWN RESEARCH.
It appears that proxying is not exactly straightforward with v14, so I'm leaving a trail here for others.
Edit your appsettings.json file to include the following:
This NEEDS to live under Umbraco -> CMS -> WebRouting.
If your application is still exhibiting this 2043 error, double-check that you have WebRouting at the correct level in the dictionary. (I had a mistake where I had added the above snippet under Umbraco -> CMS -> Global -> WebRouting.)
Source info here: https://docs.umbraco.com/umbraco-cms/extending/health-check/guides/fixedapplicationurl
And here: https://github.com/umbraco/Umbraco-CMS/issues/16179#issuecomment-2194142613
Sweet lordie, praise the eternal spirits of Neils and Per Ploug!
I had this in my
appsettings.json:But this actually caused my issue in my local development enviroment, and so I removed it. Now it's working, and I suppose
UmbracoApplicationUrlshould be used in the production settingsappsettings.Production.json.Yep, exactly! Good clarification!
Finally, as some tangental but related conversation, it's nice to be back working with Umbraco after several years. Being able to develop on my Mac with Rider is a great and productive experience.
Serving with Kestrel on Linux feels silky smooth compared to what I remember with IIS.
is working on a reply...