I have an application that is hosted on AWS. It has an ALB in front of the application servers. In order to handle a huge load, I have also added Cloudfront in front of the AWS Application Load Balancer (ALB). Cloudfront is configured for dynamic website content. I'm using a custom domain name for the CloudFront along with an SSL certificate.
When loading the application, I'm getting errors like:
(blocked:mixed-content)
I thought that, if we enable SSL on CloudFront it will be enough for security similar to the SSL offloading feature on Load Balancer.
Do we need to enable SSL on ALB in order to avoid this error?
If yes, do we need to add a domain name for the ALB and issue a certificate?
Is there any other fix for this issue? Any help will be appreciated.
Actually, In the frontend code, I have added the ALB URL of the backend. When I replace that with the newly created Cloudfront URL, the issue got resolved.
Right now, the frontend and backend URLs are HTTPS, hence resolved the issue.