Why would Strapi admin fail to login when site domain go through CloudFront CDN?
When we point our domain to CloudFront that proxies requests to our server, we cannot log in to admin anymore, when we type email and password, then click the submit button, it first seems like log-in was successful, then it redirects back to the login page. The only error shown in the console is 401 for the following pages:
/information
/permissions
/me
When we make the domain point directly to our server, we then can log in with no issues.
In all cases, we use Nginx which passes requests to the actual Strapi server through proxy_pass.
Are there any settings we need to tweak on Strapi? Or are there any headers/settings that need to be added to the CDN service?
Strapi is almost vanilla, other than the URL, models, and db settings, there aren't any actual customizations.
Any suggestions?
I had the same issue and I solved it by modifying the headers forwarding policy in Cloud Front:
- Go to your distribution
- Go to
Behaviorsand click edit - Scroll down to
Cache key and origin requestssection - Choose
Cache policy and origin request policy (recommended) - For
Cache policychooseCachingDIsabled(it is managed one) - For
Origin request policy - optionalclick onCreate origin request policyto create a custom one - Create the following policy:
- Refresh the options for
Origin request policy - optionaland choose the newly created policy - Save the changes
- Wait for CloudFront to be deployed
Obviously, Cloud Front is not including all headers from the origin request which is causing the issue. I hope this solves your problem also.
- Remove a part of a log in Loki
- nginx - nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
- Second nginx route doesn't work when there are two NextJs applications hosted
- How do I open another port in a docker nginx container (only in the container; so, NOT publishing which is the -p flag)?
- docker private registry with nginx reverse proxy freeze when pushing
- Load balancer on Nginx give 502 Bad Gateway
- nginx: use environment variables
- Nginx rewrite and change timestamp format
- how to serve a specific page for each domain name pointing to my nextjs app using nginx
- Response returned only after kernel.terminate event
- How to redirect a web page with a Hash in URL NGINX Ubuntu Server
- nginx "server_tokens off" does not remove the server header
- Accessing just a specific folder should redirect
- Send nginx logs to both syslog and stdout/stderr
- Use nginx to serve static files from subdirectories of a given directory
- Nginx http call partial transfer in Azure Container App Environment
- Nginx reachable from localhost not outside of network, other programmes are reachable
- NGINX to reverse proxy websockets AND enable SSL (wss://)?
- Nginx ip configuration issue
- Can't disable buffering on a cgi using nginx, fastcgi and bash
- File Not Found when running PHP with Nginx
- Certbot not creating acme-challenge folder
- upstream name comes to url in browser - nginx configuration
- React + Docker + Nginx
- When using proxy_pass, can /etc/hosts be used to resolve domain names instead of "resolver"?
- nginx: trigger slow php-fpm process, but quickly return status 200
- Terraform Kubernetes NGINX Ingress - Host rules not returning 504 (Gateway Timeout)
- nginx-openresty rewrite_by_lua_block and ngx.req.set_uri redirects to a file instead of location
- NGINX Digest, limit_except GET, but allow localhost
- How do I access a server on localhost with nginx docker container?