mintlify · cdxker · Sep 13, 2025 · Sep 11, 2025 · Sep 13, 2025 · Sep 13, 2025
diff --git a/advanced/subpath/route53-cloudfront.mdx b/advanced/subpath/route53-cloudfront.mdx
@@ -8,29 +8,23 @@
 
 To host your documentation at a `/docs` subpath using AWS Route 53 and CloudFront, you need to configure your DNS provider to point to your CloudFront distribution.
 
-## Proxies with Vercel deployments
+## High-level overview
 
-If you use AWS CloudFront as a proxy with Vercel deployments, you must configure CloudFront to avoid interfering with Vercel's domain verification and SSL certificate provisioning.
-
-Improper CloudFront configuration can prevent Vercel from provisioning Let's Encrypt SSL certificates and cause domain verification failures.
-
-### Required path allowlist
-
-CloudFront must allow traffic to these specific paths without caching or blocking:
+Route traffic to these paths with a Cache Policy of **CachingDisabled**:
 
 - `/.well-known/acme-challenge/*` - Required for Let's Encrypt certificate verification
-- `/.well-known/vercel/*` - Required for Vercel domain verification
+- `/.well-known/vercel/*` - Required for domain verification
+- `/docs/*` - Required for subpath routing
+- `/docs/` - Required for subpath routing
 
-These paths should be configured to bypass CloudFront caching and pass through directly to your origin.
+Route traffic to this path with a Cache Policy of **CachingEnabled**:
 
-### Header forwarding requirements
+- `/mintlify-assets/_next/static/*`
+- `Default (*)`	- Your websites landing page
 
-You must create a custom origin request policy that forwards the `HOST` header and client IP information correctly. This is critical for Vercel's verification processes.
+All Behaviors must have the an **origin request policy** of `AllViewerExceptHostHeader`.
 
-1. Create a custom origin request policy named `VercelCloudFrontProxy`.
-2. Include the `Origin` and `CloudFront-Viewer-Address` headers.
-
-You must include the `CloudFront-Viewer-Address` header in your origin request policy or cache policy headers configuration to forward the header to your origin.
+![CloudFront "Behaviors" page with 4 behaviors: `/docs/*`, `/docs`, `Default`, and `/.well-known/*`.](/images/cloudfront/all-behaviors.png)
 
 ## Create CloudFront distribution
 
@@ -67,9 +61,9 @@
 2. Find your staging URL that mirrors the main domain. This is highly variant depending on how your landing page is hosted. For example, the Mintlify staging URL is [mintlify-landing-page.vercel.app](https://mintlify-landing-page.vercel.app).

 <Info>
  If your landing page is hosted on Webflow, use Webflow's staging URL. It would look like `.webflow.io`.

  If you use Vercel, use the `.vercel.app` domain available for every project.
 </Info>

 3. Create a new Origin and add your staging URL as the "Origin domain".
@@ -86,7 +80,7 @@

 ## Set behaviors

 Behaviors in CloudFront enable control over the subpath logic. At a high level, we're looking to create the following logic.

 - **If a user lands on /docs**, go to `[SUBDOMAIN].mintlify.dev`.
 - **If a user lands on any other page**, go the current landing page.
@@ -101,7 +95,7 @@

 ### `/.well-known/*`

 Create behaviors for Vercel domain verification paths with a **Path pattern** of `/.well-known/*` and set **Origin and origin groups** to your docs URL.

 For "Cache policy", select **CachingDisabled** to ensure these verification requests pass through without caching.

@@ -110,8 +104,8 @@
 </Frame>

 <Info>
 If `.well-known/*` is too generic, it can be narrowed down to 2 behaviors at a minimum for Vercel:
  - `/.well-known/vercel/*` - Required for Vercel domain verification
  - `/.well-known/acme-challenge/*` - Required for Let's Encrypt certificate verification
 </Info>

@@ -120,12 +114,7 @@
 Create a behavior with a **Path pattern** of `/docs` with **Origin and origin groups** pointing to the `.mintlify.dev` URL (in our case `acme.mintlify.dev`).
 
 - Set "Cache policy" to **CachingOptimized**.
-- In "Origin request policy", create an origin request policy named **VercelCloudFrontProxy**. That forwards the `Origin` and `CloudFront-Viewer-Address` headers.
-
-<Frame>
-	![CloudFront Create origin request policy page that forwards the `Origin` and `CloudFront-Viewer-Address` headers](/images/cloudfront/origin-request-policy.png)
-</Frame>
-
+- Set "Origin request policy" to **AllViewerExceptHostHeader**.
 - Set Viewer Protocol Policy to **Redirect HTTP to HTTPS**
 
 <Frame>
@@ -139,9 +128,15 @@
 These settings should exactly match `/docs`. With the exception of the **Path pattern**.
 
 - Set "Cache policy" to **CachingOptimized**.
-- Set "Origin request policy" to **VercelCloudFrontProxy**.
+- Set "Origin request policy" to **AllViewerExceptHostHeader**.
 - Set "Viewer protocol policy" to **Redirect HTTP to HTTPS**
 
+### `/mintlify-assets/_next/static/*`
+
+ - Set "Cache policy" to **CachingOptimized**
+ - Set "Origin request policy" to **AllViewerExceptHostHeader**
+ - Set "Viewer protocol policy" to **Redirect HTTP to HTTPS**
+
 ### `Default (*)`
 
 Lastly, we're going to edit the `Default (*)` behavior.

diff --git a/advanced/subpath/vercel.mdx b/advanced/subpath/vercel.mdx
@@ -1,19 +1,19 @@
 ---
 title: "Vercel"
 description: "Host documentation at a /docs subpath using Vercel"
 ---

 ## vercel.json file

 The `vercel.json` file is Vercel's configuration file that allows you to customize how your project is built and deployed. It sits in your project's root directory and controls various aspects of your deployment, including routing, redirects, headers, and build settings.

 We use the `rewrites` configuration to proxy requests from your main domain to your documentation.

 Rewrites allow you to map incoming requests to different destinations without changing the URL in the browser. When someone visits `yoursite.com/docs`, Vercel will internally fetch content from `your-subdomain.mintlify.dev/docs` but the user will still see `yoursite.com/docs` in their browser. This is different from redirects, which would send users to a different URL entirely.

 ## Configuration

 To host your documentation at a custom `/docs` subpath using Vercel, add the following configuration to your `vercel.json` file:

 ```json
 {
@@ -31,28 +31,29 @@
 ```

 - **`source`**: The path pattern on your domain that triggers the rewrite.
 - **`destination`**: Where the request should be proxied to.
 - **`:match*`**: A wildcard that captures any path segments after `/docs/`.


 For more information, see [Configuring projects with vercel.json: Rewrites](https://vercel.com/docs/projects/project-configuration#rewrites) in the Vercel documentation.

 ## Using external proxies with Vercel

 If you're using an external proxy (like Cloudflare or AWS CloudFront) in front of your Vercel deployment, you must configure it properly to avoid conflicts with Vercel's domain verification and SSL certificate provisioning.

 Improper proxy configuration can prevent Vercel from provisioning Let's Encrypt SSL certificates and cause domain verification failures.

 See the [supported providers](https://vercel.com/guides/how-to-setup-verified-proxy#supported-providers-verified-proxy-lite) in the Vercel documentation.

 ### Required path allowlist

 Your external proxy must allow traffic to these specific paths without blocking, redirecting, or heavily caching:
 
 - `/.well-known/acme-challenge/*` - Required for Let's Encrypt certificate verification
 - `/.well-known/vercel/*` - Required for Vercel domain verification
+- `/mintlify-assets/_next/static/*` - Required for static assets
 
 These paths should pass through directly to your Vercel deployment without modification.
 
 ### Header forwarding requirements

@@ -63,5 +64,5 @@
 To verify your proxy is correctly configured:

 1. Test that `https://[yourdomain].com/.well-known/vercel/` returns a response.
 2. Ensure SSL certificates are provisioning correctly in your Vercel dashboard.
 3. Check that domain verification completes successfully.
diff --git a/images/cloudfront/all-behaviors.png b/images/cloudfront/all-behaviors.png
diff --git a/images/cloudfront/behavior-1.png b/images/cloudfront/behavior-1.png