我的书签
添加书签
移除书签Running Airflow behind a reverse proxy
Airflow can be set up behind a reverse proxy, with the ability to set its endpoint with great flexibility.
For example, you can configure your reverse proxy to get:
https://lab.mycompany.com/myorg/airflow/
To do so, you need to set the following setting in your airflow.cfg:
base_url = http://my_host/myorg/airflow
Additionally if you use Celery Executor, and you enable flower, you can get Flower in /myorg/flower with:
flower_url_prefix = /myorg/flower
Your reverse proxy (ex: nginx) should be configured as follow:
pass the url and http header as it for the Airflow webserver, without any rewrite, for example:
server {listen 80;server_name lab.mycompany.com;location /myorg/airflow/ {proxy_pass http://localhost:8080;proxy_set_header Host $http_host;proxy_redirect off;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";}}
rewrite the url for the flower endpoint:
server {listen 80;server_name lab.mycompany.com;location /myorg/flower/ {rewrite ^/myorg/flower/(.*)$ /$1 break; # remove prefix from http headerproxy_pass http://localhost:5555;proxy_set_header Host $http_host;proxy_redirect off;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";}}
To ensure that Airflow generates URLs with the correct scheme when running behind a TLS-terminating proxy, you should configure the proxy to set the X-Forwarded-Proto header, and enable the ProxyFix middleware in your airflow.cfg:
[webserver]enable_proxy_fix = True
If you need to configure the individual parameters to the ProxyFix middleware, you can set them individually in your airflow.cfg:
[webserver]proxy_fix_x_for = 1proxy_fix_x_host = 3
Note
You should only enable the ProxyFix middleware when running Airflow behind a trusted proxy (AWS ELB, nginx, etc.).
