You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2018/09/18 07:45:45 UTC
[GitHub] r39132 closed pull request #1869: [AIRFLOW-571] added
--forwarded_allow_ips as a command line argument to webserver
r39132 closed pull request #1869: [AIRFLOW-571] added --forwarded_allow_ips as a command line argument to webserver
URL: https://github.com/apache/incubator-airflow/pull/1869
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/airflow/bin/cli.py b/airflow/bin/cli.py
index 21e1d23878..8fda8f5dc1 100755
--- a/airflow/bin/cli.py
+++ b/airflow/bin/cli.py
@@ -45,7 +45,7 @@
from airflow import api
from airflow import jobs, settings
from airflow import configuration as conf
-from airflow.exceptions import AirflowException
+from airflow.exceptions import AirflowException, AirflowConfigException
from airflow.executors import DEFAULT_EXECUTOR
from airflow.models import (DagModel, DagBag, TaskInstance,
DagPickle, DagRun, Variable, DagStat,
@@ -699,6 +699,11 @@ def webserver(args):
if ssl_cert and not ssl_key:
raise AirflowException(
'An SSL key must also be provided for use with ' + ssl_cert)
+ try:
+ forwarded_allow_ips = (args.forwarded_allow_ips or
+ conf.get('webserver', 'forwarded_allow_ips'))
+ except AirflowConfigException:
+ forwarded_allow_ips = None
if args.debug:
print(
@@ -740,6 +745,9 @@ def webserver(args):
if ssl_cert:
run_args += ['--certfile', ssl_cert, '--keyfile', ssl_key]
+ if forwarded_allow_ips:
+ run_args += ['--forwarded-allow-ips', forwarded_allow_ips]
+
run_args += ["airflow.www.app:cached_app()"]
gunicorn_master_proc = subprocess.Popen(run_args)
@@ -1294,6 +1302,10 @@ class CLIFactory(object):
default=conf.get('webserver', 'ERROR_LOGFILE'),
help="The logfile to store the webserver error log. Use '-' to print to "
"stderr."),
+ 'forwarded_allow_ips': Arg(
+ ("--forwarded_allow_ips", ),
+ default=None,
+ help="Pass gunicorn front-end IPs allowed to handle set secure headers."),
# resetdb
'yes': Arg(
("-y", "--yes"),
@@ -1469,7 +1481,8 @@ class CLIFactory(object):
'help': "Start a Airflow webserver instance",
'args': ('port', 'workers', 'workerclass', 'worker_timeout', 'hostname',
'pid', 'daemon', 'stdout', 'stderr', 'access_logfile',
- 'error_logfile', 'log_file', 'ssl_cert', 'ssl_key', 'debug'),
+ 'error_logfile', 'log_file', 'ssl_cert', 'ssl_key',
+ 'forwarded_allow_ips', 'debug'),
}, {
'func': resetdb,
'help': "Burn down and rebuild the metadata database",
diff --git a/airflow/configuration.py b/airflow/configuration.py
index 265f7289ea..a86f629493 100644
--- a/airflow/configuration.py
+++ b/airflow/configuration.py
@@ -211,6 +211,12 @@ def run_command(command):
web_server_ssl_cert =
web_server_ssl_key =
+# Pass gunicorn front-end IPs allowed to handle set secure headers.
+# Multiple IPs should be comma separated. Set to * to disable checking.
+# Useful if you are running gunicorn behind a load balancer.
+# See http://docs.gunicorn.org/en/stable/settings.html#forwarded-allow-ips
+# forwarded_allow_ips = *
+
# Number of seconds the gunicorn webserver waits before timing out on a worker
web_server_worker_timeout = 120
@@ -454,6 +460,7 @@ def run_command(command):
dag_orientation = LR
log_fetch_timeout_sec = 5
hide_paused_dags_by_default = False
+forwarded_allow_ips = *
[email]
email_backend = airflow.utils.email.send_email_smtp
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services