[
https://issues.apache.org/jira/browse/AIRFLOW-571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16869593#comment-16869593
]
Ash Berlin-Taylor commented on AIRFLOW-571:
-------------------------------------------
Maybe all we need is a doc change then, as this does work:
{noformat}
GUNICORN_CMD_ARGS='--ssl-version=5' airflow webserver
{noformat}
(that will force gunicorn to only use TLSv1.2, if ssl is enabled.)
> allow gunicorn config to be passed to airflow webserver
> -------------------------------------------------------
>
> Key: AIRFLOW-571
> URL: https://issues.apache.org/jira/browse/AIRFLOW-571
> Project: Apache Airflow
> Issue Type: Improvement
> Components: webserver
> Reporter: Dennis O'Brien
> Priority: Major
>
> I have run into an issue when running airflow webserver behind a load
> balancer where redirects result in https requests forwarded to http. I ran
> into a similar issue with Caravel which also uses gunicorn.
> https://github.com/airbnb/caravel/issues/978 From that issue:
> {quote}
> When gunicorn is run on a different machine from the load balancer (nginx or
> ELB), it needs to be told explicitly to trust the X-Forwarded-* headers sent.
> gunicorn takes an option --forwarded-allow-ips which can either be a comma
> separated list of ip addresses, or "*" to trust all.
> {quote}
> I don't see a simple way to inject custom arguments to the gunicorn call in
> `webserver()`. Rather than making a special case to set
> --forwarded-allow-ips, it would be nice if the caller of `airflow webserver`
> could pass an additional gunicorn config file.
> The call to gunicorn is already including a -c and I'm not sure gunicorn will
> take multiple configs, so maybe we have to parse the config and include each
> name=value on the gunicorn command line. Any suggestions on how best to
> allow this?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
