Dennis O'Brien commented on AIRFLOW-571:

As I think about this more, it might be simpler (and safer) for me to provide a 
PR to allow an optional setting forwarded_allow_ips to solve my specific 

I'd be interested in hearing what others think about solving the more general 
problem of exposing all gunicorn configs.

> allow gunicorn config to be passed to airflow webserver
> -------------------------------------------------------
>                 Key: AIRFLOW-571
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-571
>             Project: Apache Airflow
>          Issue Type: Improvement
>          Components: webserver
>            Reporter: Dennis O'Brien
> I have run into an issue when running airflow webserver behind a load 
> balancer where redirects result in https requests forwarded to http.  I ran 
> into a similar issue with Caravel which also uses gunicorn.  
> https://github.com/airbnb/caravel/issues/978  From that issue:
> {quote}
> When gunicorn is run on a different machine from the load balancer (nginx or 
> ELB), it needs to be told explicitly to trust the X-Forwarded-* headers sent. 
> gunicorn takes an option --forwarded-allow-ips which can either be a comma 
> separated list of ip addresses, or "*" to trust all.
> {quote}
> I don't see a simple way to inject custom arguments to the gunicorn call in 
> `webserver()`.  Rather than making a special case to set 
> --forwarded-allow-ips, it would be nice if the caller of `airflow webserver` 
> could pass an additional gunicorn config file.
> The call to gunicorn is already including a -c and I'm not sure gunicorn will 
> take multiple configs, so maybe we have to parse the config and include each 
> name=value on the gunicorn command line.  Any suggestions on how best to 
> allow this?

This message was sent by Atlassian JIRA

Reply via email to