使用ProxyFix在反向代理后面运行气流

时间:2019-08-16 21:57:36

标签: python proxy reverse-proxy airflow werkzeug

尝试将气流设置为在反向代理后面运行,如下所述: https://airflow.readthedocs.io/en/stable/howto/run-behind-proxy.html

我正在运行气流v1.10.3,并且启用了ProxyFix:

[webserver]
enable_proxy_fix = True

在Web服务器日志中确认它已正确启动:

/usr/local/lib/python3.6/site-packages/airflow/www_rbac/app.py:48: DeprecationWarning: 'werkzeug.contrib.fixers.ProxyFix' has moved to 'werkzeug.middleware.proxy_fix.ProxyFix'. This import is deprecated as of version 0.15 and will be removed in 1.0.

然后运行以下命令:

curl http://localhost:8080 --header "X-Forwarded-Host: airflow.staging.spothero.com" -v
* Rebuilt URL to: http://localhost:8080/
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.54.0
> Accept: */*
> X-Forwarded-Host: airflow.staging.spothero.com
> 
< HTTP/1.1 302 FOUND
< Server: gunicorn/19.9.0
< Date: Fri, 16 Aug 2019 17:14:54 GMT
< Connection: close
< Content-Type: text/html; charset=utf-8
< Content-Length: 217
< Location: http://localhost:8080/home```
curl http://localhost:8080 --header "Host: airflow.staging.spothero.com" -v
* Rebuilt URL to: http://localhost:8080/
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET / HTTP/1.1
> Host: airflow.staging.spothero.com
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 302 FOUND
< Server: gunicorn/19.9.0
< Date: Fri, 16 Aug 2019 17:21:27 GMT
< Connection: close
< Content-Type: text/html; charset=utf-8
< Content-Length: 217
< Location: http://airflow.staging.spothero.com/home

您会看到重定向是使用Host标头正确生成的,但是使用X-Forwarded-Host标头却正确生成了。生成这些重定向时,ProxyFix 应该使用X-Forwarded-Host标头而不是Host标头,但是出于某些原因,它不是。

关于我在这里缺少什么配置的任何想法?

1 个答案:

答案 0 :(得分:0)

找到了根本原因,这与不同的werkzeug版本有关(我运行的是0.15.x而不是0.14.x)。

https://werkzeug.palletsprojects.com/en/0.14.x/contrib/fixers/ https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/#module-werkzeug.middleware.proxy_fix

默认情况下,0.15.x版本需要设置x_host=1才能信任第一个X-Forwarded-Host标头,否则ProxyFix将完全忽略标头。 Airflow不提供开箱即用的设置此属性的钩子,因此airflow的ProxyFix无法与werkzeug 0.15.x一起使用。

0.14.x默认情况下信任第一个标头,但与气流使用的烧瓶> = 1.10不兼容:

https://issues.apache.org/jira/browse/AIRFLOW-4900

此问题已在气流1.10.4中修复: https://github.com/apache/airflow/pull/5563