Running Airflow behind a reverse proxy¶
Airflow can be set up behind a reverse proxy, with the ability to set its endpoint with great flexibility.
For example, you can configure your reverse proxy to get:
https://lab.mycompany.com/myorg/airflow/
To do so, you need to set the following setting in your airflow.cfg:
base_url = http://my_host/myorg/airflow
Configure your reverse proxy (e.g. nginx) to pass the url and http header as it for the Airflow webserver, without any rewrite, for example:
server { listen 80; server_name lab.mycompany.com; location /myorg/airflow/ { proxy_pass http://localhost:8080; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_redirect off; proxy_http_version 1.1; } }Use
--proxy-headersCLI flag to tell Uvicorn to respect these headers:airflow api-server --proxy-headersIf your proxy server is not on the same host (or in the same docker container) as Airflow, then you will need to set the
FORWARDED_ALLOW_IPSenvironment variable so Uvicorn knows who to trust this header from. See Uvicorn’s docs. For the full options you can pass here. (Please note the--forwarded-allow-ipsCLI option does not exist in Airflow.)