Trigger Dag from Airflow Web GUI sets origin with wrong HTTP scheme #12291
Description
Apache Airflow version: 1.10.11
Environment:
- OS (e.g. from /etc/os-release):
- Kernel (e.g.
uname -a): Linux
What happened: After manually triggering a DAG from Airflow Web GUI, Airflow attempted to open the /admin/ page using http:// instead of the the https:// scheme, and so failed to connect because my webserver only supports SSL connections.
Chrome browser displays "This site can’t be reached ... emp-wf-vkruglik.mydomain.com refused to conntect." and "ERR_CONNECTION_REFUSED"
What you expected to happen:
I expected Airflow to open the /admin/ page using the https:// scheme because my webserver only supports SSL connections.
Furthermore, I have the [webserver] base_url option set up using https:// scheme.
How to reproduce it:
When I examine the HTML source of the <title>Airflow - DAGs</title> page, I see that the <!-- Trigger Dag --> blocks have "origin" url args configured with "http", as in this example:
<!-- Trigger Dag -->
<a href="/admin/airflow/trigger?dag_id=airflow_db_cleanup&origin=http://emp-wf-vkruglik.mydomain.com/admin/">
<span class="glyphicon glyphicon-play-circle" aria-hidden="true" data-original-title="Trigger Dag"></span>
</a>
This <!-- Trigger Dag --> block originates from airflow/www/templates/airflow/dags.html, where it picks up origin from &origin={{ request.base_url }}:
<!-- Trigger Dag -->
<a href="{{ url_for('airflow.trigger', dag_id=dag.dag_id) }}&origin={{ request.base_url }}">
<span class="glyphicon glyphicon-play-circle" aria-hidden="true" data-original-title="Trigger Dag"></span>
</a>
I have the [webserver] base_url option set up using "https://" as
base_url = https://emp-wf-vkruglik.mydomain.com
So, I am surprised that this option's value isn't used by that template.
Note that in my network setup, there is an apache server that acts as SSL terminator. Apache server in turn forwards the requests to Airflow webserver as HTTP over port 80. So, in the web browser (I am using Chrome), I access Airflow using this URL: https://emp-wf-vkruglik.mydomain.com/admin/ (note the https).
However, when I got trough the "Trigger Dag" in Airflow UI and click on the Trigger button (or the "abort" button), Airflow GUI attempts to load http://emp-wf-vkruglik.mydomain.com/admin/ instead of https://emp-wf-vkruglik.mydomain.com/admin/.
From the source code of airflow/www/templates/airflow/trigger.html, I see that this incorrect HTTP scheme is picked up from the {{ origin }} arg:
{% extends "airflow/master.html" %}
{% block body %}
{{ super() }}
<h2>Trigger DAG: {{ dag_id }}</h2>
<form method="POST">
<input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
<input name="dag_id" type="hidden" value="{{ dag_id }}"/>
<input name="origin" type="hidden" value="{{ origin }}"/>
<div class="form-group">
<label for="conf">Configuration JSON (Optional)</label>
<textarea class="form-control" name="conf">{{ conf }}</textarea>
</div>
<p>
To access configuration in your DAG use <code>{{ '{{' }} dag_run.conf {{ '}}' }}</code>.
</p>
<input class="btn btn-primary" type="submit" value="Trigger"/>
<button class="btn" onclick="location.href = '{{ origin }}'; return false">bail.</button>
</form>
{% endblock %}
Anything else we need to know:
Occurs 100%
There needs to be some way to configure or deduce that the app needs to use https in the origin in this scenario, such as using the base_url option value from the [webserver]config section.
enable_proxy_fix = True in [webserver]config section didn't help.