Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to enable SSL on Airflow Webserver?

I've been trying to enable HTTPS via SSL on my Apache Airflow frontend but the documentation is quite sparse and there aren't that many good examples on this online.

My instance of Airflow is currently running on a Red Hat Linux VM. I've tried generating a key/certificate, and pointing the configuration file to the respective paths, but it does not seem to work.

From the Airflow documentation, it seems like we are supposed to simply generate a path to the cert and key & add a path to the SSL cert & key in Airflow. I generated a .key and .csr file using Open SSL.

/usr/bin/openssl genrsa -rand /dev/urandom -out /etc/httpd/conf/server.key 2048

/usr/bin/openssl req -new -key /etc/httpd/conf/server.key -out /etc/httpd/conf/server.csr

I then updated the configuration file...

# Paths to the SSL certificate and key for the web server. When both are
# provided SSL will be enabled. This does not change the web server port.
web_server_ssl_cert = /etc/httpd/conf/server.csr
web_server_ssl_key = /etc/httpd/conf/server.key

I then reboot the webserver, and get the following error on the web page:

Forbidden

'[SSL] PEM lib (_ssl.c:3337)'

If anyone has any experience or pointers as to how they enabled SSL on their Airflow instance, I'd really appreciate it! I'm at a bit of a dead end right now and it doesn't seem like anyone else online has gotten a satisfactory answer.

like image 527
superli3 Avatar asked Jun 21 '19 17:06

superli3


1 Answers

Posting an answer for those who may encounter this issue in the future. I found the key was to generate a .crt along with the .key file, not a .csr file using openssl.

openssl req \
       -newkey rsa:2048 -nodes -keyout domain.key \
       -x509 -days 365 -out domain.crt

https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

Note that this does not mean the certificate will be signed...may or may not be important for your use case.

like image 173
superli3 Avatar answered Oct 16 '22 08:10

superli3