如何在Airflow Web服务器上启用SSL? [英] How to enable SSL on Airflow Webserver?

问题描述

我一直在尝试在我的Apache Airflow前端上通过SSL启用HTTPS，但是文档非常稀疏，在线上没有很多好的示例.

I've been trying to enable HTTPS via SSL on my Apache Airflow frontend but the documentation is quite sparse and there aren't that many good examples on this online.

我的Airflow实例当前正在Red Hat Linux VM上运行.我曾尝试生成密钥/证书，然后将配置文件指向相应的路径，但这似乎不起作用.

My instance of Airflow is currently running on a Red Hat Linux VM. I've tried generating a key/certificate, and pointing the configuration file to the respective paths, but it does not seem to work.

从Airflow文档中，似乎我们应该简单地生成通往证书和密钥&的路径.将路径添加到SSL证书&键入气流.我使用Open SSL生成了.key和.csr文件.

From the Airflow documentation, it seems like we are supposed to simply generate a path to the cert and key & add a path to the SSL cert & key in Airflow. I generated a .key and .csr file using Open SSL.

/usr/bin/openssl genrsa -rand /dev/urandom -out /etc/httpd/conf/server.key 2048

/usr/bin/openssl req -new -key /etc/httpd/conf/server.key -out /etc/httpd/conf/server.csr

然后我更新了配置文件...

I then updated the configuration file...

# Paths to the SSL certificate and key for the web server. When both are
# provided SSL will be enabled. This does not change the web server port.
web_server_ssl_cert = /etc/httpd/conf/server.csr
web_server_ssl_key = /etc/httpd/conf/server.key

然后我重新启动Web服务器，并在网页上收到以下错误:

I then reboot the webserver, and get the following error on the web page:

Forbidden

'[SSL] PEM lib (_ssl.c:3337)'

如果任何人有任何经验或关于如何在其Airflow实例上启用SSL的指示，我将非常感谢！我现在有点死胡同，似乎其他任何人都没有得到令人满意的答案.

If anyone has any experience or pointers as to how they enabled SSL on their Airflow instance, I'd really appreciate it! I'm at a bit of a dead end right now and it doesn't seem like anyone else online has gotten a satisfactory answer.

推荐答案

为将来可能遇到此问题的人发布答案.我发现关键是与.key文件一起生成.crt，而不是使用openssl生成.csr文件.

Posting an answer for those who may encounter this issue in the future. I found the key was to generate a .crt along with the .key file, not a .csr file using openssl.

openssl req \
       -newkey rsa:2048 -nodes -keyout domain.key \
       -x509 -days 365 -out domain.crt

https: //www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

请注意，这并不意味着证书将被签名……对于您的用例而言可能不重要.

Note that this does not mean the certificate will be signed...may or may not be important for your use case.

这篇关于如何在Airflow Web服务器上启用SSL?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！