Airflow Azure AD redirect URL coming with http instead of https

[tibre500]

Apache Airflow version: 2.9.3
Helm chart version: 1.15.0
**Kubernetes version: ** 1.30.5

What happened:
Issue1: without Azure AD implementation
I am deploying Airflow using helm charts on Azure Kubernetes Service with approuting enabled and ingress nginx. We are using an URL to setup a https connection with ingress enabled. All the pods are running and the login screen with username & password is coming fine with secured https connection. On login the url is getting redirected to http://airflow-url:8080/home instead of airflow-ui/home and giver error: This site can’t be reached ui.dev-airflow.****..org took too long to respond.. After removing the :8080 for the url manually or directly logining with http://airflow-url/login/ it successfully takes me inside the home page with https connection again.

Issue2: With Azure AD implementation
With Azure AD implementation the redirect url is going to http instead of https which is configured in the Azure AD.
AADSTS50011: The redirect URI 'http://airflow-ui:8080/oauth-authorized/azure' specified in the request does not match the redirect URIs configured for the application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal.

What you think should happen instead:
The url after login should not redirect with port attached to it and from https connection to http connection.

How to reproduce:
`

# Ingress configuration
ingress:
  enabled: true
  web:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: webapprouting.kubernetes.azure.com
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/server-snippet: |
        http2_max_header_size 24k;
        http2_max_field_size 24k;
      nginx.ingress.kubernetes.io/ssl-redirect: "false"
    path: "/"
    pathType: "Prefix"
    hosts:
      - ui.dev-airflow.internal.kpn.org
        - name: "airflow-ui"
          tls:
            enabled: true
            secretName: "airflow-dev-ui-tls"
    ingressClassName: "webapprouting.kubernetes.azure.com"

    # configs for web Ingress TLS (Deprecated - renamed to `ingress.web.hosts[*].tls`)
    tls:
      enabled: true
      secretName: "airflow-dev-ui-tls"

# Environment variables for all airflow containers
env:
  - name: AIRFLOW__WEBSERVER__ENABLE_PROXY_FIX
    value: "True"

# Airflow webserver settings
webserver:
  enabled: true
webserverConfigConfigMapName: "airflow-webserver-config"
service:
    type: ClusterIP
    annotations: {}
    ports:
      - name: airflow-ui
        port: 443
        targetPort: 8080
env:
    - name: AIRFLOW__WEBSERVER__REDIRECT_URI
      value: "airflow-ui/oauth-authorized/azure"
    - name: AIRFLOW__WEBSERVER__ENABLE_PROXY_FIX
      value: "True"

`
Please help, stuck because of this issue from a long time.

[tibre500]

Any kind of help will be highly appreciated 🙏

[abhisam]

HI all, I am also facing the same issue with Azure AD SSO. I added the redirect URL in the custom web server file, but it is still redirecting to http. Is there a configuration for the redirect URL?

[dwvd]

Any fix for this one?

[scali]

I had the same problem, and it seems to be fixed by adding this property to the value.yaml file

airflow:
  config:
    # This will make sure the redirect_uri is properly computed, even with SSL offloading
    AIRFLOW__WEBSERVER__ENABLE_PROXY_FIX: True

I've found the tip on this gist and on another Apache project configuration guide based on FAB

Note

AIRFLOW__WEBSERVER__ENABLE_PROXY_FIX seems to be broken in AirFlow 3.0.0 : #49781

[bkarankar]

hi,
you can try this https://github.com/bkarankar/Nexoryx_Airflow3
it has pre-configure settings and easy to install on ubuntu 24.04. just make sure to update the variables and run the script with sudo access.
it will configure everything including jenkins, sso, api auth etc and will show you all urls, password etc. you can change password once it's ready to use. it may take approx 15-20 minutes depends on internet speed.