Skip to content

Support explicit bind address for worker log server #60117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ananich wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Support explicit bind address for worker log server #60117

ananich wants to merge 3 commits into from

Conversation

@ananich
Copy link

@ananich ananich commented Jan 5, 2026

Problem

Currently, the Airflow worker log server (serve_logs.py) is hardcoded to bind to all available interfaces (0.0.0.0 or [::]) via socket.has_dualstack_ipv6(). This exposes port 8793 to the entire network by default, creating a potential security risk where task logs could be intercepted or scanned by unauthorized entities.

Proposed Change

This PR modifies the log server initialization to respect the WORKER_LOG_SERVER_HOST configuration variable. If this variable is set (e.g., to 127.0.0.1), the server will bind specifically to that address. If not set, it falls back to the existing dual-stack wildcard logic to maintain backward compatibility.

@boring-cyborg
Copy link

boring-cyborg bot commented Jan 5, 2026

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst)
Here are some useful points:

  • Pay attention to the quality of your code (ruff, mypy and type annotations). Our prek-hooks will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
  • Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
  • Be sure to read the Airflow Coding style.
  • Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: [email protected]
    Slack: https://s.apache.org/airflow-slack

kaxil
kaxil reviewed Jan 5, 2026
View reviewed changes
airflow-core/src/airflow/utils/serve_logs/core.py
setproctitle("airflow serve-logs")

port = port or conf.getint("logging", "WORKER_LOG_SERVER_PORT")
host = conf.get("logging", "WORKER_LOG_SERVER_HOST", fallback=host)
Copy link
Member

@kaxil kaxil Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

new config should be added to https://github.com/apache/airflow/blob/main/airflow-core/src/airflow/config_templates/config.yml

Copy link
Author

@ananich ananich Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/apache/airflow/blob/main/airflow-core/src/airflow/config_templates/config.yml updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kaxil kaxil kaxil left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ananich @kaxil