Need help with Azure AD with AWX


  • K3s v1.28.6+k3s2
  • awx-operator 2.12.1
  • AWX 23.9.0
  • PostgreSQL 13
    AWX is exposed via nginx ingress (with domain )
    I’ve created a public certificate

I’ve configured azure and AWX according to the documentation.
When I click on the azure button on the connection page, I arrive on the Microsoft part and then I enter my identifiers. Then the page loads for a while and I get a “504 Gateway Time-out error. nginx”.
Is anyone having problems with Azure AD?
Thank you
Best regards,

To address the “504 Gateway Time-out error” with Azure AD in AWX, check and adjust the Nginx timeout settings, ensure your Azure AD and AWX configurations match the documentation, inspect network connectivity, and review both AWX and Azure AD logs for errors. This comprehensive approach should help identify and solve the issue.

Yes, I tried to access the nginx settings in the Kubernetes container. But it asks me for a password, I don’t know it. Is there any other way to change the nginx config??

And the file (nginx.conf) is in readonly , i cannot modify

Hi, thanks for moving the topic from my repo to here, with additional information :smiley:

I make quick test and can confirm that Azure AD auth works without any problem. Almost the same setup, but I use Traefik as an ingress controller.

When you are on 504 Gateway Time-out error. nginx page, what is its URL? I mean, we want to ensure Redirect URI is correct.

If the Redirect URI is correctly configured, is there any logs on the nginx side, e.g. nginx for ingress controller, or nginx in awx-web pod.


Ok, let me start from the beginning:
1 I created the app on azure AD
2- created a “web” web application (adding the rollback link I found on AWX https://fdqn/sso/complete/azuread-oauth2/)
3-I changed the default name to towerhost on the awx web interface

I work behind a proxy.
I’ve just realised that my traffic does not go through the proxy never use the proxy, even though I’ve added the http_proxy :
1 on awx.yml
2 /etc/systemd/system/k3s.service.env

I have no idea … why

How did you add proxies on awx.yml? If you have done it by adding AWX_TASK_ENV['HTTP_PROXY'] in extra_settings, I haven’t read the code in detail, but I’m a little unsure if that works for social auth as well.

Can you try adding proxies by task_extra_env and web_extra_env in awx.yaml?

  task_extra_env: |
    - name: HTTP_PROXY
    - name: HTTPS_PROXY
    - name: NO_PROXY
  web_extra_env: |
    - name: HTTP_PROXY
    - name: HTTPS_PROXY
    - name: NO_PROXY

I put this (awx.yml) :

    - setting: AWX_TASK_ENV['HTTP_PROXY']
      value: "''"
    - setting: AWX_TASK_ENV['HTTPS_PROXY']
      value: "''"
    - setting: AWX_TASK_ENV['NO_PROXY']
      value: "''"

Your solution works :slight_smile:
Thank you very much


Thank you too, I’ve added a note about this in my guide :smiley:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.