We are using kubernetes/ingress-nginx for our Azure AKS instance. I have a URI that is 9kb long approximately (it contains a post_logout_redirect_uri and a very long id_token_hint for our Identity server, running in .Net core 2.2).
However, I cannot get past the ingress as nginx is rejecting the query with 414 URI Too Long. I can see the request in the Nginx logs but not on the Identity server logs, so it is clearly getting bounced before.
I have tried to update the nginx configuration using config map, but without success. The settings are applied (and have helped me fix other issues before). However, in this case nothing I try seems to have worked. Here is the config map I'm using:
apiVersion: v1
data:
http2-max-header-size: "64k"
http2-max-field-size: "32k"
proxy-body-size: "100m"
client-header-buffer-size: "64k"
large-client-header-buffers: "4 64k"
kind: ConfigMap
metadata:
name: nginx-ingress-controller
namespace: kube-systemHere are the ingress annotations for the Identity server:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress-name
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/send_timeout: "180"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "180"
nginx.ingress.kubernetes.io/proxy-read-timeout: "180"
nginx.ingress.kubernetes.io/proxy-send-timeout: "180"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "authorization,content-type"
nginx.ingress.kubernetes.io/proxy-body-size: 250m
nginx.ingress.kubernetes.io/proxy-buffer-size: "64k"Finally, if I check the nginx config on the pod it does contain my updated values, in the global config section.
...
keepalive_timeout 75s;
keepalive_requests 100;
client_body_temp_path /tmp/client-body;
fastcgi_temp_path /tmp/fastcgi-temp;
proxy_temp_path /tmp/proxy-temp;
ajp_temp_path /tmp/ajp-temp;
client_header_buffer_size 64k;
client_header_timeout 60s;
large_client_header_buffers 4 64k;
client_body_buffer_size 8k;
client_body_timeout 60s;
http2_max_field_size 32k;
http2_max_header_size 64k;
http2_max_requests 1000;
types_hash_max_size 2048;
server_names_hash_max_size 1024;
server_names_hash_bucket_size 64;
map_hash_bucket_size 64;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
variables_hash_bucket_size 128;
variables_hash_max_size 2048;
underscores_in_headers off;
ignore_invalid_headers on;
...
Any info or suggestions would be appreciated, thanks!
To fix this issue edit your nginx.conf. Open the Terminal or login to the remote server using ssh client. Type the following command to edit your nginx.conf using a text editor such as vi or joe or nano:
# vi /etc/nginx/nginx.confUse nano text editor:
$ sudo nano /etc/nginx/nginx.confMust be run as root:
# vi /usr/local/nginx/conf/nginx.confAdd the following line to http or server or location context to increase the size limit in nginx.conf, enter:
# set client body size to 2M #
client_max_body_size 2M;The client_max_body_size directive assigns the maximum accepted body size of client request, indicated by the line Content-Length in the header of request. If size is greater the given one, then the client gets the error “Request Entity Too Large” (413). Save and close the file. Reload the nginx webserver, enter:
# /usr/local/nginx/sbin/nginx -s reloadUse nginx itself to reload it:
# /sbin/nginx -s reloadFor RHEL/CentOS/Debian/Ubuntu Linux, try:
# service nginx reloadIf you are using systemd based system run:
$ sudo systemctl reload nginx.serviceReferences: