How to avoid nginx "upstream sent too big header" errors?

Question

I'm running nginx, Phusion Passenger and Rails.

I am running up against the following error:

upstream sent too big header while reading response header from upstream, client: 87.194.2.18, server: xyz.com, request: "POST /user_session HTTP/1.1", upstream: "passenger://unix:/tmp/passenger.3322/master/helper_server.sock

It is occuring on the callback from an authentication call to Facebook Connect.

After googling, and trying to change nginx settings including proxy_buffer_size and large_client_header_buffers is having no effect.

How can I debug this?

score 31 · Accepted Answer · answered Sep 26 '11 at 17:37

Came across this error recently.

Since Passenger 3.0.8 there is now a setting that allows you to set the buffers and buffer size. So now you can do

http {
    ...
    passenger_buffers 8 16k;
    passenger_buffer_size 32k;
}

That resolved the issue for me.

score 30 · Answer 2 · answered Feb 21 '10 at 23:46

30

Try to add this to the config:

http {
    ...
    proxy_buffers 8 16k;
    proxy_buffer_size 32k;
    }

answered Feb 21 '10 at 23:46

Antiarchitect

1,852
2
16
19

since he's using Phusion Passenger atop of nginx, your solution will NOT help him. because his quoted error message above comes from passenger itself and almost definitely not from nginx directly. However, it might be safe to still do what you said, but also add the two passenger-pendants (passenger_buffers & passenger_buffer_size) as stated below. – christianparpart Jan 17 '12 at 14:27
2

@trapni May not help answer this question, but is also a solution for other people using nginx proxy – Matej Oct 06 '13 at 18:17
solved my problem with nginx reverse proxy to apache2. thanks :) – Eric Uldall Jun 18 '14 at 03:11
Winner winner chicken dinner – Ryan Kinal Jul 22 '14 at 20:56

score 26 · Answer 3 · answered Aug 15 '11 at 14:55

26

Maybee adding this will make it work, how are you connecting to upstream? http, fastcgi or something else?

http {
    ...
    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;
}

answered Aug 15 '11 at 14:55

Linus Unnebäck

23,234
15
74
89

phusion passenger is not using fastcgi at all, it is a a direct part of the nginx process, so this will NOT help at al in his case. – christianparpart Jan 17 '12 at 14:29
Oh shit! You're absolutely right, stupid mistake from my side :) – Linus Unnebäck Jan 18 '12 at 13:45
7

Thanks for this. It worked great for my fastcgi implementation. – Tegan Snyder Jul 16 '12 at 00:42
1

This helped me two with my Wordpress nGinX configuration. – Adam Bertram Jul 04 '13 at 16:22
3

Works great for php-fpm header issues. – Mahn Oct 26 '13 at 18:45

score 6 · Answer 4 · answered Jan 17 '12 at 19:27

6

fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;

answered Jan 17 '12 at 19:27

Unitech

5,781
5
40
47

ppostma1 · Answer 5 · 2015-11-23T18:33:48.813

This is everything I have come to understand about this error in the last 2 years:

upstream sent too big header while reading response header from upstream is nginx's generic way of saying "I don't like what I'm seeing"

Your upstream server thread crashed
The upstream server sent an invalid header back
The Notice/Warnings sent back from STDERR broke their buffer and both it and STDOUT were closed

3: Look at the error logs above the message, is it streaming with logged lines preceding the message? PHP message: PHP Notice: Undefined index: Example snippet from a loop my log file:

2015/11/23 10:30:02 [error] 32451#0: *580927 FastCGI sent in stderr: "PHP message: PHP Notice:  Undefined index: Firstname in /srv/www/classes/data_convert.php on line 1090
PHP message: PHP Notice:  Undefined index: Lastname in /srv/www/classes/data_convert.php on line 1090
... // 20 lines of same
PHP message: PHP Notice:  Undefined index: Firstname in /srv/www/classes/data_convert.php on line 1090
PHP message: PHP Notice:  Undefined index: Lastname in /srv/www/classes/data_convert.php on line 1090
PHP message: PHP Notice:
2015/11/23 10:30:02 [error] 32451#0: *580927 FastCGI sent in stderr: "ta_convert.php on line 1090
PHP message: PHP Notice:  Undefined index: Firstname

you can see in the 3rd line (from the 20 previous errors) the buffer limit was hit, broke, and the next thread wrote in over it. Nginx then closed the connection and returned 502 to the client.

2: log all the headers sent per request, review them and make sure they conform to standards (nginx does not permit anything older than 24 hours to delete/expire a cookie, sending invalid content length because error messages were buffered before the content counted...)

examples include:

<?php
//expire cookie
setcookie ( 'bookmark', '', strtotime('2012-01-01 00:00:00') );
// nginx will refuse this header response, too far past to accept
....
?>

and this:

<?php
header('Content-type: image/jpg');
?>

<?php   //a space was injected into the output above this line
header('Content-length: ' . filesize('image.jpg') );
echo file_get_contents('image.jpg');
// error! the response is now 1-byte longer than header!!
?>

1: verify, or make a script log, to ensure your thread is reaching the correct end point and not exiting before completion.

score 0 · Answer 6 · answered May 20 '16 at 15:34

I thought I'd chime in with my solution since I don't see it currently listed. Turns out I was unintentionally putting a large object into the session, as shown below.

session["devise.#{provider}_data"] = env["omniauth.auth"]

This only happened when somebody first authenticated with GitHub OAuth and subsequently tried to authenticate with another social profile that used the same email (why I couldn't originally figure out the issue).

Here's the full OmniauthCallbacksController for contextual reference:

class OmniauthCallbacksController < Devise::OmniauthCallbacksController

  def self.provides_callback_for(provider)
    class_eval %Q{
      def #{provider}
        @user = User.from_omniauth(request.env["omniauth.auth"])
        if @user.persisted?
          sign_in_and_redirect @user, event: :authentication
          set_flash_message(:notice, :success, kind: "#{provider}".capitalize) if is_navigational_format?
        else
          auth = request.env["omniauth.auth"]
          if User.exists?(email: auth.info.email)
            set_flash_message(:notice, :failure, kind: "#{provider}".capitalize, reason: "email " + auth.info.email + " already exists") if is_navigational_format?
          else
            set_flash_message(:notice, :error, kind: "#{provider}".capitalize) if is_navigational_format?
          end
          session["devise.#{provider}_data"] = env["omniauth.auth"] <----- Remove this line
          redirect_to new_user_registration_path
        end
      end
    }
  end

  [:github, :linkedin, :google_oauth2].each do |provider|
    provides_callback_for provider
  end
end

All was well once I removed the offending line. I am guessing I had it in there for debugging purposes.

How to avoid nginx "upstream sent too big header" errors?

6 Answers6

Linked