"Request Header Or Cookie Too Large" in nginx with proxy_pass

Question

I have a following nginx setup on my server A (internet facing, only relevant parts):

upstream new_api {
  server unix:///home/ubuntu/new_api/shared/tmp/sockets/puma.sock;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;

  large_client_header_buffers 4 16k;

  ssl_certificate           /etc/nginx/cert.crt;
  ssl_certificate_key       /etc/nginx/cert.key;

  location ~ (^(/some/location|/some/other)) {
    proxy_pass http://new_api;
  }

  location / {
    proxy_pass https://serverB.com;
  }
}

Now, if I go to /some/location it is served fine with new api upstream. But with anything else I keep getting "400 Bad Request Request Header Or Cookie Too Large" from nginx. Even with curl with no cookies and only two short headers. Increasing large_client_header_buffers does not help.

The interesting part is that I don't see this request coming to Server B at all, so it gets cut off on Server A. Why? Can it be because of https protocol I'm proxy_passing to?

Also, before setting up Server A everything was going to Server B without any problems.

Answer 1

It turns out there was some mix-up with domain resolving (which I don't really understand), and as a result request to server B were passed to Server A instead. It kept adding its own IP to X-Forwarded-For header, until it exceeded max size - so the error message was actually correct.

To debug further, I used

tcpdump -n -S -s 0 -A 'tcp dst port 80' | grep -B3 -A10 "GET"