5

We are using kubernetes/ingress-nginx for our Azure AKS instance. I have a URI that is 9kb long approximately (it contains a post_logout_redirect_uri and a very long id_token_hint for our Identity server, running in .Net core 2.2).

However, I cannot get past the ingress as nginx is rejecting the query with 414 URI Too Long. I can see the request in the Nginx logs but not on the Identity server logs, so it is clearly getting bounced before.

I have tried to update the nginx configuration using config map, but without success. The settings are applied (and have helped me fix other issues before). However, in this case nothing I try seems to have worked. Here is the config map I'm using:

apiVersion: v1
data:
  http2-max-header-size: "64k"
  http2-max-field-size: "32k"
  proxy-body-size: "100m"
  client-header-buffer-size: "64k"
  large-client-header-buffers: "4 64k"
kind: ConfigMap
metadata:
  name: nginx-ingress-controller
  namespace: kube-system

Here are the ingress annotations for the Identity server:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example-ingress-name
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/send_timeout: "180"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "180"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "180"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "180"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-headers: "authorization,content-type"
    nginx.ingress.kubernetes.io/proxy-body-size: 250m
    nginx.ingress.kubernetes.io/proxy-buffer-size: "64k"

Finally, if I check the nginx config on the pod it does contain my updated values, in the global config section.

...
 keepalive_timeout  75s;
 keepalive_requests 100;

 client_body_temp_path           /tmp/client-body;
 fastcgi_temp_path               /tmp/fastcgi-temp;
 proxy_temp_path                 /tmp/proxy-temp;
 ajp_temp_path                   /tmp/ajp-temp;

 client_header_buffer_size       64k;
 client_header_timeout           60s;
 large_client_header_buffers     4 64k;
 client_body_buffer_size         8k;
 client_body_timeout             60s;

 http2_max_field_size            32k;
 http2_max_header_size           64k;
 http2_max_requests              1000;

 types_hash_max_size             2048;
 server_names_hash_max_size      1024;
 server_names_hash_bucket_size   64;
 map_hash_bucket_size            64;

 proxy_headers_hash_max_size     512;
 proxy_headers_hash_bucket_size  64;

 variables_hash_bucket_size      128;
 variables_hash_max_size         2048;

 underscores_in_headers          off;
 ignore_invalid_headers          on;
...

Any info or suggestions would be appreciated, thanks!

Tim Trewartha
  • 364
  • 3
  • 10
  • I would suggest checking this SO [What is the maximum length of a URL in different browsers?](https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers) – Crou Jul 19 '19 at 14:12
  • Yeah, that's not the problem. Chrome can support the URL (it's not too long). It's definitely something on the nginx side of things. Oh well, we are using a workaround for now. – Tim Trewartha Aug 02 '19 at 08:26
  • 1
    @TimTrewartha - please share the workaround used for it. – Karan Jan 15 '21 at 06:59
  • @Karan I don't think workaround was actually the right word. We basically modified our application code so that it no longer requires such a long URI. So basically avoiding the problem rather than any actual solution or workaround. I have not looked at this again since either. Good luck, do share if you find the solution. – Tim Trewartha Jan 28 '21 at 06:56
  • @TimTrewartha, did you manage to solve this issue ? – mario Mar 16 '21 at 21:30

2 Answers2

1

I also tried the following annotations:

nginx.ingress.kubernetes.io/large_client_header_buffers: 200m
nginx.ingress.kubernetes.io/proxy-body-size: 200m

They didn't help, what did help is the snippet I added in the Ingress controller yaml:

nginx.ingress.kubernetes.io/server-snippet: |
  http2_max_header_size 256k;
  http2_max_field_size 256k;
Omer
  • 15
  • 4
-4

To fix this issue edit your nginx.conf. Open the Terminal or login to the remote server using ssh client. Type the following command to edit your nginx.conf using a text editor such as vi or joe or nano:

# vi /etc/nginx/nginx.conf

Use nano text editor:

$ sudo nano /etc/nginx/nginx.conf

Must be run as root:

# vi /usr/local/nginx/conf/nginx.conf

Add the following line to http or server or location context to increase the size limit in nginx.conf, enter:

# set client body size to 2M #
client_max_body_size 2M;

The client_max_body_size directive assigns the maximum accepted body size of client request, indicated by the line Content-Length in the header of request. If size is greater the given one, then the client gets the error “Request Entity Too Large” (413). Save and close the file. Reload the nginx webserver, enter:

# /usr/local/nginx/sbin/nginx -s reload

Use nginx itself to reload it:

# /sbin/nginx -s reload

For RHEL/CentOS/Debian/Ubuntu Linux, try:

# service nginx reload

If you are using systemd based system run:

$ sudo systemctl reload nginx.service

References:

PinkSheep
  • 415
  • 2
  • 4
  • 12