about summary refs log tree commit diff
path: root/ops/modules/www
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2023-02-01T09·25+0300
committertazjin <tazjin@tvl.su>2023-02-01T09·30+0000
commit3caa4c4aa492dd1ee51a111836365790c63bdee1 (patch)
treee33b59f87adccd5bdb388209f85d099a9bbe75fe /ops/modules/www
parent5f62cd1ad5a1217ea6b47ec826908d0b298925a9 (diff)
fix(ops/www): increase buffer memory size for auth.tvl.fyi r/5798
Keycloak seems to have decided today that it will now send headers
that are larger than what the nginx default configuration can handle.

The numbers are a mix of made up and taken from random nginx voodoo
posts on the internet, so they're as good a guess as anyone's.

Change-Id: If037bcba48eee371cc96304b150276c669930c75
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7992
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
Diffstat (limited to 'ops/modules/www')
-rw-r--r--ops/modules/www/auth.tvl.fyi.nix4
1 files changed, 4 insertions, 0 deletions
diff --git a/ops/modules/www/auth.tvl.fyi.nix b/ops/modules/www/auth.tvl.fyi.nix
index 821cb59a0aa5..a068f023658e 100644
--- a/ops/modules/www/auth.tvl.fyi.nix
+++ b/ops/modules/www/auth.tvl.fyi.nix
@@ -12,6 +12,10 @@
       forceSSL = true;
 
       extraConfig = ''
+        # increase buffer size for large headers
+        proxy_buffers 8 16k;
+        proxy_buffer_size 16k;
+
         location / {
           proxy_pass http://localhost:${toString config.services.keycloak.settings.http-port};
           proxy_set_header X-Forwarded-For $remote_addr;