From 3caa4c4aa492dd1ee51a111836365790c63bdee1 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Wed, 1 Feb 2023 12:25:57 +0300
Subject: fix(ops/www): increase buffer memory size for auth.tvl.fyi

Keycloak seems to have decided today that it will now send headers
that are larger than what the nginx default configuration can handle.

The numbers are a mix of made up and taken from random nginx voodoo
posts on the internet, so they're as good a guess as anyone's.

Change-Id: If037bcba48eee371cc96304b150276c669930c75
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7992
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
---
 ops/modules/www/auth.tvl.fyi.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ops/modules/www/auth.tvl.fyi.nix b/ops/modules/www/auth.tvl.fyi.nix
index 821cb59a0a..a068f02365 100644
--- a/ops/modules/www/auth.tvl.fyi.nix
+++ b/ops/modules/www/auth.tvl.fyi.nix
@@ -12,6 +12,10 @@
       forceSSL = true;
 
       extraConfig = ''
+        # increase buffer size for large headers
+        proxy_buffers 8 16k;
+        proxy_buffer_size 16k;
+
         location / {
           proxy_pass http://localhost:${toString config.services.keycloak.settings.http-port};
           proxy_set_header X-Forwarded-For $remote_addr;
-- 
cgit 1.4.1