Hello, we have GoodData docker running in our deve...
# gooddata-cn
Hello, we have GoodData docker running in our development environments and those are configured to use our own IdP so that we can use same token as our main application. In some cases the authentication token is larger and we end up into 503 error in user interface. Logs tell us that the header is too large for the nginx:
Copy code
2023/03/22 12:00:09 [error] 2155#2155: *17315 upstream sent too big header while reading response header from upstream, client:, server: _, request: "GET /login/oauth2/code/...
Is there any way to increase the maximum header size for the docker?
the built-in nginx has
set to 16k. Currently there's no way how to override this limit on customer side, without building custom image based on gooddata-cn-ce image.
Ok, thanks! Do we have similar limit in the cloud ?
Hi Juha-Pekka, the same limitation is present in Cloud as well.
It should not be a problem to increase it. @Juha-Pekka Laine - do you have estimate, how many bytes the request headers have AND how big is the longest header (
I guess)
I need to check how big those might be. We have some special rules in Auth0 that will actually increase the size of authentication and identification token. We can do something to reduce the size, as we have identified already the challenge with large tokens.
great, please let us know if you find approximate sizes
It actually is the cookie
This actually does not happen always, but randomly. Clearing cookies helps. And you know why? Because for example www.gooddata.com adds all kinds of extra stuff there because it´s under the same domain. So the session related headers are relatively large, but then when you add stuff from website (or in the container versions from our domain), it grows too large:
I identified error in our code and will file an issue. Thanks for reporting. Based on our assumptions, all services should accept 16kB long headers. Unfortunately some of them accept at most 8kB. 😞
✔️ 1
Thanks for investigating this. In the meanwhile, we try to apply some tricks to keep it under 8k. In microservice backend we need to have extra authorization info there, but maybe we can do something