docs: upstream sent too big header while reading response header from upstream (#8466)

# Which Problems Are Solved - If you operate Zitadel behind a Reverse Proxy or Ingress inside a Kubernetes cluster, you may encounter an Error like `upstream sent too big header while reading response header from upstream` - The Docs explain how to solve it # How the Problems Are Solved - Adding Troubleshooting Docs for too big upstream header, so people that search for it find a solution. --------- Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-11-22 00:39:36 +00:00 · 2024-09-12 12:22:06 +02:00 · 2024-09-12 12:22:06 +02:00 · 0db92c69d4
commit 0db92c69d4
parent 87e8ac48ae
2 changed files with 44 additions and 1 deletions
--- a/docs/docs/self-hosting/deploy/troubleshooting/_upstream_header.mdx
+++ b/docs/docs/self-hosting/deploy/troubleshooting/_upstream_header.mdx
@ -0,0 +1,37 @@
+If you operate Zitadel behind a Reverse Proxy or Ingress inside a Kubernetes cluster, 
+you may encounter an Error like `upstream sent too big header while reading response header from upstream`
+in your NGINX Logs and receive a 403 Error when accessing NGINX.
+
+you can solve it by increasing the grpc buffer size in your nginx config:
+
+### Ingress NGINX
+```yaml
+ingress:
+enabled: true
+annotations:
+    nginx.ingress.kubernetes.io/modsecurity-snippet: |
+        SecRuleRemoveById 949110
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+        grpc_set_header Host $host;
+        more_clear_input_headers "Host" "X-Forwarded-Host";
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
+    # highlight-next-line
+    nginx.ingress.kubernetes.io/server-snippet: "grpc_buffer_size 8k;"
+```
+### NGINX Config
+```nginx
+    http {
+        server {
+            listen 80;
+            http2 on;
+            location / {
+                grpc_pass grpc://zitadel-disabled-tls:8080;
+                grpc_set_header Host $host:$server_port;
+                # highlight-next-line
+                grpc_buffer_size 8k;
+            }
+        }
+    }
+```
--- a/docs/docs/self-hosting/deploy/troubleshooting/troubleshooting.mdx
+++ b/docs/docs/self-hosting/deploy/troubleshooting/troubleshooting.mdx
@ -3,8 +3,14 @@ title: Troubleshoot ZITADEL
 ---

 import InstanceNotFound from '/docs/self-hosting/deploy/troubleshooting/_instance_not_found.mdx';
+import UpstreamHeader from '/docs/self-hosting/deploy/troubleshooting/_upstream_header.mdx'

 ## Instance not found


-<InstanceNotFound/>
+<InstanceNotFound/>
+
+
+## upstream sent too big header while reading response header from upstream
+
+<UpstreamHeader/>