From 0db92c69d4cd5974fdd5ff347684c540394abbf6 Mon Sep 17 00:00:00 2001
From: hofq <54744977+hofq@users.noreply.github.com>
Date: Thu, 12 Sep 2024 12:22:06 +0200
Subject: [PATCH] docs: upstream sent too big header while reading response
 header from upstream (#8466)

# Which Problems Are Solved


- If you operate Zitadel behind a Reverse Proxy or Ingress inside a
Kubernetes cluster,
you may encounter an Error like `upstream sent too big header while
reading response header from upstream`
- The Docs explain how to solve it

# How the Problems Are Solved

- Adding Troubleshooting Docs for too big upstream header, so people
that search for it find a solution.

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
---
 .../troubleshooting/_upstream_header.mdx      | 37 +++++++++++++++++++
 .../troubleshooting/troubleshooting.mdx       |  8 +++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 docs/docs/self-hosting/deploy/troubleshooting/_upstream_header.mdx

diff --git a/docs/docs/self-hosting/deploy/troubleshooting/_upstream_header.mdx b/docs/docs/self-hosting/deploy/troubleshooting/_upstream_header.mdx
new file mode 100644
index 0000000000..773e32aff7
--- /dev/null
+++ b/docs/docs/self-hosting/deploy/troubleshooting/_upstream_header.mdx
@@ -0,0 +1,37 @@
+If you operate Zitadel behind a Reverse Proxy or Ingress inside a Kubernetes cluster, 
+you may encounter an Error like `upstream sent too big header while reading response header from upstream`
+in your NGINX Logs and receive a 403 Error when accessing NGINX.
+
+you can solve it by increasing the grpc buffer size in your nginx config:
+
+### Ingress NGINX
+```yaml
+ingress:
+enabled: true
+annotations:
+    nginx.ingress.kubernetes.io/modsecurity-snippet: |
+        SecRuleRemoveById 949110
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+        grpc_set_header Host $host;
+        more_clear_input_headers "Host" "X-Forwarded-Host";
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
+    # highlight-next-line
+    nginx.ingress.kubernetes.io/server-snippet: "grpc_buffer_size 8k;"
+```
+### NGINX Config
+```nginx
+    http {
+        server {
+            listen 80;
+            http2 on;
+            location / {
+                grpc_pass grpc://zitadel-disabled-tls:8080;
+                grpc_set_header Host $host:$server_port;
+                # highlight-next-line
+                grpc_buffer_size 8k;
+            }
+        }
+    }
+```
\ No newline at end of file
diff --git a/docs/docs/self-hosting/deploy/troubleshooting/troubleshooting.mdx b/docs/docs/self-hosting/deploy/troubleshooting/troubleshooting.mdx
index 911aceace3..a778c23946 100644
--- a/docs/docs/self-hosting/deploy/troubleshooting/troubleshooting.mdx
+++ b/docs/docs/self-hosting/deploy/troubleshooting/troubleshooting.mdx
@@ -3,8 +3,14 @@ title: Troubleshoot ZITADEL
 ---
 
 import InstanceNotFound from '/docs/self-hosting/deploy/troubleshooting/_instance_not_found.mdx';
+import UpstreamHeader from '/docs/self-hosting/deploy/troubleshooting/_upstream_header.mdx'
 
 ## Instance not found
 
 
-<InstanceNotFound/>
\ No newline at end of file
+<InstanceNotFound/>
+
+
+## upstream sent too big header while reading response header from upstream
+
+<UpstreamHeader/>
\ No newline at end of file