From bd0bae9f4881ba4a6d778cb7c348289947fc72ca Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Thu, 5 Jan 2023 20:56:57 +0100
Subject: [PATCH] keycloak: Bump buffer size to make room for response headers

Keycloak is apparently sending over 4k worth of response headers under
some circumstances (maybe when the client sends a stale cookie?), which
causes Nginx to return a 502 error and log "upstream sent too big header
while reading response header from upstream". This is likely also
related to this upstream issue[1]. So bump the buffer to 8k.

[1] https://github.com/keycloak/keycloak/issues/16181
---
 roles/keycloak/templates/nginx.d.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/keycloak/templates/nginx.d.conf.j2 b/roles/keycloak/templates/nginx.d.conf.j2
index 2d71a2f0d..02cc2b3c1 100644
--- a/roles/keycloak/templates/nginx.d.conf.j2
+++ b/roles/keycloak/templates/nginx.d.conf.j2
@@ -56,6 +56,7 @@ server {
         proxy_set_header    X-Forwarded-For    $remote_addr;
         proxy_set_header    X-Forwarded-Proto  $scheme;
         proxy_pass http://127.0.0.1:{{ keycloak_port }};
+        proxy_buffer_size 8k;
     }
 
     location = / {
-- 
GitLab