[英]414 Request URI too long using Nginx Ingress on Kubernetes
We are using kubernetes/ingress-nginx
for our Azure AKS instance.我们将kubernetes/ingress-nginx
用于我们的 Azure AKS 实例。 I have a URI that is 9kb long approximately (it contains a post_logout_redirect_uri
and a very long id_token_hint
for our Identity server, running in .Net core 2.2).我有一个大约 9kb 长的 URI(它包含一个post_logout_redirect_uri
和一个非常长的id_token_hint
用于我们的身份服务器,在 .Net core 2.2 中运行)。
However, I cannot get past the ingress as nginx is rejecting the query with 414 URI Too Long
.但是,我无法通过入口,因为 nginx 拒绝了414 URI Too Long
的查询。 I can see the request in the Nginx logs but not on the Identity server logs, so it is clearly getting bounced before.我可以在 Nginx 日志中看到请求,但在身份服务器日志中看不到,所以它之前显然被退回了。
I have tried to update the nginx configuration using config map, but without success.我尝试使用配置映射更新 nginx 配置,但没有成功。 The settings are applied (and have helped me fix other issues before).应用了设置(并且之前帮助我解决了其他问题)。 However, in this case nothing I try seems to have worked.然而,在这种情况下,我尝试的一切似乎都没有奏效。 Here is the config map I'm using:这是我正在使用的配置图:
apiVersion: v1
data:
http2-max-header-size: "64k"
http2-max-field-size: "32k"
proxy-body-size: "100m"
client-header-buffer-size: "64k"
large-client-header-buffers: "4 64k"
kind: ConfigMap
metadata:
name: nginx-ingress-controller
namespace: kube-system
Here are the ingress annotations for the Identity server:以下是身份服务器的入口注释:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress-name
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/send_timeout: "180"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "180"
nginx.ingress.kubernetes.io/proxy-read-timeout: "180"
nginx.ingress.kubernetes.io/proxy-send-timeout: "180"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "authorization,content-type"
nginx.ingress.kubernetes.io/proxy-body-size: 250m
nginx.ingress.kubernetes.io/proxy-buffer-size: "64k"
Finally, if I check the nginx config on the pod it does contain my updated values, in the global config section.最后,如果我检查 pod 上的 nginx 配置,它确实包含我更新的值,位于全局配置部分。
...
keepalive_timeout 75s;
keepalive_requests 100;
client_body_temp_path /tmp/client-body;
fastcgi_temp_path /tmp/fastcgi-temp;
proxy_temp_path /tmp/proxy-temp;
ajp_temp_path /tmp/ajp-temp;
client_header_buffer_size 64k;
client_header_timeout 60s;
large_client_header_buffers 4 64k;
client_body_buffer_size 8k;
client_body_timeout 60s;
http2_max_field_size 32k;
http2_max_header_size 64k;
http2_max_requests 1000;
types_hash_max_size 2048;
server_names_hash_max_size 1024;
server_names_hash_bucket_size 64;
map_hash_bucket_size 64;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
variables_hash_bucket_size 128;
variables_hash_max_size 2048;
underscores_in_headers off;
ignore_invalid_headers on;
...
Any info or suggestions would be appreciated, thanks!任何信息或建议将不胜感激,谢谢!
I also tried the following annotations:我还尝试了以下注释:
nginx.ingress.kubernetes.io/large_client_header_buffers: 200m
nginx.ingress.kubernetes.io/proxy-body-size: 200m
They didn't help, what did help is the snippet I added in the Ingress controller yaml:他们没有帮助,帮助的是我在 Ingress 控制器 yaml 中添加的代码段:
nginx.ingress.kubernetes.io/server-snippet: |
http2_max_header_size 256k;
http2_max_field_size 256k;
To fix this issue edit your nginx.conf.要解决此问题,请编辑您的 nginx.conf。 Open the Terminal or login to the remote server using ssh client.打开终端或使用 ssh 客户端登录到远程服务器。 Type the following command to edit your nginx.conf using a text editor such as vi or joe or nano:键入以下命令以使用文本编辑器(例如 vi、joe 或 nano)编辑 nginx.conf:
# vi /etc/nginx/nginx.conf
Use nano text editor:使用 nano 文本编辑器:
$ sudo nano /etc/nginx/nginx.conf
Must be run as root:必须以 root 身份运行:
# vi /usr/local/nginx/conf/nginx.conf
Add the following line to http or server or location context to increase the size limit in nginx.conf, enter:将以下行添加到 http 或服务器或位置上下文以增加 nginx.conf 中的大小限制,输入:
# set client body size to 2M #
client_max_body_size 2M;
The client_max_body_size directive assigns the maximum accepted body size of client request, indicated by the line Content-Length in the header of request. client_max_body_size 指令分配客户端请求的最大可接受正文大小,由请求标头中的行 Content-Length 指示。 If size is greater the given one, then the client gets the error “Request Entity Too Large” (413).如果 size 大于给定的大小,则客户端会收到错误“请求实体太大”(413)。 Save and close the file.保存并关闭文件。 Reload the nginx webserver, enter:重新加载 nginx 网络服务器,输入:
# /usr/local/nginx/sbin/nginx -s reload
Use nginx itself to reload it:使用 nginx 本身重新加载它:
# /sbin/nginx -s reload
For RHEL/CentOS/Debian/Ubuntu Linux, try:对于 RHEL/CentOS/Debian/Ubuntu Linux,请尝试:
# service nginx reload
If you are using systemd based system run:如果您使用基于 systemd 的系统运行:
$ sudo systemctl reload nginx.service
References:参考:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.