viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

traefik: bump auth-proxy nginx header buffers to handle Authentik cookie pile

Browse source 
Browsers accumulate one authentik_proxy_<random> cookie per Authentik
Proxy Provider under viktorbarzin.me (Path=/). With 30+ services the
combined Cookie header exceeds nginx's default 4 x 8k
large_client_header_buffers and trips '431 Request Header Fields Too
Large' at the forward-auth nginx (traefik/auth-proxy).

Bumped to:
  client_header_buffer_size 8k
  large_client_header_buffers 8 64k

Matches the pattern used on the London Flint 2 router nginx
(memory id=647).
This commit is contained in:
Viktor Barzin 2026-05-23 08:34:33 +00:00
parent 7f63d35d0a
commit 6f4a569d1c
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
stacks/traefik/modules/traefik/main.tf
View file

@ -688,6 +688,14 @@ resource "kubernetes_config_map" "auth_proxy_config" {
server {
listen 9000;
# Browsers accumulate one authentik_proxy_<random> cookie per Authentik
# Proxy Provider on the parent domain. With 30+ services under
# viktorbarzin.me the combined Cookie header exceeds nginx's default
# 4 x 8k large_client_header_buffers and trips "Too big request header"
# (431). Bump to 8 x 64k so the auth check accepts the pile.
client_header_buffer_size 8k;
large_client_header_buffers 8 64k;
location /outpost.goauthentik.io/auth/traefik {
proxy_pass http://authentik;
proxy_connect_timeout 3s;