Added client_max_body_size to authPath location #813
Conversation
Seems like nginx denies the request because it would be over the max body size, event if `proxy_pass_request_body` is `off`. This fixes 811
k8s-ci-robot
added
the
cncf-cla: yes
|
This change is |
|
@olvesh I think we need to fix the real issue here, i.e. why the auth block is passing the body. |
|
@olvesh can you test moving this line 383 to line 349 (before the auth section) and remove the line you added? I think the issue here is that we need to accept the request first, that works because we are setting the max size before the proxy_pass directive but we need to move the configuration before the auth_request. |
|
Tried your suggestion and it does not work. Still this error in log file: Relevant config result here: https://gist.github.com/olvesh/42bf8a6769e6fc41d07bfb9a6c710fc6 Nginx preemptively stops the request since it knows it will be to big given that it is a sub request. I think the logic here is that since it is an internal call Nginx can see that it will exceed the max body size, but it does not know that send_body is off thus denying the subrequest. It could be put outside of the |
We cannot do that because it removes the feature of custom body size per path |
|
@olvesh thanks! |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
@olvesh I need to check if the auth_request is passing the body but I think this PR improves the current situation |
|
@aledbf Thanks! |
|
@aledbf btw, when will you (someone) cut a new beta of the ingress controller? Would like to drop the local snowflake we have now :-) |
|
@olvesh after completing this list https://github.com/kubernetes/ingress/projects/3 |
Seems like nginx denies the request because it would be over the max body size,
even if
proxy_pass_request_bodyisoff.This fixes #811
Not sure if it is straight forward to build tests for this. Hope this is ok as it is. For me this fixed my issues at least. Built a docker image and swapped the official one for one with this fix and it works.