Body size error

[llomgui]

Describe the bug
I got errors during a POST with a body size > 1mb.
It keeps returning error 500 with the following log:
2024/03/27 09:36:48 [error] 73#73: *5036785 client intended to send too large body: 1379677 bytes, client: X.X.X.X, server: example.com, request: "POST /path HTTP/1.1", subrequest: "/_jwks_uri", host: "example.com", referrer: "https://example.com/referrer"

To Reproduce
Steps to reproduce the behavior:

1. Setup oidc policy, assign it to your virtualserver
2. Generate calls with body size > 1mb
3. See error

Expected behavior
No error because client-max-body-size: 128M is set in configmap and is also present in location / in VS generated file.

Your environment

• Using Nginx Ingress v3.5.0
• Version of Kubernetes v1.28.6
• Kubernetes platform OKD
• Using NGINX Plus

Cause
As you can see in the log, there is a subrequest to /_jwks_uri : https://github.com/nginxinc/kubernetes-ingress/blob/main/internal/configs/oidc/oidc.conf#L9
The solution would be to inject client_max_body_size in this location, or set client_max_body_size on the server directive instead of location. https://github.com/nginxinc/kubernetes-ingress/blob/main/internal/configs/version2/nginx-plus.virtualserver.tmpl#L79
If you wan to inject client_max_body_size on the server directive, you also need to move the struct to Server https://github.com/nginxinc/kubernetes-ingress/blob/main/internal/configs/version2/http.go#L170

[github-actions]

Hi @llomgui thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

[vepatel]

Hi @llomgui ,thanks for the opening the issue! We will be discussing this issue in out next triage meeting on Monday 8th April, please feel free to join if you'd like (Zoom details are on the project homepage).
-Venktesh

[vepatel]

Hi @llomgui we use a reference implementation here so user is free to make changes:

1. https://docs.nginx.com/nginx-ingress-controller/tutorials/oidc-custom-configuration/ OR
2. https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#using-snippets

[jasonwilliams14]

@llomgui A simple example while we look at this, would look like this (using snippets)

apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: webapp
spec:
  host: webapp.example.com
  tls:
    secret: tls-secret
    redirect:
      enable: true
  server-snippets: |
    client_max_body_size 100m;
  upstreams:
    - name: webapp
      service: webapp-svc
      port: 80
    - name: coffee
      service: coffee-svc
      port: 80
  routes:
    - path: /tea
      policies:
      - name: oidc-policy
      action:
        proxy:
          rewritePath: /
          upstream: webapp
    - path: /coffee
      action:
        pass: coffee

That snippet will set client_max_body_size in the server context of NGINX Ingress.

HTH

[j1m-ryan]

Did the snippet solution work for you @llomgui?

[llomgui]

Did the snippet solution work for you @llomgui?

Hello, no the solution is to override oidc.conf file using a mounted configmap.
The snippet only override the VS part, not /_jwks_uri path.