Nginx Header size issues help.

[ameeno]

Hi,

I am currently using Nginx Proxy Manager to host my Docker services and have deployed Authelia alongside for TOTP authentication. I am following the snippets provided by the Authelia documentation for Nginx Proxy Manager, and most things work well, but two of my applications are not functioning properly.

I believe that these issues are due to header size and proxy buffer problems. When I use the services without Authelia or access them directly via IP and port, Nginx Proxy Manager does not cause any issues. However, when I use Authelia, I encounter problems with the following services:

1. Firefly Data Importer: This service has a large string in the token header that needs to be passed for it to work. I have found that I need to increase the proxy buffer size for it to work properly. I have added the necessary values into the Nginx Proxy Manager config, and it works fine without Authelia. However, it does not work with both the values and Authelia together. The values I need are:

proxy_buffer_size       128k;
proxy_buffers           4 256k;
proxy_busy_buffers_size 256k;

2. Portainer: This service works fine with and without Authelia, but I am unable to connect to terminal sessions with Authelia. The following values are supposed to fix the problem, but they do not work with Authelia:

large_client_header_buffers 4 16k;

It seems that both of these issues are related to proxy buffer sizes, and the Authelia snippets on the Nginx documentation seem to make the buffers smaller. Do you have any ideas on how I can fix this?

[ameeno]

Another thing i have found is nginx-proxy-managers websocket support gets ignored when using advanced configs like authelia.

[james-d-elliott]

I'd try commenting the authelia ones, use the ones you had working. The only critical ones are the X-* headers, and the auth_request directives from memory.

[ameeno]

Hello James,

Thanks, i did try this solution you suggested before (commenting proxy buffer and using my own in a separate snippet)
However i kept getting error 500 errors.

When looking at the authelia logs, i noticed that the buffer size for both reads & writes was too small by default (just 4096k)

I read up on the authelia website and found: https://www.authelia.com/configuration/prologue/common/#server-buffers
and an example cfg: https://www.authelia.com/configuration/miscellaneous/server/#configuration
So I changed the server.buffer.read size and server.buffer.write size to 16384, and firefly importer is now working!

Still not able to get the portainer to work exec tho :(

[ameeno]

OK, I finally fixed the portainer (and other container issue).

In a nutshell, when using the authelia advanced config snippets, you overwrite any nginx websocket enable settings, so they are disabled,

to fix this you must re add the socket settings by adding this config:

    # enable websocket
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";

My combined solution so far is therefore:

1. modify authelia server configuration read/write buffers to be larger than the default 4096k using the configuration.yaml file changes:

server:
  buffers:
    read: 16384
    write: 16384

2. Increase the buffer sizes in the snippet files for nginx to the larger buffers you will need.

(depends on your needs, but simply comment and replace values)

3. restore websocket functionality to the nginx hosts that need websocket enabled by adding the following lines to advanced config inside your location '/'

    # enable websocket
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";

I Hope this helps someone :)