Issue
In a Traditional CloudBees CI cluster, my controllers are connected to an Operations Center and use SSO from the Operations Center as security realm. Each instance has it’s own NGINX Reverse Proxy configured to handle HTTPS. However, logging out from a Client Controller doesn’t redirect me to the Operations Center login page. Instead, I hit a 502 error.
I cannot find anything related to this issue in the logs from the controllers nor the Operations Center. When I check the NGINX error logs I see the following message where the upstream comes from my controller’s /logout endpoint.
[error] 1403#1403: *75524 upstream sent too big header while reading response header from upstream
Environment
-
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
-
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
-
NGINX Reverse Proxy configured to enable HTTPS
Summary
A "too big header error" produces a 502 Bad Gateway error, because NGINX gets an "invalid" response from the server. This error is pretty common in NGINX because the default buffer size is not big (4k or 8k depending on the platform).
Resolution
Adjust the proxy_buffer_size in all of your instances' proxies. We recommend that you try different values in multiples of 8k/16k/32k… until you find a value that fits your environment. You can find more information about the proxy_buffer_size property in this piece of documentation about NGINX HTTP Proxy.