Got "502 Bad Gateway" on login callback when using NGINX reverse proxy

michael.samorokov · September 21, 2023, 11:25pm

hello!

I’m trying to integrate ASP.NET Core application with Auth0.
I’m using Auth0.AspNetCore.Authentication NuGet package following tutorial documentation by @andrea.chiarelli .
It works fine when I’m trying locally using https://localhost URL.

When I add a Nginx reverse proxy in front of the application several things happen.

If I try to terminate https on NGINX (application runs as http) the redirect URL constructed by LoginAuthenticationPropertiesBuilder is http.
This can be work around by modifying the URL in props or running the service itself with https.
After I login I get “502 Bad Gateway” from Nginx.
I tried adding ForwardedHeaders on startup, but it didn’t help.

Did someone else face this issue? It should be common as many applications run behind Nginx reverse proxy in production.

michael.samorokov · September 21, 2023, 11:48pm

Ok, I’ve figured it out.
Here is what I found in Nginx logs:

2023/09/21 23:35:10 [error] 2659942#2659942: *522258 upstream sent too big header while reading response header from upstream, client: 192.168.168.1, server: my.hostname, request: "POST /callback HTTP/2.0", upstream: "https://192.168.168.135:7176/callback", host: "my.hostname", referrer: "https://my-domain.us.auth0.com/"

So it works fine after adding this buffer config to Nginx:

server {
 proxy_busy_buffers_size   512k;
 proxy_buffers   4 512k;
 proxy_buffer_size   256k;
 # rest of the nginx config below #
}

Don’t forget to bump your Nginx memory

andrea.chiarelli · September 23, 2023, 7:25am

Glad to hear you were able to solve it, and thanks for sharing the solution

system · October 7, 2023, 7:25am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.