From ebfa591484472b52ac572e4f2df4cad7299a32e8 Mon Sep 17 00:00:00 2001
From: julian <julian@jsts.xyz>
Date: Fri, 26 May 2023 03:25:22 +0200
Subject: [PATCH] Use larger buf. size to fix 502s sometimes occur. when going
 through PVE

---
 playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf b/playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf
index 5c4d6d2..16b57b7 100644
--- a/playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf
+++ b/playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf
@@ -23,6 +23,15 @@ server {
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000" always;
 
+    # To not have 502s sometimes when logging through PVE use bigger buffer_sizes.
+    # The error seemed to occur after logging in and out and in. Maybe related
+    # to Keycloak logout settings, but probably not.
+    # See:
+    # https://stackoverflow.com/questions/56126864/why-do-i-get-502-when-trying-to-authenticate
+    # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size
+    proxy_buffer_size 128k;
+    proxy_buffers 8 128k;
+
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-Host $host;
     proxy_set_header X-Real-IP $remote_addr;