ERROR

Troubleshooting Guide: Nginx 'upstream sent too big header' Error

Quick Fix Summary

TL;DR

Increase `proxy_buffer_size` and `proxy_buffers` directives in your Nginx location or server block.

Nginx receives a response header from the upstream server (e.g., PHP-FPM, Node.js, another proxy) that exceeds its configured buffer size. This causes Nginx to terminate the request and log the error.

Diagnosis & Causes

  • Upstream application sets large cookies or session data.
  • Proxy or FastCGI buffer sizes are set too low (default 4k/8k).
  • Upstream sends extensive custom headers or redirect chains.
  • SSL/TLS handshake data inflates header size.
  • Misconfigured `proxy_hide_header` or `fastcgi_hide_header`.

    • Recovery Steps

    1

    Step 1: Confirm the Error in Logs

    Locate and examine the Nginx error log to confirm the exact error message and identify the problematic upstream.

    bash 
    tail -f /var/log/nginx/error.log
grep -i "upstream sent too big header" /var/log/nginx/error.log
    2

    Step 2: Increase Proxy Buffer Size (for proxy_pass)

    If using `proxy_pass`, increase the buffer size for reading the response header from the upstream server. Apply this within the relevant `location`, `server`, or `http` block.

    nginx 
    location /api/ {
    proxy_pass http://backend_server;
    proxy_buffer_size 16k;
    proxy_buffers 4 16k;
}
    3

    Step 3: Increase FastCGI Buffer Size (for php-fpm)

    If using PHP-FPM via `fastcgi_pass`, adjust the FastCGI buffer directives. This is a common fix for WordPress or Laravel applications.

    nginx 
    location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
    fastcgi_buffer_size 16k;
    fastcgi_buffers 4 16k;
}
    4

    Step 4: Increase uWSGI Buffer Size (for uwsgi_pass)

    For Python applications using uWSGI, adjust the `uwsgi_buffer_size` and `uwsgi_buffers` directives.

    nginx 
    location / {
    uwsgi_pass unix:/tmp/uwsgi.sock;
    uwsgi_buffer_size 16k;
    uwsgi_buffers 4 16k;
}
    5

    Step 5: Test Configuration and Reload

    Always test your Nginx configuration syntax before applying changes to avoid taking down the server.

    bash 
    nginx -t
systemctl reload nginx
    6

    Step 6: Investigate Upstream Header Bloat

    If increasing buffers doesn't resolve the issue, the upstream application itself may be generating excessively large headers. Use `curl -I` or browser dev tools to inspect the response headers.

    bash 
    curl -I https://your-domain.com/
# Look for large 'Set-Cookie', 'Location', or custom headers

    Architect's Pro Tip

    "Set `proxy_buffer_size` to match your largest expected header (e.g., 32k), but keep `proxy_buffers` count low (e.g., 4). This is more efficient than many small buffers."

    Frequently Asked Questions

    What's the difference between `proxy_buffer_size` and `proxy_buffers`?

    `proxy_buffer_size` sets the size of the buffer for reading the FIRST part of the response (including headers). `proxy_buffers` sets the number and size of buffers for reading the REST of the response body.

    Can I just set these buffers to a very large value like 1M?

    Yes, but it's inefficient. Excessively large buffers increase memory usage per connection. Diagnose the actual header size needed and set a reasonable buffer (e.g., 16k, 32k) with a safety margin.

    Why do I see this error only sometimes?

    It's often triggered by specific user sessions with large cookies, or after login when authentication tokens are added. The header size varies per request.

    Related Nginx Guides

    AH01071

    How to Fix Nginx AH01071: Got error 'Primary script unknown' (PHP-FPM 2026)
    SSL_do_handshake() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading)

    How to Fix Nginx SSL Handshake EOF Error in 2025
    SSL_do_handshake() failed

    How to Fix Nginx SSL Handshake Failed (SSL_do_handshake) in 2025