uwsgi: Increase request buffer size to 64k, from 8k default.

The default value in uwsgi is 4k; receiving more than this amount from
nginx leads to a 502 response (though, happily, the backend uwsgi does not
terminate).

ab18dbfde5 originally increased it from the unstated uwsgi default
of 4096, to 8192; b1da797955 made it configurable, in order to allow
requests from clients with many cookies, without causing 502's[1].

nginx defaults to a limitation of 1k, with 4 additional 8k header
lines allowed[2]; any request larger than that returns a response of
`400 Request Header Or Cookie Too Large`.  The largest header size
theoretically possible from nginx, by default, is thus 33k, though
that would require packing four separate headers to exactly 8k each.

Remove the gap between nginx's limit and uwsgi's, which could trigger
502s, by removing the uwsgi configurability, and setting a 64k size in
uwsgi (the max allowable), which is larger than nginx's default limit.

uWSGI's documentation of `buffer-size` ([3], [4]) also notes that "It
is a security measure too, so adapt to your app needs instead of
maxing it out."  Python has no security issues with buffers of 64k,
and there is no appreciable memory footprint difference to having a
larger buffer available in uwsgi.

[1]: https://chat.zulip.org/#narrow/stream/31-production-help/topic/works.20in.20Edge.20not.20Chrome/near/719523
[2]: https://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size
[3]: https://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
[4]: https://uwsgi-docs.readthedocs.io/en/latest/Options.html#buffer-size

docs/production/deployment.md

@@ -691,10 +691,6 @@ all at once. This decreases the number of 502's served to clients, at
 the cost of slightly increased memory usage, and the possibility that
 different requests will be served by different versions of the code.
 
-#### `uwsgi_buffer_size`
-
-Override the default uwsgi buffer size of 8192.
-
 #### `uwsgi_listen_backlog_limit`
 
 Override the default uwsgi backlog of 128 connections.

puppet/zulip/manifests/app_frontend_base.pp

@@ -120,7 +120,6 @@ class zulip::app_frontend_base {
   }
 
   $uwsgi_listen_backlog_limit = zulipconf('application_server', 'uwsgi_listen_backlog_limit', 128)
-  $uwsgi_buffer_size = zulipconf('application_server', 'uwsgi_buffer_size', 8192)
   $uwsgi_processes = zulipconf('application_server', 'uwsgi_processes', $uwsgi_default_processes)
   $somaxconn = 2 * Integer($uwsgi_listen_backlog_limit)
   file { '/etc/zulip/uwsgi.ini':

puppet/zulip/templates/uwsgi.ini.template.erb

@@ -38,8 +38,10 @@ harakiri=20
 
 
 
-# Size of HTTP headers to read
-buffer-size=<%= @uwsgi_buffer_size %>
+# Default buffer for client HTTP headers is 4k, and nginx gets a 502
+# if the client sends more.  Set this high; nginx limits headers to
+# 32k, and will 400 requests with more than that.
+buffer-size=65535
 
 # The master process will buffer requests with bodies longer than 4096
 # bytes, freeing up workers from hanging around waiting to read them.