A Web Developer’s Blog
There is a fairly severe bug here Ingress-nginx CVE-2025-1974
My understanding is that it is a privilege escalation bug within Kubernetes - and given that I work for a very small team where actually I’m the only one with access - I don’t think I’m immediately vulnerable.
But my understanding is limited and I’m a fan of defence in depth so it’s time to upgrade.
My Laravel site was working just fine yesterday but after a code-only update today I was seeing 502 errors on some pages
upstream sent too big header while reading response header from upstream, client:
While the solution was hard to find it was easy to implement.
So far on my Kubernetes journey I’ve only ever had one container per pod.
But I needed to run php-fpm fronted by nginx - with static assets served direct by nginx.
A lot of online examples skip this complexity by serving both php and static assets via Apache.
While it seemed complex at first - like a lot of Kubernetes it’s fairly straightforward once you have made the leap.