diff --git a/kubernetes/apps/auth/authentik/app/helmrelease.yaml b/kubernetes/apps/auth/authentik/app/helmrelease.yaml
index dc873412..69c23612 100644
--- a/kubernetes/apps/auth/authentik/app/helmrelease.yaml
+++ b/kubernetes/apps/auth/authentik/app/helmrelease.yaml
@@ -54,6 +54,13 @@ spec:
         nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
         nginx.org/websocket-services: authentik
         nginx.ingress.kubernetes.io/enable-global-auth: "false"
+        nginx.ingress.kubernetes.io/client-body-buffer-size: 256k
+        nginx.ingress.kubernetes.io/client-header-buffer-size: "256k"
+        nginx.ingress.kubernetes.io/large-client-header-buffers: "4 256k"
+        nginx.ingress.kubernetes.io/proxy-buffer-size: "256k"
+        nginx.ingress.kubernetes.io/server-snippet: |
+          client_header_buffer_size 256k;
+          large_client_header_buffers 4 256k;
         hajimari.io/icon: mdi:account-lock
         hajimari.io/enable: "true"
       hosts:
diff --git a/kubernetes/apps/ingress/nginx/external/helmrelease.yaml b/kubernetes/apps/ingress/nginx/external/helmrelease.yaml
index 6f84c0b7..6778d012 100644
--- a/kubernetes/apps/ingress/nginx/external/helmrelease.yaml
+++ b/kubernetes/apps/ingress/nginx/external/helmrelease.yaml
@@ -58,9 +58,6 @@ spec:
       # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap
       config:
         block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
-        client-body-buffer-size: 100M
-        client-body-timeout: 120
-        client-header-timeout: 120
         custom-http-errors: 400,401,403,404,500,502,503,504
         enable-brotli: "true"
         enable-real-ip: "true"
@@ -85,6 +82,10 @@ spec:
           "http_user_agent": "$http_user_agent"}
         proxy-body-size: 0
         proxy-buffer-size: 16k
+        large-client-header-buffers: "4 8k"
+        client-body-buffer-size: 100M
+        client-body-timeout: 120
+        client-header-timeout: 120
         ssl-protocols: TLSv1.3 TLSv1.2
       metrics:
         enabled: true
diff --git a/kubernetes/apps/ingress/nginx/internal/helmrelease.yaml b/kubernetes/apps/ingress/nginx/internal/helmrelease.yaml
index 8ec68aef..26f22330 100644
--- a/kubernetes/apps/ingress/nginx/internal/helmrelease.yaml
+++ b/kubernetes/apps/ingress/nginx/internal/helmrelease.yaml
@@ -65,9 +65,6 @@ spec:
           proxy_set_header X-Forwarded-Host $http_host;
         whitelist-source-range: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
         block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
-        client-body-buffer-size: 100M
-        client-body-timeout: 120
-        client-header-timeout: 120
         custom-http-errors: 400,401,403,404,500,502,503,504
         enable-brotli: "false"
         enable-real-ip: "true"
@@ -92,6 +89,10 @@ spec:
           "http_user_agent": "$http_user_agent"}
         proxy-body-size: 0
         proxy-buffer-size: 16k
+        large-client-header-buffers: "4 8k"
+        client-body-buffer-size: 100M
+        client-body-timeout: 120
+        client-header-timeout: 120
         ssl-protocols: TLSv1.3 TLSv1.2
       metrics:
         enabled: true