413 Payload Too Large (Request Entity Too Large)

What’s actually happening

A file upload or form POST dies partway through and the browser shows a short 413 page, often the bare Nginx error page with no styling. Smaller files go through fine; the failure tracks with size, not content. In the network tab the request shows status 413 and the response body is a few hundred bytes. API clients get the same 413 with an HTML body instead of JSON, which can confuse error handling downstream.

Common causes

• Nginx client_max_body_size is at its 1MB default (or set too low) and truncates the request before it reaches the app
• PHP upload_max_filesize or post_max_size is smaller than the file, so PHP rejects it even when Nginx allows it
• A proxy or load balancer in front (HAProxy, an ALB target, another Nginx) has its own lower body cap
• The app framework has its own limit — Express body-parser default, Spring's multipart max-file-size, Django DATA_UPLOAD_MAX_MEMORY_SIZE
• client_max_body_size is set in the wrong context (http block) and a server/location block overrides it back down

How to fix it

1. Raise client_max_body_size in NginxAdd client_max_body_size 50M; inside the http, server, or specific location block in /etc/nginx/nginx.conf or the site file under /etc/nginx/sites-available/. Set it where the upload actually lands. Test with nginx -t, then reload with systemctl reload nginx. A value of 0 disables the check entirely but don't do that on a public endpoint.
2. Match PHP's limits to NginxIn php.ini set upload_max_filesize and post_max_size to at least the same ceiling (post_max_size should be a touch larger since it covers the whole POST body, not just the file). Find the active ini with php --ini. Restart PHP-FPM: systemctl restart php8.2-fpm. Mismatched values are why a file passes Nginx but PHP still complains.
3. Check every hop in front of the originIf traffic goes through HAProxy, an AWS ALB, or a CDN, each can impose its own limit. Cloudflare's free plan caps uploads at 100MB regardless of your origin config. Bump or document each layer; the smallest limit wins.
4. Raise the application framework limitServer config isn't always the wall. For Express: app.use(express.json({ limit: '50mb' })). Spring Boot: spring.servlet.multipart.max-file-size and max-request-size. Django: DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py. The framework's 413 (or its own error) looks identical from the browser.
5. Confirm which layer firedWatch /var/log/nginx/error.log while reproducing. Nginx logs 'client intended to send too large body'. If that line never appears but you still get 413, the cap is upstream in PHP or the app — look at /var/log/php8.2-fpm.log or the app log instead.