search

roots / trellis

WordPress LEMP stack with PHP 8.2, Composer, WP-CLI and more
https://roots.io/trellis/
MIT License
2.51k stars 607 forks source link

PHP `SERVER_NAME` not passed correctly for multiple canonical domains #1550

Open strarsis opened 2 weeks ago

strarsis commented 2 weeks ago

Version

1.22.1

What did you expect to happen?

PHP $_SERVER['SERVER_NAME'] is assigned the correct domain that is requested, not the first (or random?) one in server_name in nginx site configuration.

This prevents redirection from redirection plugins.

What actually happens?

PHP $_SERVER['SERVER_NAME'] is assigned incorrect domain, as the first (or random?) one in server_name in nginx site configuration.

Steps to reproduce

  1. Set up a site in Trellis with two or more canonical domains (not to be confused with redirections).
  2. Request one of the canonical domains.
  3. Debug the request (e.g. print_r($_SERVER); in index.php). Note that the SERVER_NAME field in $_SERVER is not correct for all other requested canonical domains except for one (usually the first listed one).

Note that the SERVER_NAME is not always the first canonical domain, apparently this can change, which caused issues with a redirection plugin that redirected from the wrong canonical domain.

System info

Ubuntu LTS

Log output

No response

Please confirm this isn't a support request.

Yes

Context

In order to fix the passed SERVER_NAME, $host instead of $server_name has to be used:

fastcgi_param SERVER_NAME         $host;

In fastcgi_params configuration file included by the sites, $server_name is used:

fastcgi_param  SERVER_NAME        $server_name;

And $server_name is the wrong value:

  • $host contains "in this order of precedence: host name from the request line, or host name from the 'Host' request header field, or the server name matching a request"
  • $http_host contains the content of the HTTP "Host" header field, if it was present in the request
  • $server_name contains the server_name of the virtual host which processed the request, as it was defined in the nginx configuration. If a server contains multiple server_names, only the first one will be present in this variable.

(from Michael Hampton in https://serverfault.com/a/706439/958731).

As fastctgi_params is a default configuration file shipped with nginx, it makes sense to override the SERVER_NAME field after that file was included, in order to override it effectively:

include fastcgi_params;
[...]
fastcgi_param SERVER_NAME $host;
swalkinshaw commented 2 days ago

Makes sense to me. I assume it should be added right after the include here? https://github.com/roots/trellis/blob/9a45aab9dad405f849ab22648348444781121cfb/roles/wordpress-setup/templates/wordpress-site.conf.j2#L257-L258

Want to contribute the fix?