Nginx regex vhost pattern ends up as PHP server name

nginx

I have an nginx server definition with a regex match, like this:

server_name ~^(?<vhost>[a-z0-9-]+)\.example\.com$;
root /var/www/example/$vhost;
access_log /var/log/nginx/$vhost.example-access.log;

That all works nicely, however, this domain hosts various PHP projects using fastcgi and PHP-FPM, which receive values like this in $_SERVER:

SERVER_NAME => "~^(?<vhost>[a-z0-9-]+)\.example\.com$"
HTTP_HOST   => "myhost.example.com"

As you can see, the regex pattern is put into SERVER_NAME rather than the string that it matched. That seems a bit buggy to me, and also represents a security risk in that it is revealing unnecessary details (in other configs I'm matching a specfic set of names rather than a wildcard).

You might say "use HTTP_HOST instead of SERVER_NAME" – if only it was that simple – there are libraries which expect SERVER_NAME to (no surprise) contain the name of the server. I can't really see a good use case for this behaviour.

Best Answer

Thanks to the rubber-duck effect of writing this question, I found a solution.

Nginx's stock fastcgi_params file contains the line:

fastcgi_param  SERVER_NAME        $server_name;

which is what causes that value to appear in $_SERVER['SERVER_NAME'] in the PHP environment.

I changed that to use the $host variable:

fastcgi_param  SERVER_NAME        $host;

and my problem went away. I'd be interested to know if there are any downsides of this approach.

Related Solutions

Nginx – With Nginx proxying to Apache, real hostname is lost

By default, it sends the host spec from the proxy_pass line. You can override this by throwing this config in there, forcing the Host: header to contain the same as sent by the client:

proxy_set_header Host $host;

Nginx – Configure php5-fpm for many concurrent users

I suspect your varnish cache is not caching anywhere near enough of the hits

here's what I would do in your situation:

Lower php max children to 100 or even 50 (if varnish does its job properly you don't need them) also remove the max requests line to allow the php processes not to respawn too quickly and thus prevent APC from being cleared too quickly which is also bad

also IF is not good according to nginx - http://wiki.nginx.org/IfIsEvil

I would change this line:

            if (!-e $request_filename) {
                    rewrite ^(.+)$ /index.php?q=$1 last;
            }

to:

try_files $uri $uri/ /index.php?$args;

If your version of nginx supports it (pretty certain if your nginx version is > 0.7.51 then it supports it)

you should also look at inserting the w3tc nginx rules direct into your vhost file to enabled proper disk enhanced caching of pages (which is faster than APC caching with nginx)

Take a look at the following varnish vcl which I use for sites - you will need to read through and edit a few things for your website - it also assumes that its only WP sites on the server and only 1 site on the server, it can easily be modified for more sites (take a look at the cookie section)

generic vcl: https://gist.github.com/b7332971a848bcb7ecef

With this config I would argue to remove fastcgi_cache to prevent any possible issues with a cache-chain occurring whereby trying locate any stray stale cache entries is more difficult

also tell w3tc that varnish is at 127.0.0.1 and it will purge it for you ;)

I deployed this to a server on Wednesday evening (with a few domain specific modifications) that was handling 2500 active site visitors it reduced load to less than 1 and the approx number of running php children was around 10-20 (this number does depend on number of logged in users and other factors like cookies) this server did have much more ram but the principle is the same, you should be able to easily handle the number of visitors you get at peaks

Best Answer

Related Solutions

Nginx – With Nginx proxying to Apache, real hostname is lost

Nginx – Configure php5-fpm for many concurrent users

Related Topic