I have a new Ubuntu server with the most recent IspConfig installation. I'm using nginx and each website is in a chroot. Each website is served on both ipv4 and ipv6 and all websites are assigned to a shared specific IP. I have an issue where sporadically a different website is served on the wrong domain. This seems to happen on http and https, and I even had a website which was disabled being served up (I hope that was from a cache somewhere). So I navigate to https:// somewhere . tld and it looks OK, I click around a few times or hit F5 and on the same URL I now get a website from a different customer. The website glitch happens across websites and even customers and just rapidly F5-ing seems to trigger it within a few minutes. I have updated all packages on the OS to the latest version and updated IspConfig today to ensure its not due to old packages. Can it be related to how each website runs in a chroot?
Yes. if you use a chroot together with a PHP opcache and both sites use the same CMS like e.g. Wordpress, then it can happen that PHP mixes up the cached contents and delivers the wrong site. Options to solve that are to turn off the opcache in PHP or disable chroot in the website.
Does that mean the different fpm instances share the same opcache? Edit: from the thread that Th0m linked; the opcache seems to be shared between chrooted environments which can cause an issue especially with shared CMSes like WordPress since the paths are identical between chroots. Ofcourse my customers complaining used WordPress so this all sounds very familiar. I now set opcache.validate_root=1 in my /etc/php/7.4/fpm/php.ini and rebooted the server. Let's see if that solved it.
Yes, this happens. E.g. example-a.com and example-b.com are both wordpress sites. Sometimes example-a.com could get the wp-config.php from example-b.com from the cache, and the database tells the CMS that the main URL is example-b.com and you would see their site.
I have no setup to test it, but that bug was there for years: https://bugs.php.net/bug.php?id=69090 It should be solved now, if you set the option "opcache.validate_root = 1" as you did. Please report back if that solves the issue. Thanks!
It has been working since I turned the validate_root option on. I think it's probably good to enable this by default since this was a hard problem to debug before I posted here. Thanks for the help!
I thought I posted a reply over a week ago... Anyway, since the change I no longer observed glitches myself nor did users report them so I think this solved it