.claude/memory/blockers.md

@@ -20,8 +20,18 @@ rules:
 
 | ID | Date | Friction | Status |
 |----|------|---------|--------|
+| BLK-001 | 2026-05-17 | Favicon 404 in prod after rebuild — Dockerfile selective COPY hid new repo files | resolved |
 
-<!-- Append entries below. Template:
+---
+
+## BLK-001 — Favicon 404 in prod after Docker rebuild
+
+- **Date**: 2026-05-17
+- **Friction**: User reported favicon missing on `bchanot.fr` prod despite new landing page being live. `docker compose up -d --build` did not fix it.
+- **Real cause**: `Dockerfile` uses selective `COPY index.html ./`, `COPY CV_*` (whitelist), not `COPY . ./`. Favicon assets added in commit `ef31fb3` (`favicon.svg`, `favicon-32.png`, `favicon.ico`, `apple-touch-icon.png`) were never wired into Dockerfile → never entered image layers → 404 from container even after full rebuild. New `index.html` worked because it was already on the COPY whitelist.
+- **Solution**: Append `COPY favicon.svg favicon-32.png favicon.ico apple-touch-icon.png ./` to Dockerfile (commit `f1e4392`). Matching nginx cache rule for `*.{ico,svg,png,jpg,jpeg,gif,webp}` added (30d immutable). VPS rebuild required after pull.
+- **Status**: resolved
+- **Future application**: Whenever the repo grows a new top-level asset that must ship in the image, audit Dockerfile COPY whitelist immediately. Consider replacing the whitelist with `COPY index.html CV_*.html CV_*.pdf favicon.* apple-touch-icon.png ./` or a glob-friendly pattern if asset count grows further.
 
 ## BLK-XXX - <friction>
 

.claude/memory/journal.md

@@ -32,3 +32,4 @@ rules:
 - Landing extended-vitrine refactor shipped (commit `1369d27`): meta/title sync CV, hero subtitle "Systèmes · Embarqué · Backend", stack 6→8 cards (drop VMware/Gitflow/Agile, add cgroups/namespaces/SELinux/GitHub Actions + Cloud-Infra + IA-Outils, Familier avec C++), Parcours 3 entries rewritten bullets+stack pills (lone-wolf wording purged, Deewee dates corrected fév→nov 2017), new Projets section (Git auto-hébergé + Homelab), new Méthode section (5 points), contact email → bastien@bchanot.fr.
 - Favicon set added (commit `ef31fb3`): SVG primary + PIL-generated PNG/ICO/apple-touch. Brand pulse-dot translated to icon. BDR-005 + LRN-002 logged.
 - CV files (`CV_Bastien_Chanot.html`, `.pdf`) untouched — user's WIP M state, off-scope per brief.
+- User pushed + reported favicon 404 in prod. Root cause: Dockerfile selective `COPY` whitelist never included favicon files. Fix shipped (commit `f1e4392`): COPY line appended + nginx long-cache rule for image assets. BLK-001 logged. VPS rebuild required.

Dockerfile

@@ -13,6 +13,7 @@ RUN rm -rf ./*
 COPY index.html ./
 COPY CV_Bastien_Chanot.html ./
 COPY CV_Bastien_Chanot.pdf ./
+COPY favicon.svg favicon-32.png favicon.ico apple-touch-icon.png ./
 
 # Non-root hardening: nginx:alpine already drops privileges to "nginx" user
 # for worker processes. Master runs as root only to bind port 80 inside

nginx.conf

@@ -54,6 +54,13 @@ server {
         add_header Cache-Control "public, max-age=3600, must-revalidate";
     }
 
+    # Long cache for favicon + image assets (rarely change).
+    location ~* \.(?:ico|svg|png|jpg|jpeg|gif|webp)$ {
+        expires 30d;
+        add_header Cache-Control "public, max-age=2592000, immutable";
+        access_log off;
+    }
+
     # Logs to stdout/stderr (default in nginx:alpine).
     access_log /var/log/nginx/access.log;
     error_log /var/log/nginx/error.log warn;