decisions.md — log BDR-004 (containerize site with nginx:alpine behind reverse
proxy): rationale, hardening flags (read_only, cap_drop,
no-new-privileges, tmpfs), alternatives rejected (bare nginx,
Caddy/Traefik). Reference commits: 7957b04.
learnings.md — log LRN-001 (certbot --nginx matches `server_name`, not
filename): root cause was leftover `server_name autreprojet.fr`
in `sites-available/bchanot.fr`. Future check:
`grep -n "server_name" /etc/nginx/sites-enabled/*` before any
certbot install on a multi-site VPS.
journal.md — 5 lines covering docker setup, git init + remote + push,
certbot diagnose + fix, prior commit batch, and today's
feat(formation) section work (commit 1d5fbfa).
Co-Authored-By: Claude <noreply@anthropic.com>
1.7 KiB
1.7 KiB
| type | entry_prefix | schema | rules | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| learnings_registry | LRN |
|
|
Learnings registry (LRN)
Index
| ID | Date | Pattern | Applies to |
|---|---|---|---|
| LRN-001 | 2026-05-15 | certbot --nginx matches server_name, not filename |
nginx + certbot on multi-site VPS |
LRN-001 — certbot --nginx matches server_name, not filename
- Date: 2026-05-15
- Pattern:
certbot install --cert-name X(andcertbot --nginx -d X) locates the target vhost by scanning everyserver_namedirective in active nginx configs. The filename insites-available/is irrelevant. A file namedX.confwithserver_name Y;inside will NOT be picked up for domain X. - Context:
/etc/nginx/sites-available/bchanot.frexisted and was symlinked intosites-enabled/, but its body still containedserver_name autreprojet.fr www.autreprojet.fr;— a copy-paste leftover from a previous project. Certbot returnedCould not automatically find a matching server block for bchanot.fr. - Future application: Before running certbot on a multi-site VPS,
grep -n "server_name" /etc/nginx/sites-enabled/*— confirm the target domain is actually declared inside, not just present in the filename. Same logic applies when troubleshooting "why is nginx serving the wrong site" — match byserver_name, never by filename.