bchanot-cv/.claude/memory/learnings.md
bastien c2e1dd30a8 docs(memory): backfill registries for docker, certbot, formation
decisions.md  — log BDR-004 (containerize site with nginx:alpine behind reverse
                proxy): rationale, hardening flags (read_only, cap_drop,
                no-new-privileges, tmpfs), alternatives rejected (bare nginx,
                Caddy/Traefik). Reference commits: 7957b04.

learnings.md  — log LRN-001 (certbot --nginx matches `server_name`, not
                filename): root cause was leftover `server_name autreprojet.fr`
                in `sites-available/bchanot.fr`. Future check:
                `grep -n "server_name" /etc/nginx/sites-enabled/*` before any
                certbot install on a multi-site VPS.

journal.md    — 5 lines covering docker setup, git init + remote + push,
                certbot diagnose + fix, prior commit batch, and today's
                feat(formation) section work (commit 1d5fbfa).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-15 20:37:28 +02:00

32 lines
1.7 KiB
Markdown

---
type: learnings_registry
entry_prefix: LRN
schema:
id: LRN-XXX
date: YYYY-MM-DD
pattern: string (what was observed, abstracted)
context: string (where/when it happened - concrete)
future_application: string (when to recall this)
rules:
- Capture learnings that apply beyond the current task.
- Abstract from the incident - the pattern is what is reusable, not the one-shot fact.
- Link to source (commit, file, PR) when possible.
---
# Learnings registry (LRN)
## Index
| ID | Date | Pattern | Applies to |
|----|------|---------|------------|
| LRN-001 | 2026-05-15 | certbot --nginx matches `server_name`, not filename | nginx + certbot on multi-site VPS |
---
## LRN-001 — certbot --nginx matches `server_name`, not filename
- **Date**: 2026-05-15
- **Pattern**: `certbot install --cert-name X` (and `certbot --nginx -d X`) locates the target vhost by scanning every `server_name` directive in active nginx configs. The filename in `sites-available/` is irrelevant. A file named `X.conf` with `server_name Y;` inside will NOT be picked up for domain X.
- **Context**: `/etc/nginx/sites-available/bchanot.fr` existed and was symlinked into `sites-enabled/`, but its body still contained `server_name autreprojet.fr www.autreprojet.fr;` — a copy-paste leftover from a previous project. Certbot returned `Could not automatically find a matching server block for bchanot.fr`.
- **Future application**: Before running certbot on a multi-site VPS, `grep -n "server_name" /etc/nginx/sites-enabled/*` — confirm the target domain is actually declared inside, not just present in the filename. Same logic applies when troubleshooting "why is nginx serving the wrong site" — match by `server_name`, never by filename.