decisions.md — log BDR-004 (containerize site with nginx:alpine behind reverse
proxy): rationale, hardening flags (read_only, cap_drop,
no-new-privileges, tmpfs), alternatives rejected (bare nginx,
Caddy/Traefik). Reference commits: 7957b04.
learnings.md — log LRN-001 (certbot --nginx matches `server_name`, not
filename): root cause was leftover `server_name autreprojet.fr`
in `sites-available/bchanot.fr`. Future check:
`grep -n "server_name" /etc/nginx/sites-enabled/*` before any
certbot install on a multi-site VPS.
journal.md — 5 lines covering docker setup, git init + remote + push,
certbot diagnose + fix, prior commit batch, and today's
feat(formation) section work (commit 1d5fbfa).
Co-Authored-By: Claude <noreply@anthropic.com>
4.3 KiB
4.3 KiB
| type | entry_prefix | schema | rules | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| decisions_registry | BDR |
|
|
Decisions registry (BDR)
Index
| ID | Date | Title | Status |
|---|---|---|---|
| BDR-001 | 2026-05-15 | Static single-file site, no framework | accepted |
| BDR-002 | 2026-05-15 | weasyprint pour PDF CV depuis HTML | accepted |
| BDR-003 | 2026-05-15 | Position pro: CDI prioritaire, freelance parallèle | accepted |
| BDR-004 | 2026-05-15 | Containerize site with nginx:alpine behind reverse proxy | accepted |
BDR-001 — Static single-file site, no framework
- Date: 2026-05-15
- Statut: accepted
- Décision:
index.htmlunique, CSS inline<style>, JS vanilla inline<script>. Aucun bundler, aucun build step. - Pourquoi: Landing perso 1 page. Audience recruteurs/CTO. Critère "click Contacter <10s". Zéro dep, zéro maintenance, zéro tracking. Indexable par défaut.
- Alternatives rejetées:
- Astro — overkill, ajoute build step pour 1 page.
- React SPA — interdit pour site public indexable (cf
~/.claude/CLAUDE.md). - HTML + CSS externes — éclate 1 livrable en 3 fichiers sans bénéfice.
- Référence:
index.html, section Stack deCLAUDE.md.
BDR-002 — weasyprint pour génération PDF CV
- Date: 2026-05-15
- Statut: accepted
- Décision:
weasyprint CV_Bastien_Chanot.html CV_Bastien_Chanot.pdfà chaque modif HTML CV. - Pourquoi: weasyprint déjà installé (
~/.local/bin/weasyprint). Chromium absent. wkhtmltopdf déprécié. - Alternatives rejetées:
- Chromium
--print-to-pdf— pas installé. - wkhtmltopdf — déprécié + WebKit ancien, rendu moins fidèle.
- Print manuel via navigateur — pas reproductible, dérive entre HTML et PDF.
- Chromium
- Warnings connus:
box-shadow: noneignoré par weasyprint, sans impact visuel. - Référence:
CV_Bastien_Chanot.pdf.
BDR-003 — Position pro: CDI prioritaire, missions freelance en parallèle
- Date: 2026-05-15
- Statut: accepted
- Décision: Site annonce CDI systèmes/embarqué prioritaire, ZenQuality (freelance) en parallèle. Géo: full remote idéal, hybride 1-2 j/mois si Paris, mobilité Pays de la Loire.
- Pourquoi: Recadrage user. Première version annonçait "Missions long terme & expertise" — pas représentatif. Hiérarchie CDI > freelance maintenant explicite (hero eyebrow + about para + callout + CV header).
- Référence:
index.html(hero-eyebrow, about-text para 3, about-callout) +CV_Bastien_Chanot.html(header).
BDR-004 — Containerize site with nginx:alpine behind reverse proxy
- Date: 2026-05-15
- Status: accepted
- Decision: Ship site as
bchanot-webDocker container (nginx:1.27-alpine). Container listens on port 80 internally; host port configurable viaPORTenv (default 8080), bound to127.0.0.1. Host nginx terminates TLS +proxy_passto container. - Why: VPS hosts multiple sites (
zenquality.fr,nuit-folle.zenquality.fr,bchanot.fr). Container isolates static assets + nginx config, easier rollback, reproducible build. Loopback bind blocks direct external hits, forces traffic through host nginx (TLS, rate limit, logs). - Hardening:
read_only: true,cap_drop: ALL+ minimalcap_add,no-new-privileges, tmpfs for/var/cache/nginx+/var/run+/tmp. CSP allows inline CSS/JS (project convention) + Google Fonts. HSTS deliberately omitted at container level — set by outer proxy after TLS termination. - Alternatives rejected:
- Bare static files served by host nginx — no isolation, config drift between sites, harder rollback.
- Caddy / Traefik container — overkill for 1 static site, host nginx already handles TLS for other domains.
- Reference:
Dockerfile,nginx.conf,docker-compose.yml,.env.example.