Problem
The deploy pipeline ships only dist/ content (scripts/deploy-webmap.sh extracts the tarball into /var/www/webmap/web). The nginx config (infrastructure/nginx/www.webmap.dev.conf) is applied manually on the host (symlinked into sites-enabled), so the repo config can silently drift from what's actually serving.
This drift directly caused/prolonged the blank-page saga: the /sw.js immutable-cache bug (#209) couldn't be fixed by a repo change alone — the host nginx had to be edited by hand and reloaded. A repo-only fix gives a false sense that production is fixed.
Proposal
Have the deploy apply the nginx config and reload nginx as part of deploy-webmap.sh:
scp infrastructure/nginx/www.webmap.dev.conf to the host alongside the content tarball.- Copy it into
/etc/nginx/sites-available/ (and ensure the sites-enabled symlink).
- Validate with
nginx -t; only then systemctl reload nginx.
- On
nginx -t failure, do not reload (and fail the deploy / keep the previous config) — mirror the existing content backup/rollback discipline.
Requirements / notes
- The deploy user needs privileges to write the conf and reload nginx — add a tightly-scoped sudoers entry (e.g.
NOPASSWD for /usr/sbin/nginx -t and /bin/systemctl reload nginx only), not broad sudo.
- Keep it idempotent; reload (not restart) to avoid dropped connections.
- Consider a checksum/no-op short-circuit so the reload only happens when the conf actually changed.
Acceptance criteria
- A change to
infrastructure/nginx/*.conf takes effect on the next production deploy with no manual step.
nginx -t gates the reload; an invalid config fails the deploy without reloading.- Documented in the deploy script/README.
Follow-up to #209 / #210.
Problem
The deploy pipeline ships only
dist/content (scripts/deploy-webmap.shextracts the tarball into/var/www/webmap/web). The nginx config (infrastructure/nginx/www.webmap.dev.conf) is applied manually on the host (symlinked intosites-enabled), so the repo config can silently drift from what's actually serving.This drift directly caused/prolonged the blank-page saga: the
/sw.jsimmutable-cache bug (#209) couldn't be fixed by a repo change alone — the host nginx had to be edited by hand and reloaded. A repo-only fix gives a false sense that production is fixed.Proposal
Have the deploy apply the nginx config and reload nginx as part of
deploy-webmap.sh:scpinfrastructure/nginx/www.webmap.dev.confto the host alongside the content tarball./etc/nginx/sites-available/(and ensure thesites-enabledsymlink).nginx -t; only thensystemctl reload nginx.nginx -tfailure, do not reload (and fail the deploy / keep the previous config) — mirror the existing content backup/rollback discipline.Requirements / notes
NOPASSWDfor/usr/sbin/nginx -tand/bin/systemctl reload nginxonly), not broad sudo.Acceptance criteria
infrastructure/nginx/*.conftakes effect on the next production deploy with no manual step.nginx -tgates the reload; an invalid config fails the deploy without reloading.Follow-up to #209 / #210.