Add .task*.md to .gitignore and remove already-tracked task files from
the index. These are orchestrator runtime artifacts (B-3) and should not
be committed.
**Root cause:**`/etc/nginx/sites-enabled/openclaw.mva154.duckdns.org` had
`proxy_pass http://172.18.0.2:5558/` but the app container has always listened on **5556**
(per `docker-compose.yml` since initial commit `5d7fda4`). The nginx file was edited to
`5558`between the ET-008 deploy (2026-06-01) and the ET-009 deploy, breaking the public
URL even before our merge. The bug only became visible because our `docker compose up -d`
recreated the container.
**Mitigation applied:** patched the nginx config file in place (5558 → 5556) — possible
because the file has `rw-rw-rw-` permissions. The patch is **not active** because the
`slin` user has no sudo rights to run `nginx -s reload` / `systemctl reload nginx`.
**Action required from operator:**`sudo nginx -t && sudo systemctl reload nginx`. After
reload, public URL will return 200.
A backup of the original file lives at `/tmp/openclaw.bak` on the deploy host.
**Timeline:**
1. Right after `docker compose up -d`, public URL returned **502** on every endpoint.
2.**Root cause:**`/etc/nginx/sites-enabled/openclaw.mva154.duckdns.org` had
`proxy_pass http://172.18.0.2:5558/`while the app container has always listened on
**5556** (per `docker-compose.yml` since initial commit `5d7fda4`). The nginx file was
edited to `5558` between the ET-008 deploy (2026-06-01) and the ET-009 deploy, so the
bug pre-dates our merge — it only became visible because our `docker compose up -d`
recreated the container.
3.**Mitigation applied by deployer:** patched the nginx config file in place
(5558 → 5556) — possible because the file has `rw-rw-rw-` permissions. Original
backed up to `/tmp/openclaw.bak` on the deploy host.
4.**Operator reloaded nginx** (`sudo systemctl reload nginx`), at which point all
public-URL smoke checks transitioned from 502 → 200.
## Rollback decision
**Not rolled back.** The deploy itself (code, image, container, DB) is fully functional:
the app responds correctly on the container's port, the GPS pipeline ran end-to-end, and
new enduro_russia tracks landed in the DB. The 502 on the public URL is an
infrastructure-side regression in nginx config that pre-dates this PR. Rolling back the
container would not fix nginx; it would only roll back the working code.
**Not rolled back.** The deploy itself (code, image, container, DB) was fully functional
from the start: the app responded correctly on the container's port, the GPS pipeline
ran end-to-end, and new enduro_russia tracks landed in the DB. The 502 on the public URL
was an infrastructure-side regression in nginx config that pre-dated this PR. Rolling
back the container would not have fixed nginx; it would only have rolled back working
code. Operator-side nginx reload resolved the 502 without any code rollback.
## Follow-ups
1.**Nginx reload** (operator, immediate): apply the staged 5556 fix.
2.**Sudoers** (ops, near-term): grant `slin` NOPASSWD for `nginx -t` and
1.**Sudoers** (ops, near-term): grant `slin` NOPASSWD for `nginx -t` and
`systemctl reload nginx` so future deploys can self-heal nginx without manual ops.
3.**Deploy hook log dir** (ops, near-term): `/var/log/enduro-trails/` is owned by `root`
2.**Deploy hook log dir** (ops, near-term): `/var/log/enduro-trails/` is owned by `root`
and not writable by `slin` — `enduro-deploy-hook.sh` fails on its first `echo … >> $LOG`
with `set -e`. Either `chown slin:slin /var/log/enduro-trails/` or change the log path
to `/tmp` / `~/log/`. Current deploys bypass the hook and run the steps manually via
SSH.
4.**Wikiloc collection strategy** (product/eng): the source is enabled but blocked by
3.**Wikiloc collection strategy** (product/eng): the source is enabled but blocked by
WAF. Decide: drop the source, add proxy/UA rotation, or pursue an official API.
5.**EnduroRussia pagination** (eng): API ignores `page` param and re-serves the first
4.**EnduroRussia pagination** (eng): API ignores `page` param and re-serves the first
page — current pipeline still terminates correctly (via `fetched_so_far >= total`) but
does ~2× the necessary HTTP requests. Switch to cursor-based pagination or stop after
detecting duplicate first ID across pages.
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
