The acme-companion on the production host doesn't accept comma-separated
VIRTUAL_HOST / LETSENCRYPT_HOST values, so cert issuance was failing for
the combined `nibiru-framework.com,www.nibiru-framework.com` entry.
docker-compose.yml — now defines two services sharing the same image:
- docs → VIRTUAL_HOST=nibiru-framework.com (apex)
- docs-www → VIRTUAL_HOST=www.nibiru-framework.com (built once, reused)
A YAML anchor (x-docs-shared-env) keeps the Oracle/LLM/Anthropic config in
lockstep so the two containers can never drift.
docs/nginx/vhost.d/ — per-host nginx-proxy overrides applied at the
location-block level by jwilder/nginx-proxy. Both files set:
- X-Forwarded-* trust + buffering off (Oracle SSE streaming)
- HSTS / X-Content-Type / X-Frame / Referrer-Policy / Permissions-Policy
- gzip with the right MIME set for Astro/Starlight assets
- Aggressive cache on /_astro/ (immutable hashed bundles)
- 30-day cache on images/fonts
- no-store on /sw.js (so PWA updates land)
- 24-hour cache on /llms.txt for AI crawlers
docs/nginx/README.md explains how to mount these into an existing
nginx-proxy (bind-mount + reload, or bake into the proxy image).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
