Helerion Dev Log

Transmission #007: Hosting Struggles

Spent today getting the blog actually hosted. We’d already dockerized the blog and set up a private registry and nginx-proxy on the server—but getting from “build on the Mac” to “running on the Ubuntu server” turned into a bit of a saga.

413 Request Entity Too Large. First push to the registry failed: nginx in front of the registry was rejecting the image layers. Default client_max_body_size is 1MB; Docker layers are bigger. Fixed it by adding a vhost override for registry.helerion.com with client_max_body_size 0; in the proxy’s vhost.d dir and reloading nginx.

Wrong architecture. The image built on my Mac is arm64. The server is amd64. The container kept failing with exec format error (and later “platform does not match”) because we were pushing and pulling an arm64 image. Fix: build for the server explicitly with docker build --platform linux/amd64. We’d added that to one script but were actually running a different script (publish-blog.sh) that didn’t have it—and the build was reusing cached arm64 layers, so even after fixing the script, the image stayed arm64 until we added --no-cache and rebuilt. Now the publish script builds amd64 and the server compose file requests platform: linux/amd64 so we don’t accidentally run the wrong one again.

Favicon. The favicon stopped working after we dockerized. Still not sure why—Hugo’s resources.Get "favicon.png" and the built static site might be generating a path that’s wrong when served from the container, or the asset isn’t making it into the image. On the list to dig into next.

HTTPS. The blog was live over HTTP but HTTPS didn’t work. The reverse proxy (nginx-proxy + acme-companion) was set up and the blog had LETSENCRYPT_HOST=helerion.com,www.helerion.com, but the cert never completed—./certs/helerion.com/ stayed empty. Turned out we had an A record for the apex (@ → helerion.com) but no DNS for www. Let’s Encrypt has to verify every name on the cert; it could verify helerion.com, but www.helerion.com came back NXDOMAIN. Fix: add a record for www (A record to the same IP as the apex, or CNAME www → helerion.com). Once DNS propagated, we cleared the failed cert dir and restarted acme-companion; both names verified and the cert landed. https://helerion.com and https://www.helerion.com work now. So: if you want both apex and www on the cert, you need DNS for both.

So: blog is live on the server with HTTPS. Next up, fix the favicon and get back to the game.

sageneilsmith.me | [2026] | Transmission End.