From ba84faaf144cd15af3aba2650c043467fe31ee06 Mon Sep 17 00:00:00 2001
From: St33v <github@f3rr3t.com>
Date: Wed, 10 Jun 2026 13:30:38 +1000
Subject: Add Canberra and Cairns radars; cross-page nav

Two new product codes: IDR403 (Canberra) and IDR193 (Cairns).
radar.service / radar-retry.service gain two more ExecStart= lines.

Per-radar pages: nav strip at top with all four radars + a Synoptic
button linking to pestrel.com; current page is highlighted. Layout
switched to column flex (nav on top, image fills below) and the
image now uses `width: 100%; max-width: 512px` so it fills phone
viewports without upscaling beyond the BOM-native 512px on desktop.

Synoptic page (index.html): "Radars" button fixed to the left edge
at top 16.6%, linking to https://radar.pestrel.com/.

Landing page (radar.pestrel.com/): rebalanced for four radars plus
a dashed-border Synoptic button.

nginx/radar.pestrel.com.conf: pulled in the certbot-managed TLS
block so a fresh setup matches production state.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 nginx/radar.pestrel.com.conf | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

(limited to 'nginx/radar.pestrel.com.conf')

diff --git a/nginx/radar.pestrel.com.conf b/nginx/radar.pestrel.com.conf
index b7d9c08..968bf2c 100644
--- a/nginx/radar.pestrel.com.conf
+++ b/nginx/radar.pestrel.com.conf
@@ -1,12 +1,8 @@
-# BOM radar loop — radar.pestrel.com
+# BOM radar loops — radar.pestrel.com
 # Installed to /etc/nginx/conf.d/radar.conf by setup.sh
-#
-# Requires /etc/nginx/nginx.conf to include:
-#   include /etc/nginx/conf.d/*.conf;
+# TLS block added by `certbot --nginx -d radar.pestrel.com`.
 
 server {
-    listen 80;
-    listen [::]:80;
     server_name radar.pestrel.com;
 
     root /srv/www/radar;
@@ -20,4 +16,22 @@ server {
     location / {
         try_files $uri $uri/ =404;
     }
+
+    listen 443 ssl; # managed by Certbot
+    listen [::]:443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/radar.pestrel.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/radar.pestrel.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+
+server {
+    if ($host = radar.pestrel.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 80;
+    listen [::]:80;
+    server_name radar.pestrel.com;
+    return 404; # managed by Certbot
 }
-- 
cgit v1.3