ia_dev/deploy/README-lpldf-https-watch.md

# LPLDF HTTPS watchdog on the 4NK proxy

## Purpose

Detect downtime of `https://xn--lespetitesleonsdefrdric-89b1db.fr/` from the proxy and emit alerts (syslog tag `lpldf-https-watch`, optional webhooks / mail). Acts as an availability watchdog; a SIEM (e.g. Wazuh) can ingest these syslog lines.

## Repository paths

- Watch script (installed to `/opt/proxy-config/scripts/watch-https-lpldf.sh`): `tools/proxy-https-watch-lpldf.sh`
- Optional env example: `tools/proxy-https-watch-lpldf.env.example`
- Systemd units: `deploy/proxy-units/lpldf-https-watch.service`, `deploy/proxy-units/lpldf-https-watch.timer`
- Installer (from ia_dev root): `./deploy/scripts/install-lpldf-https-watch-on-proxy.sh`

## Behaviour

- Accepts HTTP status 200, 301, 302, 307, 308.
- State under `/var/lib/lpldf-https-watch/`.
- First DOWN: `daemon.warning` + optional `ALERT_WEBHOOK_URL` / `ALERT_EMAIL_TO`.
- Repeats while down at most every `ALERT_REPEAT_SECONDS` (default 3600).
- Recovery: `daemon.info` + optional `ALERT_WEBHOOK_URL_RECOVER`.

## Optional proxy config

Create `/opt/proxy-config/scripts/env/watch-https-lpldf.env` (e.g. `chmod 600`), see `tools/proxy-https-watch-lpldf.env.example`.

## Operations

- Manual run on proxy: `sudo /opt/proxy-config/scripts/watch-https-lpldf.sh`
- Logs: `sudo journalctl -t lpldf-https-watch`
- Timer: `systemctl status lpldf-https-watch.timer`

Nginx is not modified for this check.