fix: write nginx config before container start to fix first-deploy health check

Router health check (nginx -t) fails when default.conf doesn't exist yet.
Move config write to before `up -d --wait` so nginx has a valid config
on first deploy or after a volume wipe. Router reload stays post-health-check.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

CHANGELOG.md

@@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - Legal pages: replaced home address with virtual office address (c/o COCENTER, Koppoldstr. 1, 86551 Aichach) in all four legal templates (`imprint_de`, `imprint_en`, `privacy_de`, `privacy_en`, `terms_de`)
 
 ### Fixed
+- Deploy: write nginx router config *before* starting containers so the router health check (`nginx -t`) passes on first deploy or after volume wipe
 - Deploy: pre-migration DB backup added to `deploy.sh`; on health-check failure the DB is restored to pre-migration state (prevents old slot from running against new schema)
 - Migrations: removed all `conn.commit()` and `executescript()` calls from `up()` functions in 0000, 0011, 0012, 0013, 0014, 0015 — restores batch-atomicity guarantee (`executescript` issued implicit COMMITs, breaking rollback on failure)
 - Visual tests: server now builds schema via `migrate()` instead of the deleted `schema.sql`; all 12 Playwright tests pass

deploy.sh

@@ -35,25 +35,9 @@ echo "==> Running migrations..."
 $COMPOSE --profile "$TARGET" run --rm "${TARGET}-app" \
     python -m padelnomics.migrations.migrate
 
-# ── Start & health check ───────────────────────────────────
+# ── Write router config (before starting, so nginx -t passes) ──
 
-echo "==> Starting $TARGET (waiting for health check)..."
+echo "==> Writing router config for $TARGET..."
-if ! $COMPOSE --profile "$TARGET" up -d --wait; then
-    echo "!!! Health check failed — rolling back"
-    $COMPOSE stop "${TARGET}-app" "${TARGET}-worker" "${TARGET}-scheduler"
-    LATEST=$($COMPOSE run --rm --entrypoint "" "${TARGET}-app" \
-        sh -c "ls -t /app/data/app.db.pre-deploy-* 2>/dev/null | head -1")
-    if [ -n "$LATEST" ]; then
-        echo "==> Restoring database from ${LATEST}..."
-        $COMPOSE run --rm --entrypoint "" "${TARGET}-app" \
-            sh -c "cp '${LATEST}' /app/data/app.db"
-    fi
-    exit 1
-fi
-
-# ── Switch router ───────────────────────────────────────────
-
-echo "==> Switching router to $TARGET..."
 mkdir -p "$(dirname "$ROUTER_CONF")"
 cat > "$ROUTER_CONF" <<NGINX
 upstream app {
@@ -73,8 +57,25 @@ server {
 }
 NGINX
 
-# Ensure router is running, then reload
+# ── Start & health check ───────────────────────────────────
-$COMPOSE up -d router
+
+echo "==> Starting $TARGET (waiting for health check)..."
+if ! $COMPOSE --profile "$TARGET" up -d --wait; then
+    echo "!!! Health check failed — rolling back"
+    $COMPOSE stop "${TARGET}-app" "${TARGET}-worker" "${TARGET}-scheduler"
+    LATEST=$($COMPOSE run --rm --entrypoint "" "${TARGET}-app" \
+        sh -c "ls -t /app/data/app.db.pre-deploy-* 2>/dev/null | head -1")
+    if [ -n "$LATEST" ]; then
+        echo "==> Restoring database from ${LATEST}..."
+        $COMPOSE run --rm --entrypoint "" "${TARGET}-app" \
+            sh -c "cp '${LATEST}' /app/data/app.db"
+    fi
+    exit 1
+fi
+
+# ── Reload router to pick up new upstream ───────────────────
+
+echo "==> Reloading router..."
 $COMPOSE exec router nginx -s reload
 
 # ── Cleanup old pre-deploy backups (keep last 3) ─────────────