# Maker Linux and VPS Flashcards

Use this note with the TopicLadder deck page when a maker project touches Linux, static-site deployment, Nginx, DNS, HTTPS, logs, services, ports, or safe command habits.

## How to review

- Review cards beside a real project note.
- Keep cards tied to a command question, not trivia.
- If a card mentions a command, write what the command proves before running it.
- If a card names a trap, write the safer inspection step.

## Categories


### Linux navigation

- **What does pwd prove before a deploy?** - It proves the current working directory so path-sensitive commands are not run from the wrong project folder.
- **When should you use ls -lah?** - Use it to inspect names, sizes, owners, permissions, and hidden files before editing or copying.
- **What does find . -maxdepth 2 -type f | sort | head help with?** - It gives a bounded file inventory without crawling the whole machine.
- **Why write the current path into a project note?** - It makes later commands and screenshots easier to explain or review.
- **What is a common directory-navigation mistake?** - Assuming the shell is inside the project root because the terminal was there earlier.
- **What should you check before copying a file path?** - Check whether it is relative or absolute and whether it points at the generated release.
- **Why keep navigation commands read-only?** - They establish location and file shape without changing the project.

### File inspection

- **When is head -40 useful?** - It previews the top of a file without dumping the whole file into the terminal.
- **What does grep -n add to a search?** - Line numbers, so the matching line can be reviewed or discussed precisely.
- **Why use tail on logs?** - Recent lines usually show the current failure without reading the entire log file.
- **What does file script.sh check?** - It identifies file type and can expose CRLF or binary content mistakes.
- **What should you do before editing a config?** - Read the relevant lines and write down the expected setting.
- **What is a false read in file inspection?** - Seeing the right text in one file while the live service uses a different file.
- **What does a bounded find command prevent?** - It avoids a slow broad filesystem scan when nearby files are enough.

### Permissions and ownership

- **What does namei -l prove?** - It walks each path component and shows whether a parent directory blocks traversal.
- **What does stat -c '%A %U:%G %n' file show?** - Mode, owner, group, and name for the exact file being inspected.
- **Why avoid chmod -R 777?** - It changes too much and can hide the specific permission problem.
- **What does a 403 often mean for static files?** - Nginx may find the path but fail to traverse or read one component.
- **What should you inspect before chown?** - Which user the service runs as and which path component has the mismatch.
- **Why can a parent directory cause a file error?** - The file can be readable while a parent directory lacks execute permission.
- **What is the safe first step for permission errors?** - Inspect the path and owner/mode before changing anything.

### Nginx static sites

- **What must happen before nginx reload?** - nginx -t should pass so a syntax error does not break the server.
- **What does server_name decide?** - Which hostnames match a server block.
- **What does root decide?** - Which directory Nginx serves files from for that block.
- **Why test with curl -I -H 'Host: domain' http://127.0.0.1?** - It checks local Nginx routing for a specific hostname.
- **What does the default Nginx page usually indicate?** - The request reached Nginx but matched the wrong server block or root.
- **What log should you read after a 403 or 404?** - The Nginx error log, because it often names the path or permission issue.
- **What should a static-site server block point at?** - The intended current release or document root, not an old build folder.

### DNS

- **What does dig +short example.com A prove?** - The IPv4 address returned for the hostname by the resolver you asked.
- **Why compare apex and www records?** - They are separate hostnames and can point to different places.
- **What is a DNS false read?** - Trusting a provider dashboard before a resolver returns the intended answer.
- **When should you stop editing DNS?** - When current resolver answers disagree and you cannot explain the difference.
- **What does @1.1.1.1 change in dig?** - It asks a specific resolver instead of your default resolver.
- **Why keep DNS and HTTPS separate?** - A certificate problem can look like a site problem after DNS is already correct.
- **What should a DNS note include?** - Hostname, record type, expected IP, actual resolver answer, and time checked.

### HTTPS and certbot

- **What does certbot certificates show?** - Certificate names, covered domains, and expiry information.
- **Why run certbot renew --dry-run?** - It tests renewal flow without waiting for the real renewal window.
- **What must work before an HTTP-01 certificate challenge?** - The domain must reach the right server over port 80.
- **What does openssl s_client with -servername check?** - Which certificate is served for a specific hostname.
- **Why avoid repeated certificate requests?** - They can waste time, create rate-limit risk, and hide the real DNS or route problem.
- **What is a wrong-certificate symptom?** - HTTPS responds, but the certificate does not cover the hostname typed.
- **What should you record after fixing HTTPS?** - The covered names, expiry date, and successful HTTP and HTTPS checks.

### Logs

- **Why use journalctl --since?** - It narrows logs to the time window around the failure.
- **What does tail -80 /var/log/nginx/error.log help with?** - It shows recent Nginx errors without reading the full log.
- **Why include timestamps in notes?** - They connect an observed failure to the matching log lines.
- **What is a log false read?** - Reading an old error after the current request has not been tested again.
- **What should you do before sharing logs?** - Remove tokens, private paths, IPs, or customer data if present.
- **What does grep -iE help with in logs?** - It searches for several related terms while ignoring case.
- **What is a good log question?** - What exact request or service event produced this line?

### systemd and services

- **What does systemctl status nginx --no-pager show?** - Service state, recent messages, and whether the unit is active or failed.
- **What does systemctl --failed show?** - Units systemd currently marks as failed.
- **Why use --no-pager in scripts or notes?** - It keeps output bounded and copyable.
- **What does journalctl -u service show?** - Logs for one service unit instead of the whole journal.
- **What should you check before restart?** - The current failure state and logs, so the restart does not erase useful evidence.
- **What is a restart-loop clue?** - The service repeatedly enters failed or activating states.
- **What should a service note include?** - Unit name, state, recent log clue, config test result, and next check.

### Ports and listeners

- **What does ss -ltnp show?** - Listening TCP ports and the processes that own them when permitted.
- **What is the difference between LISTEN and ESTABLISHED?** - LISTEN waits for new connections; ESTABLISHED is an active connection.
- **Why identify the owner before killing a process?** - The port may belong to a managed service, proxy, container, or expected app.
- **What does curl -I http://127.0.0.1:PORT check?** - Whether a local HTTP service responds on that port.
- **What is a port false read?** - Seeing a process on a port and assuming it is the wrong process without checking context.
- **What should you inspect if public access fails but localhost works?** - Firewall, Nginx proxying, DNS, or binding address.
- **Why does binding to 127.0.0.1 matter?** - It may be reachable locally but not directly from the network.

### Git deploy workflow

- **What does git status prove before deploy?** - Whether the working tree has uncommitted or unexpected changes.
- **Why use timestamped release folders?** - They create a concrete rollback target and make the current release inspectable.
- **What does readlink -f current prove?** - Which release directory the live symlink points to.
- **Why record a release identifier?** - It lets you compare local build, remote files, and browser output.
- **What is a deploy false read?** - The deploy command succeeded, but Nginx still serves an older release.
- **What should a rollback note include?** - Previous release path, current symlink, and the command used to switch back.
- **What should you verify after deploy?** - HTTP status, expected text, key pages, downloads, and no unsafe public strings.

### Safe command habits

- **What makes an inspection command safe?** - It reads state without changing files, services, accounts, DNS, or firewall rules.
- **Why predict output before running a command?** - It turns command use into a test instead of terminal guessing.
- **When should you pause?** - When the next command could delete data, change exposure, restart production, or affect other users.
- **Why copy the page link instead of a naked command?** - The page keeps warnings, expected output, and next steps attached.
- **What is a dangerous shortcut?** - Applying a fix copied from a symptom match before proving the same cause.
- **What should every project note capture?** - Question, command, expected signal, actual output, interpretation, and next action.
- **How do flashcards help command learning?** - They review reasoning and traps, not just flag memorization.

### VPS debugging

- **What layer should you check first when a domain is wrong?** - DNS, because routing and certificates do not matter if the hostname points elsewhere.
- **What does HTTP working but HTTPS failing suggest?** - The web route exists, but certificate coverage or TLS routing may be wrong.
- **What does a default Nginx page suggest?** - The request reached Nginx but matched the wrong server block or root.
- **What does a 404 after deploy suggest?** - The route may not exist in the active release or Nginx points at another folder.
- **What does stale content suggest?** - Cache, stale symlink, old release root, or unchanged generated asset.
- **What should a good VPS lab answer include?** - Layer tested, command, expected output, actual output, diagnosis, and next safe action.
- **Why use the VPS debugging lab?** - It builds the habit of separating DNS, HTTP, HTTPS, Nginx, files, permissions, and renewal.

## Related TopicLadder pages

- [Deploy a Static Site on a VPS](/projects/deploy-static-site-on-vps/)
- [VPS Debugging Lab](/practice/vps-debugging-lab/)
- [Maker Command-Line Checklist](/reference/maker-command-line-checklist/)
- [Site Not Loading After a DNS Change](/troubleshooting/site-not-loading-after-dns-change/)
- [Maker Foundations](/learn/maker-foundations/)
