API Proxy (api.davidata.com)


Component	Location
nginx stream SNI map	/etc/nginx/nginx.conf (stream block)
nginx http site config	/etc/nginx/sites-enabled/api.davidata.com
TLS certificate	Let's Encrypt via certbot + certbot-dns-he-ddns plugin (DNS-01)
Cert credentials	/etc/letsencrypt/he-credentials/api.davidata.com.ini (he.net DDNS password)
Public DNS	A record at he.net: api.davidata.com → 37.123.171.156
Local DNS	Router /etc/hosts: api.davidata.com → 10.0.20.9


Path	Issuer seen	Verdict
WSL → api.davidata.com	Let's Encrypt (genuine)	Uninspected
WSL → chat.openai.com	Google Trust Services (genuine)	Uninspected
PowerShell → api.davidata.com	Scientific Games Corp	MITM

¶ Architecture