diff --git a/content/posts/commits/2026-04-09-commit-10af16e.md b/content/posts/commits/2026-04-09-commit-10af16e.md
new file mode 100644
index 0000000..c30b4f4
--- /dev/null
+++ b/content/posts/commits/2026-04-09-commit-10af16e.md
@@ -0,0 +1,58 @@
+---
+title: "[bojemoi] feat(redirector): OPSEC hardening — Let's Encrypt + header suppression + MSF keepalive"
+date: 2026-04-09T21:55:35+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 10af16e par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `10af16e`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `10af16e9fdf0d0548b10291c972dee0b08665722` |
+
+
+### Description
+
+- entrypoint.sh: acquire Let's Encrypt cert via acme.sh at startup (webroot
+  HTTP-01 on redirector-1.fly.dev); fallback self-signed uses CN=api.microsoft.com
+  instead of CN=localhost; register-account step to avoid invalidContact error
+- nginx.conf: load headers_more module + more_clear_headers Server; add ACME
+  challenge location /.well-known/acme-challenge/ and /healthz on port 80
+- Dockerfile: add ca-certificates, libnginx-mod-http-headers-more-filter, socat;
+  download acme.sh script directly (avoids silent pipe install failure)
+- start_msf_server.sh: pipe stdin keepalive (tail -f /dev/null | msfconsole) to
+  prevent handler exit on EOF; add watchdog loop + port 4444 readiness check
+- .claude/commands/opsec-check.md: new /opsec-check skill (6-phase C2 OPSEC audit)
+- .claude/commands/topology.md: new /topology skill (swarm service dependency check)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	.claude/commands/opsec-check.md
+A	.claude/commands/topology.md
+M	borodino/redirector/Dockerfile
+M	borodino/redirector/entrypoint.sh
+M	borodino/redirector/nginx.conf
+M	borodino/start_msf_server.sh
+```
+
+### Diff Summary
+
+```
+ .claude/commands/opsec-check.md   | 242 ++++++++++++++++++++++++++++++++++++++
+ .claude/commands/topology.md      | 150 +++++++++++++++++++++++
+ borodino/redirector/Dockerfile    |  14 ++-
+ borodino/redirector/entrypoint.sh |  54 +++++++--
+ borodino/redirector/nginx.conf    |  21 +++-
+ borodino/start_msf_server.sh      |  37 +++++-
+ 6 files changed, 503 insertions(+), 15 deletions(-)
+```