Ok. So I tried to do two things at once earlier:
- migrate to dockerised deployment
- remove TLS from internal nginx
One of those things was successful. The other failed, and my site was down for several hours.
Tomorrow I will figure out how to only do TLS on the external nginx. For now, at least my site is up again. ffs.