Update: I have an additional (as yet untested) solution: Use an access control list to grant an exception to the webserver user (www-data) to access the TLS private key. This should allow you to follow good practice in running the Docker container as a non-root user (eg. www-data), while maintaining standard restrictive root privileges on the key. The other solution, which I am running in production, is to put an NGINX reverse proxy on the host machine in front of the Apache container, and terminate the TLS connection there. If this proves workable, it is hands down the easiest way to solve the problem.
At time of writing, all other "solutions" on the internetz either tell you to weaken the file ownership permissions, or run the container as root, which you should not do. Even the official docs example doesn't explicitly set a user...which means the container will default to running as root.
When developing a project you need to be able to run it in order to test it. But you don't want local changes to the configuration files to be committed. Most 'solutions' to this problem suggest untracking (removing) it from the repository. But if you want to keep the file in your project, then use:
git update-index --skip-worktree filenameOrPath
This keeps the file in the respository, but lets you change your local copy freely without including changes in commits.
One of the cool new features of the GoPro Hero 9 is that you can use it as a 1080p webcam. Sadly, the out-of-the-box experience is glitchy and way too unreliable to use for a serious project, but you can fix it with the right setup and more $$. TLDR: Get the media mod and use the HDMI port for better output, take the battery out and power directly through USB to prevent unwanted shutdowns, and use OBS studio to resolve audio/video syncronisation issues.
TLDR: The Coolermaster H500M case supports up to a 240 mm radiator in top-mount position and up to 360 mm in front-mount position, but a front-mounted 280mm radiator is probably the best option for an AIO system.