diff --git a/.gitea/workflows/workflow.yaml b/.gitea/workflows/workflow.yaml
index 8ed2ce8..a30f514 100644
--- a/.gitea/workflows/workflow.yaml
+++ b/.gitea/workflows/workflow.yaml
@@ -65,16 +65,7 @@ jobs:
           SCRIPT_AFTER: |
             set -e
             cd ${{ needs.prepare_context.outputs.pr_path }}
-            docker compose --env-file dev.env -f docker-compose.yaml up -d --build --remove-orphans --wait 
-
-            # Run E2E Tests
-            echo "Running E2E tests..."
-            export CI=true
-            # Create venv to avoid polluting system python
-            python3 -m venv .venv
-            . .venv/bin/activate
-            pip install -r tests/e2e/requirements.txt
-            pytest tests/e2e/
+            docker compose --env-file dev.env -f docker-compose.yaml up -d --build --remove-orphans --wait
 
   # ------------------------------------------------------------------
   # STAGE 3: DEPLOY STAGING
@@ -100,7 +91,7 @@ jobs:
           SCRIPT_AFTER: |
             set -e
             cd ${{ env.REMOTE_STAGING_PATH }}
-            docker compose --env-file staging.env -f docker-compose.yaml up -d --build --remove-orphans
+            docker compose --env-file staging.env -f docker-compose.yaml up -d --build --remove-orphans --wait
 
   # ------------------------------------------------------------------
   # STAGE 4: DEPLOY PRODUCTION
@@ -127,7 +118,16 @@ jobs:
           SCRIPT_AFTER: |
             set -e
             cd ${{ env.REMOTE_PROD_PATH }}
-            docker compose --env-file prod.env -f docker-compose.yaml -f docker-compose.prod.yaml up -d --build --remove-orphans
+            docker compose --env-file prod.env -f docker-compose.yaml -f docker-compose.prod.yaml up -d --build --remove-orphans --wait
+
+            # Run E2E Tests
+            echo "Running E2E tests..."
+            export CI=true
+            # Create venv to avoid polluting system python
+            python3 -m venv .venv
+            . .venv/bin/activate
+            pip install -r tests/e2e/requirements.txt
+            pytest tests/e2e/
 
   # ------------------------------------------------------------------
   # CLEANUP (Using appleboy/ssh-action for pure command execution)
diff --git a/dev.env b/dev.env
index 7c085dd..da29fc5 100644
--- a/dev.env
+++ b/dev.env
@@ -5,5 +5,5 @@ NETWORK_NAME=proxy
 CERTBOT_CA_RESOLVER=https://acme-staging-v02.api.letsencrypt.org/directory
 DOMAIN=dev.kovagoadi.hu
 ACME_BYPASS=false
-# TRAEFIK_LEGACY_OPT=
-TRAEFIK_LEGACY_OPT="--providers.file.directory=/etc/traefik"
\ No newline at end of file
+TRAEFIK_LEGACY_OPT=
+# TRAEFIK_LEGACY_OPT="--providers.file.directory=/etc/traefik"
\ No newline at end of file
diff --git a/dev/forward-to-legacy-nginx.yaml b/dev/forward-to-legacy-nginx.yaml
deleted file mode 100644
index 4da1e72..0000000
--- a/dev/forward-to-legacy-nginx.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-# ./traefik/forward-to-legacy-nginx.yaml
-
-tcp:
-  routers:
-    # Router for HTTPS (Passthrough)
-    nginx-legacy-router-secure:
-      rule: "HostSNI(`*`)"
-      service: nginx-legacy-service-secure
-      # Passthrough must be true for SSL to reach Nginx encrypted
-      tls:
-        passthrough: true
-      priority: 10
-      entryPoints:
-        - "https"
-
-  services:
-    # Service defining the external IP
-    nginx-legacy-service-secure:
-      loadBalancer:
-        servers:
-          # This is the actual external IP and Port of your Nginx
-          - address: "webserver:443"
-
-http:
-  routers:
-    # 1. TRAEFIK-MANAGED ACME HANDLER (Removed manual router)
-    traefik-acme-handler:
-      rule: "Host(`test-whoami.kovagoadi.hu`) && PathPrefix(`/.well-known/acme-challenge/`)"
-      entryPoints:
-        - "web"
-      service: "acme-http@internal" # This is the internal service name
-      priority: 1000                # High priority to ensure it wins
-
-    # 2. THE HTTP CATCH-ALL (Sends other ACME and HTTP to Nginx)
-    nginx-legacy-router:
-      rule: "HostRegexp(`^.+$`)"
-      service: nginx-legacy-service
-      # Low priority ensures specific containers are handled first, but before the default acme-handler
-      priority: 90
-      entryPoints:
-        - "web"
-
-  services:
-    nginx-legacy-service:
-      loadBalancer:
-        servers:
-          - url: "http://webserver:80"
\ No newline at end of file
diff --git a/dev/route-to-staging-dev.yaml b/dev/route-to-staging-dev.yaml
deleted file mode 100644
index fd12671..0000000
--- a/dev/route-to-staging-dev.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-http:
-  routers:
-    # Router for HTTP (Port 80)
-    staging:
-      rule: "HostRegexp(`^.+\\.staging\\.kovagoadi\\.hu$`) || HostRegexp(`^.+\\.dev\\.kovagoadi\\.hu$`)"
-      entryPoints:
-        - "web"
-      service: "dev-staging"
-      priority: 1000
-  services:
-    dev-staging:
-      loadBalancer:
-        servers:
-          - url: "http://staging:8080"
-
-tcp:
-  routers:
-    # Router for HTTPS (Passthrough)
-    dev-staging-secure:
-      rule: "HostSNIRegexp(`^.+\\.staging\\.kovagoadi\\.hu$`) || HostSNIRegexp(`^.+\\.dev\\.kovagoadi\\.hu$`)"
-      service: "dev-staging-secure"
-      # Passthrough must be true for SSL to reach Nginx encrypted
-      tls:
-        passthrough: true
-      priority: 1000
-      entryPoints:
-        - "https"
-  services:  
-    dev-staging-secure:
-      loadBalancer:
-        servers:
-          # Note: Ensure Traefik trusts the cert at .85 or set insecureSkipVerify
-          - address: "staging:445"
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 49211ec..40a62b8 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -6,7 +6,6 @@ services:
       - no-new-privileges:true
     networks:
       - proxy
-      - legacy-nginx
     command:
       - "--log.level=DEBUG"
       - "--providers.docker=true"
@@ -53,8 +52,5 @@ services:
       - traefik.http.routers.https.tls.certresolver=letsencrypt
 networks:
   proxy:
-  legacy-nginx:
-    name: proxy
-    external: true
 volumes:
   letsencrypt:
\ No newline at end of file
diff --git a/prod/route-to-staging-dev.yaml b/prod/route-to-staging-dev.yaml
index 1fa3382..fd12671 100644
--- a/prod/route-to-staging-dev.yaml
+++ b/prod/route-to-staging-dev.yaml
@@ -2,29 +2,32 @@ http:
   routers:
     # Router for HTTP (Port 80)
     staging:
-      rule: "HostRegexp({subdomain:.+}.staging.kovagoadi.hu`) || Host(`staging.kovagoadi.hu`) || Host(`dev.kovagoadi.hu`)"
+      rule: "HostRegexp(`^.+\\.staging\\.kovagoadi\\.hu$`) || HostRegexp(`^.+\\.dev\\.kovagoadi\\.hu$`)"
       entryPoints:
         - "web"
       service: "dev-staging"
-      priority: 1_000_000
-
-    # Router for HTTPS (Port 443)
-    staging-secure:
-      rule: "Host(`staging.kovagoadi.hu`) || Host(`dev.kovagoadi.hu`)"
-      entryPoints:
-        - "https"
-      service: "dev-staging-secure"
-      priority: 100
-      tls: {} # <--- This enables TLS for this router
-
+      priority: 1000
   services:
     dev-staging:
       loadBalancer:
         servers:
-          - url: "http://192.168.1.85:8080"
-          
+          - url: "http://staging:8080"
+
+tcp:
+  routers:
+    # Router for HTTPS (Passthrough)
+    dev-staging-secure:
+      rule: "HostSNIRegexp(`^.+\\.staging\\.kovagoadi\\.hu$`) || HostSNIRegexp(`^.+\\.dev\\.kovagoadi\\.hu$`)"
+      service: "dev-staging-secure"
+      # Passthrough must be true for SSL to reach Nginx encrypted
+      tls:
+        passthrough: true
+      priority: 1000
+      entryPoints:
+        - "https"
+  services:  
     dev-staging-secure:
       loadBalancer:
         servers:
           # Note: Ensure Traefik trusts the cert at .85 or set insecureSkipVerify
-          - url: "https://192.168.1.85:445"
\ No newline at end of file
+          - address: "staging:445"
\ No newline at end of file