diff --git a/dev.env b/dev.env
index ba68bc5..7c085dd 100644
--- a/dev.env
+++ b/dev.env
@@ -1,6 +1,6 @@
 PORT=898
 HTTPS_PORT=446
-ENV=prod
+ENV=dev
 NETWORK_NAME=proxy
 CERTBOT_CA_RESOLVER=https://acme-staging-v02.api.letsencrypt.org/directory
 DOMAIN=dev.kovagoadi.hu
diff --git a/dev/forward-to-legacy-nginx.yaml b/dev/forward-to-legacy-nginx.yaml
new file mode 100644
index 0000000..ae38952
--- /dev/null
+++ b/dev/forward-to-legacy-nginx.yaml
@@ -0,0 +1,47 @@
+# ./traefik/forward-to-legacy-nginx.yaml
+
+tcp:
+  routers:
+    # Router for HTTPS (Passthrough)
+    nginx-legacy-router-secure:
+      rule: "HostSNI(`tar.kovagoadi.hu`)"
+      service: nginx-legacy-service-secure
+      # Passthrough must be true for SSL to reach Nginx encrypted
+      tls:
+        passthrough: true
+      priority: 10
+      entryPoints:
+        - "https"
+
+  services:
+    # Service defining the external IP
+    nginx-legacy-service-secure:
+      loadBalancer:
+        servers:
+          # This is the actual external IP and Port of your Nginx
+          - address: "webserver:443"
+
+http:
+  routers:
+    # 1. TRAEFIK-MANAGED ACME HANDLER (Removed manual router)
+    traefik-acme-handler:
+      rule: "Host(`test-whoami.kovagoadi.hu`) && PathPrefix(`/.well-known/acme-challenge/`)"
+      entryPoints:
+        - "web"
+      service: "acme-http@internal" # This is the internal service name
+      priority: 1000                # High priority to ensure it wins
+
+    # 2. THE HTTP CATCH-ALL (Sends other ACME and HTTP to Nginx)
+    nginx-legacy-router:
+      rule: "HostRegexp(`^.+$`)"
+      service: nginx-legacy-service
+      # Low priority ensures specific containers are handled first, but before the default acme-handler
+      priority: 90
+      entryPoints:
+        - "web"
+
+  services:
+    nginx-legacy-service:
+      loadBalancer:
+        servers:
+          - url: "http://webserver:80"
\ No newline at end of file
diff --git a/dev/route-to-staging-dev.yaml b/dev/route-to-staging-dev.yaml
new file mode 100644
index 0000000..0bacc74
--- /dev/null
+++ b/dev/route-to-staging-dev.yaml
@@ -0,0 +1,30 @@
+http:
+  routers:
+    # Router for HTTP (Port 80)
+    staging:
+      rule: "Host(`staging.kovagoadi.hu`) || Host(`dev.kovagoadi.hu`)"
+      entryPoints:
+        - "web"
+      service: "dev-staging"
+      priority: 1_000_000
+
+    # Router for HTTPS (Port 443)
+    staging-secure:
+      rule: "Host(`staging.kovagoadi.hu`) || Host(`dev.kovagoadi.hu`)"
+      entryPoints:
+        - "https"
+      service: "dev-staging-secure"
+      priority: 100
+      tls: {} # <--- This enables TLS for this router
+
+  services:
+    dev-staging:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.1.85:8080"
+          
+    dev-staging-secure:
+      loadBalancer:
+        servers:
+          # Note: Ensure Traefik trusts the cert at .85 or set insecureSkipVerify
+          - url: "https://192.168.1.85:445"
\ No newline at end of file
diff --git a/prod/forward-to-legacy-nginx.yaml b/prod/forward-to-legacy-nginx.yaml
index ae38952..4da1e72 100644
--- a/prod/forward-to-legacy-nginx.yaml
+++ b/prod/forward-to-legacy-nginx.yaml
@@ -4,7 +4,7 @@ tcp:
   routers:
     # Router for HTTPS (Passthrough)
     nginx-legacy-router-secure:
-      rule: "HostSNI(`tar.kovagoadi.hu`)"
+      rule: "HostSNI(`*`)"
       service: nginx-legacy-service-secure
       # Passthrough must be true for SSL to reach Nginx encrypted
       tls: