From 860f4333e12f8c6902f094a69d1ab7b8ae7f730c Mon Sep 17 00:00:00 2001
From: kovagoadi <kovagoadi@gmail.com>
Date: Fri, 19 Dec 2025 19:53:51 +0100
Subject: [PATCH] Testing new config

---
 dev/forward-to-legacy-nginx.yaml | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/dev/forward-to-legacy-nginx.yaml b/dev/forward-to-legacy-nginx.yaml
index e184fe0..78134c1 100644
--- a/dev/forward-to-legacy-nginx.yaml
+++ b/dev/forward-to-legacy-nginx.yaml
@@ -1,5 +1,10 @@
 # ./traefik/forward-to-legacy-nginx.yaml
 
+entryPoints:
+  web:
+    # Essential: Allows your routers to intercept /.well-known/acme-challenge/
+    allowACMEByPass: true
+
 tcp:
   routers:
     # Router for HTTPS (Passthrough)
@@ -23,14 +28,24 @@ tcp:
 
 http:
   routers:
-    # Router for HTTP
+    # 1. ROUTE FOR TRAEFIK-MANAGED DOMAINS
+    # For domains Traefik should handle, send challenges to the internal ACME service.
+    traefik-acme-handler:
+      rule: "Host(`test-whoami.kovagoadi.hu`) && PathPrefix(`/.well-known/acme-challenge/`)"
+      entryPoints:
+        - "web"
+      service: "acme-http@internal" # This is the internal service name
+      priority: 1000                # High priority to ensure it wins
+
+    # 2. THE CATCH-ALL ROUTER (LEGACY)
+    # This remains your broad catch-all. Since it has lower priority,
+    # the one above handles the Traefik domains, and everything else hits this.
     nginx-legacy-router:
       rule: "HostRegexp(`^.+$`)"
       service: nginx-legacy-service
-      # Low priority ensures specific containers are handled first
-      priority: 1
       entryPoints:
         - "web"
+      priority: 1  # Will catch ACME for any domain NOT listed in the handler above
 
   services:
     nginx-legacy-service: