From bc665e4649d36690563d991e8c81b9cbf823b75b Mon Sep 17 00:00:00 2001
From: kovagoadi <kovagoadi@gmail.com>
Date: Sat, 20 Dec 2025 14:56:01 +0100
Subject: [PATCH] Configured some changes

---
 dev/forward-to-legacy-nginx.yaml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/dev/forward-to-legacy-nginx.yaml b/dev/forward-to-legacy-nginx.yaml
index 7ec78ce..49e50d2 100644
--- a/dev/forward-to-legacy-nginx.yaml
+++ b/dev/forward-to-legacy-nginx.yaml
@@ -2,12 +2,11 @@
 
 tcp:
   routers:
-    # Router for LEGACY HTTPS (Passthrough)
+    # Router for HTTPS (Passthrough)
     nginx-legacy-router-secure:
-      # DO NOT use "*". List the domains that Nginx manages itself.
-      # If you use "*", Traefik's own HTTPS domains will not work.
-      rule: "HostSNI(`excali.kovagoadi.hu`) || HostSNI(`another-legacy.hu`)"
+      rule: "HostSNI(`*`)"
       service: nginx-legacy-service-secure
+      # Passthrough must be true for SSL to reach Nginx encrypted
       tls:
         passthrough: true
       priority: 10
@@ -15,9 +14,11 @@ tcp:
         - "https"
 
   services:
+    # Service defining the external IP
     nginx-legacy-service-secure:
       loadBalancer:
         servers:
+          # This is the actual external IP and Port of your Nginx
           - address: "webserver:443"
 
 http:
@@ -34,9 +35,10 @@ http:
     nginx-legacy-router:
       rule: "HostRegexp(`^.+$`)"
       service: nginx-legacy-service
+      # Low priority ensures specific containers are handled first, but before the default acme-handler
+      priority: 90
       entryPoints:
         - "web"
-      priority: 90
 
   services:
     nginx-legacy-service: