From d535301b8b0b368afa1bdab468ba57fd2990f165 Mon Sep 17 00:00:00 2001
From: kovagoadi <kovagoadi@gmail.com>
Date: Sat, 20 Dec 2025 14:58:45 +0100
Subject: [PATCH] Modified prod file

---
 prod/forward-to-legacy-nginx.yaml | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/prod/forward-to-legacy-nginx.yaml b/prod/forward-to-legacy-nginx.yaml
index e184fe0..49e50d2 100644
--- a/prod/forward-to-legacy-nginx.yaml
+++ b/prod/forward-to-legacy-nginx.yaml
@@ -9,7 +9,7 @@ tcp:
       # Passthrough must be true for SSL to reach Nginx encrypted
       tls:
         passthrough: true
-      priority: 1
+      priority: 10
       entryPoints:
         - "https"
 
@@ -23,12 +23,20 @@ tcp:
 
 http:
   routers:
-    # Router for HTTP
+    # 1. TRAEFIK-MANAGED ACME HANDLER (Removed manual router)
+    traefik-acme-handler:
+      rule: "Host(`test-whoami.dev.kovagoadi.hu`) && PathPrefix(`/.well-known/acme-challenge/`)"
+      entryPoints:
+        - "web"
+      service: "acme-http@internal" # This is the internal service name
+      priority: 1000                # High priority to ensure it wins
+
+    # 2. THE HTTP CATCH-ALL (Sends other ACME and HTTP to Nginx)
     nginx-legacy-router:
       rule: "HostRegexp(`^.+$`)"
       service: nginx-legacy-service
-      # Low priority ensures specific containers are handled first
-      priority: 1
+      # Low priority ensures specific containers are handled first, but before the default acme-handler
+      priority: 90
       entryPoints:
         - "web"