From e333ed38a074ebc27e3f895754928ebd50bdd9d6 Mon Sep 17 00:00:00 2001
From: kovagoadi <kovagoadi@gmail.com>
Date: Fri, 19 Dec 2025 22:18:45 +0100
Subject: [PATCH] Testing thsi out

---
 dev/forward-to-legacy-nginx.yaml | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/dev/forward-to-legacy-nginx.yaml b/dev/forward-to-legacy-nginx.yaml
index 399dcf9..1c456bf 100644
--- a/dev/forward-to-legacy-nginx.yaml
+++ b/dev/forward-to-legacy-nginx.yaml
@@ -19,11 +19,12 @@
 
 tcp:
   routers:
-    # Router for HTTPS (Passthrough)
+    # Router for LEGACY HTTPS (Passthrough)
     nginx-legacy-router-secure:
-      rule: "HostSNI(`*`)"
+      # DO NOT use "*". List the domains that Nginx manages itself.
+      # If you use "*", Traefik's own HTTPS domains will not work.
+      rule: "HostSNI(`excali.kovagoadi.hu`, `another-legacy.hu`)"
       service: nginx-legacy-service-secure
-      # Passthrough must be true for SSL to reach Nginx encrypted
       tls:
         passthrough: true
       priority: 1
@@ -31,34 +32,28 @@ tcp:
         - "https"
 
   services:
-    # Service defining the external IP
     nginx-legacy-service-secure:
       loadBalancer:
         servers:
-          # This is the actual external IP and Port of your Nginx
           - address: "webserver:443"
 
 http:
   routers:
-    # 1. ROUTE FOR TRAEFIK-MANAGED DOMAINS
-    # For domains Traefik should handle, send challenges to the internal ACME service.
+    # 1. TRAEFIK-MANAGED ACME HANDLER
     traefik-acme-handler:
       rule: "Host(`test-whoami.dev.kovagoadi.hu`) && PathPrefix(`/.well-known/acme-challenge/`)"
       entryPoints:
         - "web"
-      service: "acme-http@internal" # This is the internal service name
-      priority: 1000                # High priority to ensure it wins
+      service: "acme-http@internal"
+      priority: 1000
 
-    # 2. THE CATCH-ALL ROUTER (LEGACY)
-    # This remains your broad catch-all. Since it has lower priority,
-    # the one above handles the Traefik domains, and everything else hits this.
+    # 2. THE HTTP CATCH-ALL (Sends other ACME and HTTP to Nginx)
     nginx-legacy-router:
       rule: "HostRegexp(`^.+$`)"
       service: nginx-legacy-service
       entryPoints:
         - "web"
-      priority: 1  # Will catch ACME for any domain NOT listed in the handler above
-
+      priority: 1 
 
   services:
     nginx-legacy-service: