From e894d4bd075f6f8ac46f0a6334e6f25dd1be9e28 Mon Sep 17 00:00:00 2001
From: kovagoadi <kovagoadi@gmail.com>
Date: Tue, 25 Nov 2025 15:02:55 +0100
Subject: [PATCH] Commit changes

---
 docker-compose.yaml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index d69a564..e1db4fb 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -41,5 +41,49 @@ services:
       - traefik.http.routers.https.entrypoints=https
       - traefik.http.routers.https.tls=true
       - traefik.http.routers.https.tls.certresolver=letsencrypt
+  catchall-shim:
+    image: traefik/whoami
+    labels:
+      - "traefik.enable=true"
+
+      # -------------------------------------------------------
+      # 1. HTTPS Handling (TCP Passthrough) -> Port 443
+      # -------------------------------------------------------
+
+      # Use a TCP Router for Port 443
+      - "traefik.tcp.routers.catchall-https.entrypoints=https"
+
+      # Match Any Domain (Wildcard SNI)
+      - "traefik.tcp.routers.catchall-https.rule=HostSNI(`*`)"
+
+      # CRITICAL: Passthrough = true
+      # Traefik will NOT decrypt. It passes the encrypted stream to Nginx.
+      - "traefik.tcp.routers.catchall-https.tls.passthrough=true"
+
+      # Low priority so other specific routes in Traefik override this
+      # - "traefik.tcp.routers.catchall-https.priority=1"
+
+      # Point to the Nginx service
+      - "traefik.tcp.routers.catchall-https.service=nginx-backend-secure"
+
+      # Define the destination IP for HTTPS (Note: 'server.address', not 'url')
+      # Replace 192.168.1.100 with your Nginx IP
+      - "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.address=192.168.1.85:443"
+      - "env=${ENV}"
+
+
+      # -------------------------------------------------------
+      # 2. HTTP Handling (Standard Proxy) -> Port 80
+      # -------------------------------------------------------
+      # Since HTTP is unencrypted, we can use a standard HTTP router.
+      # This forwards the request to Nginx port 80 (for Certbot challenges/redirects).
+
+      - "traefik.http.routers.catchall-http.entrypoints=web"
+      - "traefik.http.routers.catchall-http.rule=PathPrefix(`/`)"
+      # - "traefik.http.routers.catchall-http.priority=1"
+      - "traefik.http.routers.catchall-http.service=nginx-backend-plain"
+
+      # Define the destination IP for HTTP
+      - "traefik.http.services.nginx-backend-plain.loadbalancer.server.url=http://192.168.1.85:80"
 networks:
   proxy: