From f3951295ac212c484d6daf1057364ee3fb31d201 Mon Sep 17 00:00:00 2001
From: poduck <poduck@gmail.com>
Date: Wed, 3 Dec 2025 17:34:41 -0500
Subject: [PATCH] fix(traefik): Remove conflicting TCP router for subdomain
 handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The TCP router was intercepting wildcard subdomain traffic at the TCP layer
and sending it directly to nginx:80, bypassing HTTP routing entirely.
This caused 404 errors because nginx wasn't receiving proper HTTP routing.

Now relying on:
- TLS store's defaultGeneratedCert for wildcard certificate
- HTTP HostRegexp router for subdomain routing to nginx

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../compose/production/traefik/traefik.yml    | 23 -------------------
 1 file changed, 23 deletions(-)

diff --git a/smoothschedule/compose/production/traefik/traefik.yml b/smoothschedule/compose/production/traefik/traefik.yml
index 2f901b1..444fb49 100644
--- a/smoothschedule/compose/production/traefik/traefik.yml
+++ b/smoothschedule/compose/production/traefik/traefik.yml
@@ -53,29 +53,6 @@ tls:
           sans:
             - "*.smoothschedule.com"
 
-tcp:
-  routers:
-    # Catch-all for tenant subdomains at TLS layer
-    # This matches any subdomain that isn't handled by specific HTTP routers
-    subdomain-sni-router:
-      rule: 'HostSNIRegexp(`.*\\.smoothschedule\\.com`)'
-      entryPoints:
-        - web-secure
-      service: nginx-tcp
-      tls:
-        passthrough: false
-        certResolver: letsencrypt-dns
-        domains:
-          - main: "smoothschedule.com"
-            sans:
-              - "*.smoothschedule.com"
-
-  services:
-    nginx-tcp:
-      loadBalancer:
-        servers:
-          - address: "nginx:80"
-
 http:
   routers:
     # Main domain and www