apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: axion-apex-tls
  namespace: matrix
spec:
  secretName: axion-apex-tls
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
    - axion1337.chat
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: axion-apex
  namespace: matrix
spec:
  entryPoints: [websecure]
  tls:
    secretName: axion-apex-tls
  routes:
    # Höchste Priorität: /.well-known/matrix/* -> wellKnownDelegation-Service
    - match: Host(`axion1337.chat`) && PathPrefix(`/.well-known/matrix`)
      kind: Rule
      priority: 100
      services:
        - name: matrix-stack-well-known
          port: 8010
    # Niedrigere Priorität: alles andere -> Element Web
    - match: Host(`axion1337.chat`)
      kind: Rule
      priority: 10
      services:
        - name: matrix-stack-element-web
          port: 80