Fix minvid.f3s.buetow.org TLS certificate generation and routing

- acme.sh: Change grep from exact match to prefix match for f3s hosts
  Server blocks for f3s hosts use -port80/-port8080 suffixes

- relayd: Add explicit routing for f3s hosts (except registry/jellyfin)
  minvid and other f3s hosts now route to <f3s> backend table

Amp-Thread-ID: https://ampcode.com/threads/T-019c14ac-164f-776f-8648-471d4ac4ce5a
Co-authored-by: Amp <amp@ampcode.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl
index 5c53df3..8c33dcf 100644
--- a/frontends/etc/relayd.conf.tpl
+++ b/frontends/etc/relayd.conf.tpl
@@ -65,6 +65,7 @@ http protocol "https" {
 
     # For f3s hosts: use relay-level failover (f3s -> localhost backup)
     # Registry is special: needs explicit routing to port 30001
+    # Jellyfin uses NodePorts (bypasses Traefik)
     <% for my $host (@$f3s_hosts) {
           for my $prefix (@prefixes) {
               if ($host eq 'registry.f3s.buetow.org') {
@@ -73,6 +74,9 @@ http protocol "https" {
     <%         } elsif ($host eq 'jellyfin.f3s.buetow.org') {
     -%>
     match request header "Host" value "<%= $prefix.$host -%>" forward to <f3s_jellyfin>
+    <%         } else {
+    -%>
+    match request header "Host" value "<%= $prefix.$host -%>" forward to <f3s>
     <%         }
           }
     } -%>
diff --git a/frontends/scripts/acme.sh.tpl b/frontends/scripts/acme.sh.tpl
index b3301fa..cd6e4cc 100644
--- a/frontends/scripts/acme.sh.tpl
+++ b/frontends/scripts/acme.sh.tpl
@@ -20,7 +20,8 @@ handle_cert () {
     host=$1
     host_ip=`host $host | awk '/has address/ { print $(NF) }'`
 
-    grep -q "^server \"$host\"" /etc/httpd.conf
+    # Check for server block, accounting for f3s hosts which have -port80/-port8080 suffixes
+    grep -q "^server \"$host" /etc/httpd.conf
     if [ $? -ne 0 ]; then
         echo "Host $host not configured in httpd, skipping..."
         return