feat(domain-handling): enhance custom entry point handling in AddDomain component

- Added logic to conditionally set the custom entry point based on the useCustomEntrypoint flag.
- Updated the onCheckedChange handler to clear the custom entry point value when the switch is turned off, improving form state management.

packages/server/src/utils/docker/domain.ts

@@ -279,38 +279,44 @@ export const createDomainLabels = (
 
 	// Collect middlewares for this router
 	const middlewares: string[] = [];
+	const isRedirectRouter = entrypoint === "web" && https && !customEntrypoint;
 
-	// Add HTTPS redirect for web entrypoint (must be first)
-	if (entrypoint === "web" && https) {
+	// Web router with HTTPS only needs redirect — all other middlewares
+	// run on the websecure router where the request actually lands.
+	if (isRedirectRouter) {
 		middlewares.push("redirect-to-https@file");
 	}
 
 	// Add stripPath middleware if needed
 	if (stripPath && path && path !== "/") {
 		const middlewareName = `stripprefix-${appName}-${uniqueConfigKey}`;
-		// Only define middleware once (on web entrypoint)
+		// Define middleware on web (or custom) entrypoint so Traefik registers it
 		if (entrypoint === "web" || customEntrypoint) {
 			labels.push(
 				`traefik.http.middlewares.${middlewareName}.stripprefix.prefixes=${path}`,
 			);
 		}
-		middlewares.push(middlewareName);
+		if (!isRedirectRouter) {
+			middlewares.push(middlewareName);
+		}
 	}
 
 	// Add internalPath middleware if needed
 	if (internalPath && internalPath !== "/" && internalPath.startsWith("/")) {
 		const middlewareName = `addprefix-${appName}-${uniqueConfigKey}`;
-		// Only define middleware once (on web entrypoint)
+		// Define middleware on web (or custom) entrypoint so Traefik registers it
 		if (entrypoint === "web" || customEntrypoint) {
 			labels.push(
 				`traefik.http.middlewares.${middlewareName}.addprefix.prefix=${internalPath}`,
 			);
 		}
-		middlewares.push(middlewareName);
+		if (!isRedirectRouter) {
+			middlewares.push(middlewareName);
+		}
 	}
 
-	// Add custom middlewares
-	if (domain.middlewares?.length) {
+	// Add custom middlewares (skip for redirect-only router)
+	if (!isRedirectRouter && domain.middlewares?.length) {
 		middlewares.push(...domain.middlewares);
 	}
 

packages/server/src/utils/traefik/domain.ts

@@ -143,22 +143,24 @@ export const createRouterConfig = async (
 		entryPoints: [entryPoint],
 	};
 
-	// Add path rewriting middleware if needed
-	if (internalPath && internalPath !== "/" && internalPath !== path) {
-		const pathMiddleware = `addprefix-${appName}-${uniqueConfigKey}`;
-		routerConfig.middlewares?.push(pathMiddleware);
-	}
+	const isRedirectRouter = entryPoint === "web" && https && !customEntrypoint;
 
-	if (stripPath && path && path !== "/") {
-		const stripMiddleware = `stripprefix-${appName}-${uniqueConfigKey}`;
-		routerConfig.middlewares?.push(stripMiddleware);
-	}
+	// Web router with HTTPS only needs redirect — all other middlewares
+	// run on the websecure router where the request actually lands.
+	if (isRedirectRouter) {
+		routerConfig.middlewares?.push("redirect-to-https");
+	} else {
+		// Add path rewriting middleware if needed
+		if (internalPath && internalPath !== "/" && internalPath !== path) {
+			const pathMiddleware = `addprefix-${appName}-${uniqueConfigKey}`;
+			routerConfig.middlewares?.push(pathMiddleware);
+		}
 
-	if (entryPoint === "web" && https) {
-		routerConfig.middlewares?.unshift("redirect-to-https");
-	}
+		if (stripPath && path && path !== "/") {
+			const stripMiddleware = `stripprefix-${appName}-${uniqueConfigKey}`;
+			routerConfig.middlewares?.push(stripMiddleware);
+		}
 
-	if ((entryPoint === "websecure" && https) || !https) {
 		// redirects - skip for preview deployments as wildcard subdomains
 		// should not inherit parent redirect rules (e.g., www-redirect)
 		if (domain.domainType !== "preview") {