File provider router: path match works, but does not go to the interal url with the path

Any home lab nerd can likely recognize this scenario.

I have node-red running in my network and the

• https://node-red/ url goes to the editor, which I do NOT want exposed
• https://node-red/ui url goes to the dashboard that I do want exposed.

So I created a file provider route that looks like this:

http:
  routers:
    nodered-router:
      rule: "Host(`nr.my.domain`) && PathPrefix(`/ui`)"
      service: nodered-service
      priority: 1000
      entryPoints:
        - websecure
      tls:
        certResolver: production
      middlewares:
        - authentik@file

  services:
    nodered-service:
      loadBalancer:
        servers:
        - url: "http://192.168.1.167:1880/ui/"

So, this kind of works the way I want. If anyone goes to the url ending in /ui they get in. Any other path gets a bad gateway. Minimally ok.

Better I would like to take any external inbounds to any path and just route internally to the http://192.168.1.167:1880/ui/ url.

http:
  routers:
    nodered-router:
      rule: "Host(`nr.my.domain`) 
      service: nodered-service
      priority: 1000
      entryPoints:
        - websecure
      tls:
        certResolver: production
      middlewares:
        - authentik@file

  services:
    nodered-service:
      loadBalancer:
        servers:
        - url: "http://192.168.1.167:1880/ui/"

This I cannot get to work. This attempt is not doing what I expect. Why are connections not trapping all url/path hits and sending them to the specific http://192.168.1.167:1880/ui/

loadbalancer.servers.url does only take protocol, domain and port, not the path.

In http protocol, the host and path are separate. You can use middleware to change the path.

Note that most GUI web apps don’t like path manipulation, as they usually load dependencies with full path (like /static/script.js).

Thank you @bluepuma77

Does this look right? OIDC Auth first then redirect any path to the /UI path?

    nodered-router:
      rule: "Host(`my.domain`)"
      service: nodered-service
      priority: 1000
      entryPoints:
        - websecure
      tls:
        certResolver: production
      middlewares:
        authentik@file
        test-redirectregex:
          redirectRegex:
            regex: "^https://my.domain/(.*)"
            replacement: "https://my.domain/ui"

I am still getting used to the various yaml formats.

It was originally this, but can I do away with the list dash?

    nodered-router:
      rule: "Host(`gate.704clinton.place`) && PathPrefix(`/ui`)"
      service: nodered-service
      priority: 1000
      entryPoints:
        - websecure
      tls:
        certResolver: production
      middlewares:
        - authentik@file