diff --git a/.gitea/workflows/build-and-deploy.yml b/.gitea/workflows/build-and-deploy.yml
index 880b6ec..675de34 100644
--- a/.gitea/workflows/build-and-deploy.yml
+++ b/.gitea/workflows/build-and-deploy.yml
@@ -10,6 +10,7 @@ jobs:
     env:
       APP_NAME: ${{ vars.APP_NAME }}
       APP_DOMAIN: ${{ vars.APP_DOMAIN }}
+      MESH_AGENTS_DOMAIN: ${{ vars.MESH_AGENTS_DOMAIN }}
       MESH_PORT: ${{ vars.MESH_PORT }}
       # Authentik OIDC configuration
       AUTHENTIK_ISSUER: ${{ vars.AUTHENTIK_ISSUER }}
diff --git a/docker-compose.yml b/docker-compose.yml
index afcc7ec..088b42a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -81,7 +81,7 @@ services:
       # y verán el certificado SSL de MeshCentral (no el de Traefik)
 
       # TCP Router - SNI routing para subdominio de agentes
-      - "traefik.tcp.routers.${APP_NAME}-agents-tcp.rule=HostSNI(`mesh-agents.${APP_DOMAIN#*.}`)"
+      - "traefik.tcp.routers.${APP_NAME}-agents-tcp.rule=HostSNI(`${MESH_AGENTS_DOMAIN}`)"
       - "traefik.tcp.routers.${APP_NAME}-agents-tcp.entrypoints=websecure"
       - "traefik.tcp.routers.${APP_NAME}-agents-tcp.tls.passthrough=true"
       - "traefik.tcp.routers.${APP_NAME}-agents-tcp.service=${APP_NAME}-tcp"