502 Error with application grocy

Hello together,

I'm new to traefik, letsencrypt and all this stuff. I need your help. I have a small setup with docker, 3 services: I have no problems with 2 services (which are homeassistant and traefic) but with grocy I get a 502 error. The Labels I use are most identical. With loglevel debug I can see a "connection refused" from 172.18.0.3 which is the grocy service.

Here my docker-compose.yaml:

version: "3.8"
services:
  homeassistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:latest
    volumes:
      - "homeassistant:/config"
      - "/etc/localtime:/etc/localtime:ro"
    network_mode: host
    devices:
      - "/dev/ttyACM0:/dev/ttyACM0"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homeassistant.entrypoints=http"
      - "traefik.http.routers.homeassistant.rule=Host(`homeassistant.xxx.duckdns.org`)"
      - "traefik.http.middlewares.homeassistant-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.homeassistant.middlewares=homeassistant-https-redirect"
      - "traefik.http.routers.homeassistant-secure.entrypoints=https"
      - "traefik.http.routers.homeassistant-secure.rule=Host(`homeassistant.xxx.duckdns.org`)"
      - "traefik.http.routers.homeassistant-secure.tls=true"
      - "traefik.http.routers.homeassistant-secure.tls.certresolver=http"
      - "traefik.http.routers.homeassistant-secure.service=homeassistant"
      - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
      - "traefik.docker.network=proxy"


  hass-configurator:
    container_name: hass-configurator
    image: causticlab/hass-configurator-docker:x86_64
    volumes:
      - "hass-configurator:/config"
      - "homeassistant:/hass-config"
    networks:
      - smarthome-frontend
    ports:
      - "3218:3218"
    restart: unless-stopped

  traefik:
    container_name: traefik
    image: traefik:2.4.8
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
# Mist, fuktioniert irgendwie nicht mit Named Volumes
      - "/smarthome/traefik/data/traefik.yaml:/traefik.yml:ro"
      - "/smarthome/traefik/data/dynamic_conf.yaml:/dynamic_conf.yml"
      - "/smarthome/traefik/data/acme.json:/acme.json"
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    extra_hosts:
      - "host.docker.internal:172.17.0.1"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.xxx.duckdns.org`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=lotse:$$apr1$$98SlGN.d$$k2LCyn9r8k0uj3iLnvydI."
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.xxx.duckdns.org`)"
      - "traefik.http.routers.traefik-secure.middlewares=secHeaders@file,traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "providers.file.filename=/dynamic_conf.yml"

  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: always
    ports:
      - 9000:9000
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "portainer_data:/data"

  grocy:
    image: ghcr.io/linuxserver/grocy:amd64-latest
    container_name: grocy
    volumes:
      - "grocy:/config"
    networks:
      - proxy
    ports:
      - 9283:80
    environment:
      - "TZ=Europe/Berlin"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grocy.entrypoints=http"
      - "traefik.http.routers.grocy.rule=Host(`grocy.xxx.duckdns.org`)"
      - "traefik.http.middlewares.grocy-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.grocy.middlewares=grocy-https-redirect"
      - "traefik.http.routers.grocy-secure.entrypoints=https"
      - "traefik.http.routers.grocy-secure.rule=Host(`grocy.xxx.duckdns.org`)"
      - "traefik.http.routers.grocy-secure.tls=true"
      - "traefik.http.routers.grocy-secure.tls.certresolver=http"
      - "traefik.http.routers.grocy-secure.service=grocy"
      - "traefik.http.services.grocy.loadbalancer.server.port=9283"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.grocy.loadbalancer.server.scheme=http"

volumes:
  homeassistant:
  hass-configurator:
  portainer_data:
  grocy:

networks:
  smarthome-frontend:
  proxy:
    external: true

My traefik.yaml:

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: "./dynamic_conf.yml"

certificatesResolvers:
  http:
    acme:
      email: xxx@gmail.com
      storage: acme.json
      httpChallenge:
        entryPoint: http

# log:
#  level: DEBUG

and the dynamic_conf.yaml:

tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
      sniStrict: true
http:
  middlewares:
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        sslRedirect: true
        #HSTS Configuration
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customFrameOptionsValue: "SAMEORIGIN"

What do i wrong here?
TIA for your help.