I am still trying to resolve this and so far, on the dashboard, the container and subdomain show up has having TLS turned on, but it still returns an invalid certificate.
The way I got it to work was by using the file config. It has two servers configured, the HomeAssistant one is working, but the video-conference one is not.
[http]
[http.routers]
[http.routers.homeassistant]
entryPoints = ["https"]
rule = "Host(`home.domain.tld`)"
service = "homeassistant"
[http.routers.homeassistant.tls]
[http.routers.meet]
entryPoints = ["https"]
rule = "Host(`meet.domain.tld`)"
service = "meet"
[http.routers.meet.tls]
[http.services]
[http.services.homeassistant]
[[http.services.homeassistant.loadBalancer.servers]]
url = "http://192.168.1.10:8123"
passHostHeader = true
[http.services.meet]
[[http.services.meet.loadBalancer.servers]]
url = "http://192.168.1.10:8000"
passHostHeader = true
[tcp.services.homeassistant]
[[tcp.services.homeassistant.loadBalancer.servers]]
url = "http://192.168.1.10:8123"
passHostHeader = true
[tcp.services.meet]
[[tcp.services.meet.loadBalancer.servers]]
url = "https://192.168.1.10:8443"
passHostHeader = true
[http.middlewares]
[http.middlewares.homeassistant]
browserXSSFilter = true
contentTypeNosniff = true
forceSTSHeader = true
SSLHost = "domain.tld"
SSLRedirect = true
STSIncludeSubdomains = true
STSPreload = true
STSSeconds = 315360000
[http.middlewares.homeassistant.headers]
FrameDeny = true
SSLRedirect = true
# CORS
accessControlAllowMethods = ["GET", "OPTIONS", "PUT", "POST"]
accessControlAllowOrigin = '*'
accessControlAllowHeaders = ['DNT','User-Agent','X-Requested-With','If-Modified-Since','Cache-Control','Content-Type','Range']
accessControlExposeHeaders = ["Content-Length","Content-Range"]
accessControlAllowCredentials = true
accessControlMaxAge = 100
addVaryHeader = true
[http.middlewares.meet]
browserXSSFilter = true
contentTypeNosniff = true
forceSTSHeader = true
SSLHost = "domain.tld"
SSLRedirect = true
STSIncludeSubdomains = true
STSPreload = true
STSSeconds = 315360000
[http.middlewares.meet.headers]
FrameDeny = true
SSLRedirect = true
# CORS
accessControlAllowMethods = ["GET", "OPTIONS", "PUT", "POST"]
accessControlAllowOrigin = '*'
accessControlAllowHeaders = ['DNT','User-Agent','X-Requested-With','If-Modified-Since','Cache-Control','Content-Type','Range']
accessControlExposeHeaders = ["Content-Length","Content-Range"]
accessControlAllowCredentials = true
accessControlMaxAge = 100
addVaryHeader = true
And there is an error in the log I can't quite understand:
time="2020-03-19T12:16:25Z" level=info msg="Traefik version 2.1.7 built on 2020-03-18T16:43:27Z"
time="2020-03-19T12:16:25Z" level=info msg="Stats collection is enabled."
time="2020-03-19T12:16:25Z" level=info msg="Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration."
time="2020-03-19T12:16:25Z" level=info msg="Help us improve Traefik by leaving this feature on :)"
time="2020-03-19T12:16:25Z" level=info msg="More details on: https://docs.traefik.io/contributing/data-collection/"
time="2020-03-19T12:16:25Z" level=info msg="Enabling ProxyProtocol for trusted IPs []" entryPointName=https
time="2020-03-19T12:16:25Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-03-19T12:16:25Z" level=info msg="Starting provider *file.Provider {\"directory\":\"config/\",\"watch\":true}"
time="2020-03-19T12:16:25Z" level=info msg="Starting provider *acme.Provider {\"email\":\"johnny@brunoamaral.eu\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"http\"},\"tlsChallenge\":{},\"ResolverName\":\"default\",\"store\":{},\"ChallengeStore\":{}}"
time="2020-03-19T12:16:25Z" level=info msg="Testing certificate renew..." providerName=default.acme
time="2020-03-19T12:16:25Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-03-19T12:16:25Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`tardis.myddns.me`) \\u0026\\u0026 PathPrefix(`/{{ trimSuffix \\\"-settings\\\" .Name }}`)\",\"exposedByDefault\":true,\"network\":\"traefik_proxy\",\"swarmModeRefreshSeconds\":15000000000}"
time="2020-03-19T12:17:10Z" level=info msg="Skipping same configuration" providerName=docker