Big black nothing even though dashboard say all is good

Setting up Traefik as a reverse proxy, again, I get a big black nothing.
Usually I get a 5xx error, now I have nothing to go on.
In the browser when trying to access a service I see in the dev tols a NS_ERROR_NET_TIMEOUT.
I can reach the dashboard for Traefik and it says all is good.

I am baffled, I have no idea where to go from here. I guess I have made a small error that I can not spot at moment.

Here is my setup: Shared Text 26c57353 - ShareText

Share config here, use 3 backticks to format, to preserve spacing, which is important in yaml.

  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    env_file:
      - .env                        
    secrets:
      - cf-token                    
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
    environment:
      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf-token
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./appdata/traefik/traefik.yml:/traefik.yml:ro
      - ./appdata/traefik/acme.json:/acme.json
      - ./appdata/traefik/logs:/var/log/traefik
    labels:
      - "traefik.enable=true"

      # Dashboard
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.io`)"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik.tls.domains[0].main=domain.io"
      - "traefik.http.routers.traefik.tls.domains[0].sans=*.domain.io"
      - "traefik.http.routers.traefik.service=api@internal"

      # Middleware dashboard
      - "traefik.http.routers.traefik.middlewares=traefik-auth,hsts,traefik-csp"

      # Basic auth
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"

      # ==== HSTS ====
      - "traefik.http.middlewares.hsts.headers.stsSeconds=31536000"
      - "traefik.http.middlewares.hsts.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.hsts.headers.stsPreload=true"
      - "traefik.http.middlewares.hsts.headers.forceSTSHeader=true"

      # ==== CSP + security-headers for internal services ====
      # CSP
      - "traefik.http.middlewares.traefik-csp.headers.contentSecurityPolicy=default-src 'self'; base-uri 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"

      # Referrer / Permissions
      - "traefik.http.middlewares.traefik-csp.headers.referrerPolicy=no-referrer"
      - "traefik.http.middlewares.traefik-csp.headers.permissionsPolicy=camera=(), microphone=(), geolocation=()"

      # Classic protextion
      - "traefik.http.middlewares.traefik-csp.headers.browserXssFilter=true"
      - "traefik.http.middlewares.traefik-csp.headers.contentTypeNosniff=true"

      # X-Frame-Options: DENY
      - "traefik.http.middlewares.traefik-csp.headers.frameDeny=true"

      # X-Robots-Tag: no index for me
      - "traefik.http.middlewares.traefik-csp.headers.customResponseHeaders.X-Robots-Tag=noindex, nofollow"

      # Even more hardening
      - "traefik.http.middlewares.traefik-csp.headers.customResponseHeaders.X-Permitted-Cross-Domain-Policies=none"
      - "traefik.http.middlewares.traefik-csp.headers.customResponseHeaders.X-Download-Options=noopen"

Enable Traefik debug log (doc) and Traefik access log in JSON format (doc).