Cannot proxy services using multiple domains/sub domains

Hi guys, I'm an nginx user for years and would want to try traefik but I cannot seems to get a single container proxied properly.
Basically, what I want to have dashboard.example.xyz to host the dashboard over HTTPS, protect it with basic auth.
Then admin.example.xyz to expose a node container which uses port 3000. This is Windows containers, but linux example might work for my case. TIA

version: '3.8'

services:
  traefik:
    image: traefik:windowsservercore-1809
    deploy:
      #placement:
      #  constraints:
      #    # Make the traefik service run only on the node with this label
      #    # as the node with it has the volume for the certificates
      #    - node.labels.traefik-public.traefik-public-certificates == true
      labels:
        # Enable Traefik for this service, to make it available in the public network
        - traefik.enable=true
        # Use the traefik-public network (declared below)
        - traefik.docker.network=proxy
        # Use the custom label "traefik.constraint-label=traefik-public"
        # This public Traefik will only use services with this label
        # That way you can add other internal Traefik instances per stack if needed
        #- traefik.constraint-label=traefik-public
        # admin-auth middleware with HTTP Basic auth
        # Using the environment variables USERNAME and HASHED_PASSWORD
        - traefik.http.middlewares.admin-auth.basicauth.users=admin:$password
        # https-redirect middleware to redirect HTTP to HTTPS
        # It can be re-used by other stacks in other Docker Compose files
        - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
        - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
        # traefik-http set up only to use the middleware to redirect to https
        # Uses the environment variable DOMAIN
        - traefik.http.routers.website.rule=Host(`dashboard.example.xyz`) 
        - traefik.http.routers.website.entrypoints=http
        - traefik.http.routers.website.middlewares=https-redirect
        # traefik-https the actual router using HTTPS
        # Uses the environment variable DOMAIN
        - traefik.http.routers.traefik-public-https.rule=Host(`dashboard.example.xyz`)
        - traefik.http.routers.traefik-public-https.entrypoints=https
        - traefik.http.routers.traefik-public-https.tls=true
        # Use the special Traefik service api@internal with the web UI/Dashboard
        - traefik.http.routers.traefik-public-https.service=api@internal
        # Use the "le" (Let's Encrypt) resolver created below
        - traefik.http.routers.traefik-public-https.tls.certresolver=le
        # Enable HTTP Basic auth, using the middleware created above
        #- traefik.http.routers.traefik-public-https.middlewares=admin-auth
        # Define the port inside of the Docker service to use
        - traefik.http.services.traefik-public.loadbalancer.server.port=8080
    command:
      # Enable Docker in Traefik, so that it reads labels from Docker services
      - --providers.docker
      # Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
      #- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
      # Do not expose all Docker services, only the ones explicitly exposed
      #- --providers.docker.exposedbydefault=true
      # Enable Docker Swarm mode
      - --providers.docker.swarmmode
      # Create an entrypoint "http" listening on port 80
      - --entrypoints.http.address=:80
      # Create an entrypoint "https" listening on port 443
      - --entrypoints.https.address=:443
      # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
      - --certificatesresolvers.le.acme.email='example@gmail.com'#$EMAIL
      # Store the Let's Encrypt certificates in the mounted volume
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      # Use the TLS Challenge for Let's Encrypt
      - --certificatesresolvers.le.acme.tlschallenge=true
      # Enable the access log, with HTTP requests
      - --accesslog
      # Enable the Traefik log, for configurations and errors
      - --log
      # Enable the Dashboard and API
      - --api.insecure=true  
      # Docker engine
      - --providers.docker.endpoint=npipe:////./pipe/docker_engine
 
    ports:
      - "8080:8080" # Please read: https://docs.traefik.io/configuration/api/#security 15
      - "443:443"
      - "80:80"
    #isolation: process # workaround for https://github.com/containous/traefik/issues/4409 33
    volumes:
      - type: npipe
        source: '\\.\pipe\docker_engine'
        target: '\\.\pipe\docker_engine'   
    networks:
      - proxy
      
  admin:
    image: bauson/com:win-node
    deploy:
        replicas: 1
    networks:
      - proxy
    labels:
      - "traefik.http.routers.admin.rule=Host(`admin.example.xyz`)"
      - "traefik.enable=true"
      - "traefik.http.routers.admin.entrypoints=admin"
      - "traefik.http.routers.admin.rule=Method(`GET`,`POST`,`DELETE`)"
      - "traefik.http.services.admin.loadBalancer.sticky.cookie=true"
      - "traefik.http.services.admin.loadBalancer.sticky.cookie.name=sb_instance"
      - "traefik.http.services.admin.loadbalancer.server.port=3000" 
networks:
    proxy:
        external: true

Please disregards my post, I was able to make it work including SSL certificates. Sharing this here for others that are having hard time using it on windows.

traffic.yml

version: "3.8"

services:
  traefik:
    image: traefik:windowsservercore-1809
    networks:   
        - proxy
    deploy:
      replicas: 1
      labels:
        - traefik.docker.network=proxy
        - traefik.http.routers.traefik.rule=Host(`traefik.sbe1.example.xyz`)
        - traefik.http.routers.traefik.entrypoints=websecure
        - traefik.http.routers.traefik.tls.certresolver=myresolver
        - traefik.http.services.traefik.loadbalancer.server.port=8080  

    command: 
      #- "--log.level=DEBUG"
      - "--accesslog"
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"      
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.endpoint=npipe:////./pipe/docker_engine"  
      - "--providers.docker"
      - "--providers.docker.swarmmode"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.forwardedHeaders.insecure"
      - "--entrypoints.websecure.proxyProtocol.insecure"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      # https://acme-staging-v02.api.letsencrypt.org/directory https://acme-v02.api.letsencrypt.org/directory
      - "--certificatesresolvers.myresolver.acme.email=example@gmail.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"

    ports:
      - "443:443"
      - "80:80"
      - "8080:8080"
    volumes:
      - type: npipe
        source: '\\.\pipe\docker_engine'
        target: '\\.\pipe\docker_engine'     
      - c:/ops/traefik/le:C:/letsencrypt
    environment:
      - CLOUDFLARE_EMAIL="example@gmail.com"
      - CLOUDFLARE_API_KEY="API-KEY"
networks:
    proxy:
        external: true

test.yml

version: "3.8"

services:
  test:
    image: bauson/com:win-node80
    stop_grace_period: 300s
    networks:   
        - proxy
    deploy: 
      labels:
        - traefik.enable=true
        - traefik.http.routers.test.rule=Host(`test.sbe1.example.xyz`)
        - traefik.http.services.test.loadbalancer.server.port=80   
        - traefik.http.routers.test.entrypoints=websecure
        - traefik.http.routers.test.tls.certresolver=myresolver   
        - traefik.http.services.test.loadBalancer.sticky.cookie=true
        - traefik.http.services.test.loadBalancer.sticky.cookie.name=test
networks:
    proxy:
        external: true

You can have the Traefik Dashboard on your regular TLS port with sub-domain, I think you just forgot to assign the service to the router, see docs:

# Dynamic Configuration
deploy:
  labels:
    - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
    - "traefik.http.routers.dashboard.service=api@internal"
    - "traefik.http.routers.dashboard.middlewares=auth"
    - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
    # Dummy service for Swarm port detection. The port can be any valid integer value.
    - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999"

Hi there, thanks for your suggestion but this isn't working for Traefik on Windows. The page is getting 404, no errors on the logs and using port 8080, I can't see the rule assigned for the dashboard.

The snippet above would bind to all Traefik entrypoints (not only to port 8080).