Dashboard via router and domain don't work (always return 404)

I would like to share the dashboard without having to provide the api.insecure flag.
Right now I'm trying to route a specific host to the api@internal service.
But looks like that the rule is never created, this is my config:

version: "3.3"

networks:
  public:
    external: true
    name: macvlan-public
  web:
    external: false
    internal: false
    name: proxy
    
services:
  traefik:
    image: "traefik:v2.6"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      # Docker configuration
      - "--providers.docker=true"
      - "--providers.docker.network=web"
      - "--providers.docker.exposedbydefault=false"
      # Configure entrypoint
      - "--entrypoints.web.address=:80"
      # Enable dashboard
      - "--api"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.proxy.rule=Host(`traefik.mydomain.com`)"
      - "traefik.http.routers.proxy.entrypoints=web"
      - "traefik.http.routers.proxy.service=api@internal"
    networks:
      - public
      - web
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    networks:
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=web"

I can access correctly the whoami service with whoami.mydomain.com, but I cannot access the api endpoint via traefik.mydomain.com

The web network is a simple bridge networks where allt he containers that want to connect to the net have to be attached. The public network instead is a macvlan, this is a vlan/subnet to separate the traffic that comes and goes to internet from my shared services (intranet, traefik.mydomain.com can be resolved only locally).
The mydomain.com domain is resolved by the local dns server and it reply with the IP of the traefik container. (public interface)

Am I doing something wrong?