Docker Registry behind traefik Bad Gateway

RESOLVED

I am behind a corporate proxy and I never set my no_proxy variable in /etc/systemd/system/docker.service.d/http-proxy.conf. Once I set the variable there everything worked as intended

I'm running a docker registry behind traefik, I can navigate to the URL via a browser and can see the traffic in the reverse proxy logs and container logs, but when I docker push Im getting a bad gateway

registry-compose.yml

version: '3'
services:
  local-registry:
    container_name: registry
    image: registry:2.6
    restart: unless-stopped
    volumes:
      - registry-data:/var/lib/registry
      - ./config.yml:/etc/docker/registry/config.yml
    labels:
      - traefik.enable=true
      - traefik.http.routers.registry.entrypoints=https
      - traefik.http.routers.registry.rule=Host(`registry.mydomain.com`)
      - traefik.http.routers.registry.tls=true
      - traefik.http.services.registry.loadbalancer.server.port=5000
volumes:
  registry-data:
    driver: local
    driver_opts:
      o: bind
      type: none
      device: ${PWD}/registry-data

networks:
  default:
    name: traefik

registry config.yml

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  host: https://registry.mydomain.com
  relativeurls: true
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

traefik compose.yml

version: '3'
services:
  reverse-proxy:
    image: traefik:2.9.4
    container_name: traefik-reverse-proxy
    restart: unless-stopped
    command:
      - --api.insecure=true
      - --providers.docker
      - --providers.docker.exposedByDefault=false
      - --entrypoints.https.address=:443
      - --entrypoints.http.address=:80
      - --metrics.prometheus=true
      - --entryPoints.metrics.address=:8082
      - --metrics.prometheus.entryPoint=metrics
      - --entrypoints.registry.address=:5000
      - --log.level=DEBUG
      - --providers.file.directory=/configuration/
      - --providers.file.watch=true
    ports:
      - 80:80
      - 5000:5000
      - 8080:8080
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config/:/configuration/
networks:
  default:
    name: traefik

I can curl and curl -X PUT the domain and get back {} which tells me I can hit the API, but if I docker push I get bad gateway. I have removed all proxy settings and added no_proxy variables to rule that out. as this is a local registry and I am behind a corporate proxy

for different entrypoint+tls configurations here is what I have tried so far

REGISTRY_HTTP_ADDR=:443
http Entrypoints=443
http Entrypoints=443 + catchall redirect
http Entrypoins=443 + tcp Entrypoints=5000
http Entrypoints=443 + tcp Entrypoints=443
http Entrypoints=443 + tcp Entrypoints=5000 + catchall redirect
http Entrypoints=443 + tcp Entrypoints=443 + catchall redirect
http Entrypoints=443 (Traefik TLS disabled) + tcp Entrypoints=443 w/ TLS Passthrough

http entrypoint=5000
http entrypoint=5000 + catchall redirect
http Entrypoints=5000 + tcp Entrypoints=5000
http Entrypoints=5000 + tcp Entrypoints=5000 + catchall redirect

I have also tried traefik versions 2, 2.6.4, and 2.9.4 and latest

I have also followed the documentation for an airgapped registry and edited /etc/docker/daemon.json

{
  "allow-nondistributable-artifacts": ["registry.mydomain.com"]
}