Https tls passthrough time out

I'm trying to put traefik in front of an HTTPS web server using passthrough.

When exposed directly, the webserver works like a charm, but when I use traefik as a proxy, it times out.
Here is the config:

      - "traefik.tcp.routers.mailuhttps.rule=HostSNI(``) || HostSNI(``) || HostSNI(``) || HostSNI(``) || HostSNI(``)"                                                                       
      - "traefik.tcp.routers.mailuhttps.entrypoints=websecure"                                                                                                                                                                                                                                                             
      - "traefik.tcp.routers.mailuhttps.tls.passthrough=true"                                                                                                                                                                                                                                                              
      - "traefik.tcp.routers.mailuhttps.service=mailuhttps"                                                                                                                                                                                                                                                                
      - ""                                                                                                                                                                                                                                                     
      - ""

Here the error :

traefik-traefik-1  | time="2023-08-19T08:10:58Z" level=debug msg="Handling TCP connection from to"                        │domains
traefik-traefik-1  | time="2023-08-19T08:12:57Z" level=error msg="Error while dialing backend: dial tcp connect: connection timed out"

Note that is the right ip address of the web service, in the same network as traefik (btw, it works in HTTP even if I did not list the config here).

Using openssl client on the webservice container's ip works (handshake works, and we get to nginx), but timeout out on the public ip (simply no response from the webservice)

Any idea ?

Thanks in advance !

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

Compare with simple Traefik TLS example.

How do you load or create the TLS certs?

I think I may had firewall rejecting forward, seems to work now