Multiple Docker Compose Treafik Configs

Greetings all,

What I am trying to do is setup both pihole and teslamate data logging on a Rasberry Pi 4 behind my residential broadband connection. I am fairly knowledgeable with networking but not with traefik. I want both of these services to be exposed via one dynamic external IP so that I can access remotely. Since they will be exposed both of them need Traefik and lets encrypt configs using different ports.

I have tried the setup from reading online but I am running into some problems with traefik. Both services display cert errors and then a 404 error when I try to access them on their respective ports.

Right now I am trying to use a .env file to call three seperate yml files for docker. What might be the problem is that it is trying to use two instances of traefik. I would like to expose the following ports for the following services:

https 443 - PiHole
http 80 - PiHole redirect to https
53 tcp/udp - PiHole DNS
853 - PiHole DNS TLS
8443 - Teslamate HTTPS (listening on port 4000)
8442 - Graphana HTTPS (Listening on port 3000)

Here are the config files I have started to work on so far. I am thinking I need to combine these two unless you folks think I should leave them seperate.

Traefik.yml:

version: "3.3"

services:

  traefik:
    image: "traefik:latest"
    restart: unless-stopped
    command:
      - "--log.level=ERROR"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.dnsovertls.address=:853"
      - "--entrypoints.dns.address=:53"
      - "--entrypoints.udpdns.address=:53/udp"
      - "--entrypoints.web.address=:80"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=user@gmail.com"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    networks:
      - traefik_default
    ports:
      - "LOCALIP:443:443"
      - "LOCALIP:853:853"
      - "LOCALIP:53:53"
      - "LOCALIP:53:53/udp"
      - "LOCALIP:80:80"
    volumes:
      - "letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

networks:
  traefik_default:
    external: true

volumes:
  letsencrypt:

pihole.yml:

version: "3"

services:
  pihole:
    image: pihole/pihole:latest
    networks:
      - traefik_default
    environment:
      PUID: '1000'
      PGID: '1000'
      TZ: 'America/New_York'
      WEBPASSWORD: 'password'
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    dns:
      - 8.8.8.8
      - 1.1.1.1
    restart: unless-stopped
    labels:
      - "traefik.enable=true"

      # web interface
      - "traefik.http.routers.pihole.rule=Host(`dynamicndshostname.com`)"
      - "traefik.http.routers.pihole.entrypoints=websecure"
      - "traefik.http.routers.pihole.tls.certresolver=mytlschallenge"
      - "traefik.http.services.pihole.loadbalancer.server.port=80"

      # DNS-over-TLS
      - "traefik.tcp.routers.dnsovertls.rule=HostSNI(`dynamicndshostname.com`)"
      - "traefik.tcp.routers.dnsovertls.entrypoints=dnsovertls"
      - "traefik.tcp.routers.dnsovertls.tls.certresolver=mytlschallenge"
      - "traefik.tcp.routers.dnsovertls.service=pihole"

      # Normal DNS coming in on 53 TCP, no TLS
      - "traefik.tcp.routers.dns.rule=HostSNI(`dynamicndshostname.com`)"
      - "traefik.tcp.routers.dns.entrypoints=dns"
      - "traefik.tcp.routers.dns.service=pihole"

      # recieves traffic from both the TLS and non-TLS traefik routers
      - "traefik.tcp.services.pihole.loadbalancer.server.port=53"

      # Normal DNS coming in on 53 UDP
      - "traefik.udp.routers.udpdns.entrypoints=udpdns"
      - "traefik.udp.routers.udpdns.service=pihole"
      - "traefik.udp.services.pihole.loadbalancer.server.port=53"

networks:
  traefik_default:
    external: true

teslamate.yml:

version: '3'

services:
  teslamate:
    image: teslamate/teslamate:latest
    restart: always
    depends_on:
      - database
    environment:
      - DATABASE_USER=${TM_DB_USER}
      - DATABASE_PASS=${TM_DB_PASS}
      - DATABASE_NAME=${TM_DB_NAME}
      - DATABASE_HOST=database
      - MQTT_HOST=mosquitto
      - VIRTUAL_HOST=${FQDN_TM}
      - CHECK_ORIGIN=true
      - TZ=${TM_TZ}
    volumes:
      - ./import:/opt/app/import
    labels:
      - 'traefik.enable=true'
      - 'traefik.port=4000'
      - "traefik.http.middlewares.redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.auth.basicauth.usersfile=/auth/.htpasswd"
      - "traefik.http.routers.teslamate-insecure.rule=Host(`${FQDN_TM}`)"
      - "traefik.http.routers.teslamate-insecure.middlewares=redirect"
      - "traefik.http.routers.teslamate.rule=Host(`${FQDN_TM}`)"
      - "traefik.http.routers.teslamate.middlewares=auth"
      - "traefik.http.routers.teslamate.entrypoints=websecure"
      - "traefik.http.routers.teslamate.tls.certresolver=tmhttpchallenge"

  database:
    image: postgres:12
    restart: always
    environment:
      - POSTGRES_USER=${TM_DB_USER}
      - POSTGRES_PASSWORD=${TM_DB_PASS}
      - POSTGRES_DB=${TM_DB_NAME}
    volumes:
      - teslamate-db:/var/lib/postgresql/data

  grafana:
    image: teslamate/grafana:latest
    restart: always
    environment:
      - DATABASE_USER=${TM_DB_USER}
      - DATABASE_PASS=${TM_DB_PASS}
      - DATABASE_NAME=${TM_DB_NAME}
      - DATABASE_HOST=database
      - GRAFANA_PASSWD=${GRAFANA_PW}
      - GF_SECURITY_ADMIN_USER=${GRAFANA_USER}
      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PW}
      - GF_AUTH_BASIC_ENABLED=true
      - GF_AUTH_ANONYMOUS_ENABLED=false
      - GF_SERVER_ROOT_URL=https://${FQDN_GRAFANA}
    volumes:
      - teslamate-grafana-data:/var/lib/grafana
    labels:
      - 'traefik.enable=true'
      - 'traefik.port=3000'
      - "traefik.http.middlewares.redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.grafana-insecure.rule=Host(`${FQDN_GRAFANA}`)"
      - "traefik.http.routers.grafana-insecure.middlewares=redirect"
      - "traefik.http.routers.grafana.rule=Host(`${FQDN_GRAFANA}`)"
      - "traefik.http.routers.grafana.entrypoints=websecure"
      - "traefik.http.routers.grafana.tls.certresolver=tmhttpchallenge"

  mosquitto:
    image: eclipse-mosquitto:1.6
    restart: always
    ports:
      - 127.0.0.1:1883:1883
    volumes:
      - mosquitto-conf:/mosquitto/config
      - mosquitto-data:/mosquitto/data

  proxy:
    image: traefik:v2.1
    restart: always
    command:
      - "--global.sendAnonymousUsage=false"
      - "--providers.docker"
      - "--providers.docker.exposedByDefault=false"
      - "--entrypoints.web.address=:8080"
      - "--entrypoints.websecure.address=:8443"
      - "--certificatesresolvers.tmhttpchallenge.acme.httpchallenge=true"
      - "--certificatesresolvers.tmhttpchallenge.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.tmhttpchallenge.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.tmhttpchallenge.acme.storage=/etc/acme/acme.json"
    ports:
      - 8080:8080
      - 8443:8443
    volumes:
      - ./.htpasswd:/auth/.htpasswd
      - ./acme/:/etc/acme/
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
    teslamate-db:
    teslamate-grafana-data:
    mosquitto-conf:
    mosquitto-data:

Hopefully this is possible. Thanks in advance.