Multiple on one container?

I have two traefik with docker, one on my LAN which exposed internal resources and another publicly accessible which exposed https webui.

I want to setup traefik with keycloak with my two traefik (local - port 9090 and public - port 80 & 443). I want to restrict in my LAN all admin routes through traefik local and expose publicly only the login panel of keycloack through my traefik public.

But I don't see any examples or documentation about the way to setup two and create two interfaces in one service on docker.

Is it really not possible?
and why? due to technical restrictions?
Because a router - service could belong to a docker network?

    - traefik.enable=true
    - traefik.constraint-label=traefik-local
    - traefik.http.routers.keycloak-router.rule=Host("keycloak.${PRIVATE_DOMAIN}")
    - traefik.http.routers.keycloak-router.entrypoints=web

Thanks for your help

You can define the Docker network in static config provider.docker for a Traefik instance.

That way each Traefik instance can use their own Docker network to reach target services, your special target service can be attached to multiple Docker networks.

Thanks for your feedback.

I have setup the in provider docker in static conf of traefik.
I have setup also a constraint label for traefik public and another for traefik local and associate a docker service with theses labels.

I specified two different rule host one internal and the other public and it' s working.

But there is still a warning/durty thing about the traefik routes.
The constraint label is only on docker service so traefik catch all routes specified for this service. I can't filter rule host for my traefik public instance or my traefik local instance.

So in my traefik local instance, I have the public rule host setup with an https entrypoint which doesnt exist that' s why it's red (only traefik public instance has an https entrypoint) and the internal rule setup
And in my traefik public instance, I have an internal rule and the public rule also.

I think there is no way to filter rule access by label constraint in docker service with traefik ?
I would setup two rules (internal and public) which are created respectively by the right traefik instance.

If not possible. I will rename entrypoints on traefik local which dont match entrypoint in traefik public.