Nexus as Docker Registry behind Traefik Proxy Docker Swarm

Good Day. In my Nexus (inside Docker swarm) i create Docker Registry Repo and connect it to S3 blob store. My Nexus stay behind Traefik Proxy. When I try to push to the docker registry - I get the error (and it doesn't matter if I'm using local storage or s3):

docker push registry.company.group/ubuntu:dev
Getting image source signatures
Copying blob 2f140462f3bc done
Copying blob 63c99163f472 done
Copying blob ccdbb80308cc done
Copying config 7e0aa2d69a [======================================] 3.2KiB / 3.2KiB
Writing manifest to image destination
Error: error copying image to the remote destination: Error writing manifest: Error uploading manifest dev to registry.company.group/ubuntu: blob unknown: blob unknown to registry

Nexus Log:

2021-06-15 10:44:31,927+0300 WARN  [qtp2096883010-3808]  registry-user org.sonatype.nexus.repository.docker.internal.V2Handlers - Is the remote url a valid docker endpoint? Remote host https://registry-1.docker.io/ with path /v2/library/ubuntu/blobs/sha256:ccdbb80308cc5ef43b605ac28fac29c6a597f89f5a169bbedbb8dec29c987439 did not return the expected response. Error message: blob unknown to registry
2021-06-15 10:44:35,894+0300 ERROR [qtp2096883010-3807]  registry-user org.sonatype.nexus.repository.docker.internal.orient.V2ManifestUtilImpl - Manifest refers to missing layer: sha256:7e0aa2d69a153215c790488ed1fcec162015e973e49962d438e18249d16fa9bd for: ubuntu/dev in repository RepositoryImpl$$EnhancerByGuice$$765e645e{type=hosted, format=docker, name='docker-registry'}
2021-06-15 10:44:35,925+0300 WARN  [qtp2096883010-3807]  registry-user org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: PUT /v2/ubuntu/manifests/dev: 400 - org.sonatype.nexus.repository.docker.internal.V2Exception: Invalid Manifest

Nexus Traefik setup (8081 for components like maven,nuget and etc; 8083 - docker group; 5000 docker hosted registry):

# nexus
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.routers.nexus.entrypoints=websecure"
        - "traefik.http.routers.nexus.rule=Host(`nexus.company.group`)"
        - "traefik.http.routers.nexus.service=nexus"
        - "traefik.http.services.nexus.loadbalancer.server.port=8081"
        - "traefik.http.services.nexus.loadbalancer.passhostheader=true"
        # # docker proxy
        - "traefik.http.routers.docker-proxy.entrypoints=websecure"
        - "traefik.http.routers.docker-proxy.rule=Host(`registry.company.group`) && Method(`GET`,`HEAD`)"
        - "traefik.http.routers.docker-proxy.service=registry-proxy"
        - "traefik.http.services.registry-proxy.loadbalancer.server.port=8083"
        - "traefik.http.services.registry-proxy.loadbalancer.passhostheader=true"
        # docker hosted
        - "traefik.http.routers.registry.entrypoints=websecure"
        - "traefik.http.routers.registry.rule=Host(`registry.company.group`) && Method(`POST`,`PUT`,`DELETE`,`PATCH`)"
        - "traefik.http.routers.registry.service=registry"
        - "traefik.http.services.registry.loadbalancer.server.port=5000"
        - "traefik.http.services.registry.loadbalancer.passhostheader=true"

But if i use NGINX outside of mine docker swarm i dont have problem with push and pull to nexus.
But i don't know how to use the same config in Traefik

server {
        listen 443 ssl;
        server_name "docker.company.group";
        ssl_certificate /etc/nginx/ssl/cp.group.crt;
        ssl_certificate_key /etc/nginx/ssl/cp.group.key;
        # disable any limits to avoid HTTP 413 for large image uploads
        client_max_body_size 0;

        # Allow connections from API clients only
        if ($http_user_agent !~ docker ) {
            return 404;
        }

        if ($request_method ~* (POST|PUT|DELETE|PATCH) ) {
           rewrite ^/(.*)$ /docker-private/$1 last;
        }
        rewrite ^/(.*)$ /docker-group/$1 last;

        location /docker-private {
            rewrite ^/docker-private(.*)$ $1 break;
            proxy_pass http://10.10.3.30:5000;
        }

        location /docker-group {
            rewrite ^/docker-group(.*)$ $1 break;
            proxy_pass http://10.10.3.30:8083;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
}