From the IP I would say the TLS error happens between browser client and Traefik, insecureSkipVerify is used between Traefik and target service.
I don't think there are any complications with Portainer in general, here an example compose file for stack deploy with Docker Swarm:
version: '3.9'
services:
agent:
image: portainer/agent:2.18.2
environment:
- LOG_LEVEL=DEBUG
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.18.2
command: -H tcp://tasks.agent:9001 --tlsskipverify
#ports:
# - "9443:9443"
# - "9000:9000"
# - "8000:8000"
volumes:
- portainer_data:/data
networks:
- agent_network
- proxy
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
- node.hostname == server1
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.rule=Host(`portainer.example.com`)"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.services.portainer.loadbalancer.passhostheader=true"
networks:
agent_network:
driver: overlay
driver_opts:
com.docker.network.driver.mtu: 1400
attachable: true
proxy:
external: true
volumes:
portainer_data: