Problems with port forwarding

Traefik Traefik v2
1

Hello together,
I am using Home Assistant in a docker container at a small server at home.
This server contains different docker containers (UrBackup, Node-Red, Mosquitto, Grafana, Home Assistant and more).
If I am using http://192.168.2.10:8123 i have access to the Home Assistant.
Now I want to have access to my server via https://homeassisstant.mydomain.com.
DNS is working, but if I call the subdomain I get "Bad gateway".

This is my docker-compose.yml

version: '3'
services:
  homeassistant:
    container_name: homeassistant
    image: "homeassistant/home-assistant:stable"
    volumes:
      - /data/docker/homeassistant/config:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    privileged: true
    #network_mode: host
    ports:
      - "8123:8123"
    expose:
      - 8123

    networks:
      proxy:
      iot:
        ipv4_address: 192.168.2.10
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homeassistant.entrypoints=http"
      - "traefik.http.routers.homeassistant.rule=Host(`homeassistant.mydomain.com`)"
      - "traefik.http.middlewares.homeassistant-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.homeassistant.middlewares=homeassistant-https-redirect"
      - "traefik.http.routers.homeassistant-secure.entrypoints=https"
      - "traefik.http.routers.homeassistant-secure.rule=Host(`homeassistant.mydomain.com`)"
      - "traefik.http.routers.homeassistant-secure.tls=true"
      - "traefik.http.routers.homeassistant-secure.tls.certresolver=http"
      - "traefik.http.routers.homeassistant-secure.service=homeassistant"
      - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
      - "traefik.docker.network=proxy"
      

volumes:
  config:
networks:
  proxy:
    external: true
  iot:
    external: true

My traefik.yml file:

api:
  dashboard: true
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  http:
    acme:
      email: mail@mydomain.com
      storage: acme.json
      httpChallenge:
        entryPoint: http

What I am doing wrong?
By the way: my containers use different VLANs (via macvlan), because the Server is some applications in my DMZ and some applications in other internal VLANs.

2

First, I would place the http redirect in the static entrypoints section, no need for that middleware in labels. Makes it easier to read.

Next I would rename your certresolver http to something more common like LEresolver. To many http in configuration, anyway. Not sure if this is an issue.

How do you use your domain homeassistant.mydomain.com? Will it return a private IP or a public IP? For a public IP, have you configured a DMZ for your server or port forwarding on your router?