Routing Websockets on different port with Traefik 2.4

Traefik Traefik v2
,
1

Hello,
I have an apache web service running on an external server (.php). I want to access it from outside via Traefik which already redirects several docker and external services. These external services are declared via a file.
I did the same for the apache web service, I can access the first page but it doesn't load the content.
It seems that I need to implement Websockets on port 9001.

I have 2 entrypoints 80 and 443 with http2https redirection.

How do I implement those Websockets on port 9001?

I have tried creating a 3rd entrypoint for 9001 and a router for that entrypoint which listens on the same url, but without success.

Regards,
Chris

version: "3.3"
services:

  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    command:
      - --log.level=ERROR
      - --api
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --providers.file.directory=/etc/traefik/
      - --providers.file.watch=true
      - --entrypoints.web.address=:80
      - --entrypoints.web-secure.address=:443
      - --entrypoints.websockets.address=:9001
      - --entrypoints.53-tcp.address=:53
      - --entrypoints.53-udp.address=:53/udp
      #TLS DNS Challenge
      - --certificatesResolvers.primary.acme.email=xxx
      - --certificatesResolvers.primary.acme.storage=acme.json
      #- --certificatesresolvers.primary.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesResolvers.primary.acme.dnsChallenge=true
      - --certificatesResolvers.primary.acme.dnsChallenge.provider=dnsprov
      - --certificatesResolvers.primary.acme.dnsChallenge.delayBeforeCheck=100

    ports:
      - "80:80"
      - "443:443"
      - "9001:9001"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik:/etc/traefik"
      - "./acme.json:/acme.json"
    extra_hosts:
      - host.docker.internal:172.17.0.1
    restart: unless-stopped


    labels:
      - "traefik.http.routers.api.middlewares=secHeaders@file,traefik-auth"
      # Traefik api labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.tls.domains[0].main=MYDOMAIN"
      - "traefik.http.routers.api.tls.domains[0].sans=*.MYDOMAIN"
      - "traefik.http.routers.api.rule=Host(`traefik.MYDOMAIN`)"   
      - "traefik.http.routers.api.service=api@internal"
      #- "traefik.http.routers.api.entrypoints=web"
      - "traefik.http.routers.api.entrypoints=web-secure"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=USER:PASSWORD"
      - "traefik.http.routers.api.tls=true"
      - "traefik.http.routers.api.tls.certresolver=primary"
      # Redirect to https
      - "traefik.http.routers.redir-to-https.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redir-to-https.entrypoints=web"
      - "traefik.http.routers.redir-to-https.middlewares=redirect-to-https"
      - "traefik.http.routers.redir-to-https.priority=100"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" 
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"

      # Non container services
   
     ...
     
      # openWB
      - "traefik.http.routers.openwb.middlewares=auth"
      - "traefik.http.routers.openwb.middlewares=sslheader"
      - "traefik.http.routers.openwb.entrypoints=web-secure"
      - "traefik.http.routers.openwb.rule=Host(`openwb.MYDOMAIN`)"
      - "traefik.http.routers.openwb.service=openwb@file"
      - "traefik.http.routers.openwb.tls.certresolver=primary"

      - "traefik.http.routers.openwbs.entrypoints=websockets"
      - "traefik.http.routers.openwbs.rule=Host(`openwb.MYDOMAIN`)"
      - "traefik.http.routers.openwbs.service=openwbs@file"
      - "traefik.http.routers.openwbs.tls.certresolver=primary"
      
networks:
      - web
      - statistics
networks:
  web:
    external: true
  statistics:
    external: true

#dyn conf
 [http]
 [http.services]
 [http.services.openwb]
      [http.services.openwb.loadBalancer]
        [[http.services.openwb.loadBalancer.servers]]
          url = "http://host:80"

    [http.services.openwbs]
      [http.services.openwbs.loadBalancer]
        [[http.services.openwbs.loadBalancer.servers]]
          url = "http://host:9001"
2

Another file I forgot to post:

#dynconf.yml

tls:
  options:
    default:
      minVersion: VersionTLS12

      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256

      curvePreferences:
        - CurveP521
        - CurveP384

      sniStrict: true

http:
  middlewares:
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        sslRedirect: true
        #HSTS Configuration
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customFrameOptionsValue: "SAMEORIGIN"
3

In case that will help, I get this error from the console of my browser:

Firefox can't etablish a connection for wss://openwb.MYDOMAIN:9001/mqtt
mqttws31.js:916:22

Any idea what to do?
Regards,
Chris