Thank you very much. I didnt thought about the possibility about the http domain faking!
Will set a Whitelist for the moment. One idea, would it be possible that traefik set the Whitelist based on the domain automatically? So if Domain ".privatedomain" is used it will set a whitelist automatically and if "example.com" is does not use any whitelist.
About the 2 instances, maybe you can check my other question, because i think exactly that i wanted to achieve. Put traefik on a LAN IP different from host, but i am not 100% sure i would do this correct.