TCP Service unhealthy

I've deployed an xmpp server called "prosody" in Docker and want to make it reachable to the outside through Traefik (2.1.4).

Prosody uses TCP ports 5222 and 5269.

I've configured Traefik to bind to those ports as entryPoint:

  address = ":5222"

  address = ":5269"

And configured the rest through labels in the container:

  -l traefik.tcp.routers.prosody-c2s.rule='Host(`somedomain`)' \
  -l traefik.tcp.routers.prosody-c2s.entrypoints=xmpp \
  -l traefik.tcp.routers.prosody-c2s.tls=true \
  -l traefik.tcp.routers.prosody-c2s.tls.certresolver=default \
  -l traefik.tcp.routers.prosody-c2s.service=prosody-c2s \
  -l \

I can see everything being configured as expected in the Dashboard. However, when looking at the Services part, there's a Warning triangle next to the IP+Port of the container and connectivity doesn't seem to work.
Anything I could do to troubleshoot further or missed something?

After some help on the internet figured out the following:

Turns out that xmpp by default expects to perform starttls on top of a normal tcp connection.

STARTTLS establishes a TLS connection after connecting, while normal TLS will first pass host information to select the correct certificate (SNI).

I disabled Traefik handling TLS and had to use a wildcard on the HostSNI(*) definition and deal with the certificate information in prosody directly.

Now it works even though Traefik still shows a warning next to the IP+Port section in the Dashboard.