Traefik behind Proxy - Use X-Forwarded-For-* in Rules

Following use-case:
I build a structure to deploy review-apps that should get picked up by Traefik and routed accordingly (this works well with the docker provider and labels). A second requirement is to secure the apps with out SSO. So I setup a Oauth Proxy in front of Traefik to secure all apps at once.

The whole flow looks like this:

client -> auth-proxy -> traefik -> app1
                                              -> app2
                                                  ....

The auth-proxy is the only container with ports mapped outside the docker-network and is the entrypoint.
It has the service-name traefik configured as upstream. This creates a problem that the Host-Header for Traefik is always just traefik, no matter the original Host-Header. The correct Host is in X-Forwarded-For-Host.

After studying the documentation intensively I have not found a solution to create Routing Rules based on the Forwarded Host. Is that such a bad idea?

If I would switch around auth-proxy and traefik, I would have to create a new proxy for every instance of the app which seems a lot more complicated.