Traefik behind Traefik

I have a Traefik up and running wth docker, LetsEncrypt, etc.. There are several containers working with HTTPs like Protainer, Dashboard@traefik.

I am very happy with that.

The problem comes with some (internal) servers connected via Wireguard. As I start to like Traefik there is a Traefik on every server. This servers work great and (would) do their LetsEncrypt on their own. Some servers are out of my reach but all do port 80 (HTTP), 443/TCP (HTTPS=>HTTP2) and soon 443/UDP (HTTP3).

In short:
What to do if there is a full server with HTTP/HTTP2/HTTP3 and LetsEncrypt behind a Traefik?

How can I write rules to:

  1. direct any request on entrypoint (80/HTTP) to some docker container (wireguard container, for some domain name) WITHOUT touching it (HTTPS redirect) to allow LetsEncrypt somewhere else?

  2. pass-through ALL TLS traffic for some domain to the container? <= I think I got this one working :slight_smile:

  3. pass-through ALL TLS UDP traffic like in "2." but this time for HTTP3?

I hope I was able to explain the main idea.

Best regards