Traefik not resolving local services

Hey there,
i got coolify running on a proxmox node with pangolin-tunnel to my vps and traefik with dns-challenge (provider deSEC). There is no error and my coolify instances domain is resolved fine, also for services i add via coolify.

When i want to add my local services like proxmox, pihole, truenas.. to get proxied by traefik in coolify it just doesn't work. When trying to access the added domains i just get error 404.

Anyone willing to take a look at my config to give some advice? Thanks in advance!

Edit: posting code directly here.

docker-compose.yml:

name: coolify-proxy
networks:
  coolify:
    external: true
services:
  traefik:
    container_name: coolify-proxy
    image: 'traefik:v3.1'
    restart: unless-stopped
    environment:
      - 'DESEC_TOKEN=hidden'
      - 'DESEC_PROPAGATION_TIMEOUT=300'
      - 'DESEC_PROPAGATION_DELAY=120'
      - 'DESEC_POLLING_INTERVAL=120'
    extra_hosts:
      - 'host.docker.internal:host-gateway'
    networks:
      - coolify
    ports:
      - '80:80'
      - '443:443'
      - '443:443/udp'
      - '8080:8080'
    healthcheck:
      test: 'wget -qO- http://localhost:80/ping || exit 1'
      interval: 4s
      timeout: 2s
      retries: 5
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - '/data/coolify/proxy:/traefik'
    command:
      - '--ping=true'
      - '--ping.entrypoint=http'
      - '--api.dashboard=true'
      - '--entrypoints.http.address=:80'
      - '--entrypoints.https.address=:443'
      - '--entrypoints.http.http.encodequerysemicolons=true'
      - '--entryPoints.http.http2.maxConcurrentStreams=50'
      - '--entrypoints.https.http.encodequerysemicolons=true'
      - '--entryPoints.https.http2.maxConcurrentStreams=50'
      - '--entrypoints.https.http3'
      - '--providers.file.directory=/traefik/dynamic/'
      - '--providers.file.watch=true'
      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=desec'
      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0'
      - '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json'
      - '--api.insecure=false'
      - '--providers.docker=true'
      - '--providers.docker.exposedbydefault=false'
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=http
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.tls.certresolver=letsencrypt
      - traefik.http.routers.traefik.tls.domains[0].main=example.com
      - traefik.http.routers.traefik.tls.domains[0].sans=*.example.com
      - traefik.http.services.traefik.loadbalancer.server.port=8080
      - coolify.managed=true
      - coolify.proxy=true

coolify.yaml (static):

http:
  middlewares:
    redirect-to-https:
      redirectscheme:
        scheme: https
    gzip:
      compress: true
  routers:
    coolify-http:
      middlewares:
        - redirect-to-https
      entryPoints:
        - http
      service: coolify
      rule: Host(`home.example.com`)
    coolify-realtime-ws:
      entryPoints:
        - http
      service: coolify-realtime
      rule: 'Host(`home.example.com`) && PathPrefix(`/app`)'
    coolify-terminal-ws:
      entryPoints:
        - http
      service: coolify-terminal
      rule: 'Host(`home.example.com`) && PathPrefix(`/terminal/ws`)'
    coolify-https:
      entryPoints:
        - https
      service: coolify
      rule: Host(`home.example.com`)
      tls:
        certresolver: letsencrypt
    coolify-realtime-wss:
      entryPoints:
        - https
      service: coolify-realtime
      rule: 'Host(`home.example.com`) && PathPrefix(`/app`)'
      tls:
        certresolver: letsencrypt
    coolify-terminal-wss:
      entryPoints:
        - https
      service: coolify-terminal
      rule: 'Host(`home.example.com`) && PathPrefix(`/terminal/ws`)'
      tls:
        certresolver: letsencrypt
  services:
    coolify:
      loadBalancer:
        servers:
          - url: 'http://coolify:8080'
    coolify-realtime:
      loadBalancer:
        servers:
          - url: 'http://coolify-realtime:6001'
    coolify-terminal:
      loadBalancer:
        servers:
          - url: 'http://coolify-realtime:6002'

services.yaml (dynamic):

http:
  routers:
    proxmox:
      entryPoints:
        - https
      rule: Host(`proxmox.example.com`)
      middlewares:
        - default-headers
        - redirect-to-https
      tls: {}
      service: proxmox
    pihole:
      entryPoints:
        - https
      rule: Host(`pihole.example.com`)
      middlewares:
        - redirectregex-pihole
        - default-headers
        - addprefix-pihole
        - redirect-to-https
      tls: {}
      service: pihole
    syncthing:
      entryPoints:
        - https
      rule: Host(`syncthing.example.com`)
      middlewares:
        - default-headers
        - redirect-to-https
      tls: {}
      service: syncthing
    truenas:
      entryPoints:
        - https
      rule: Host(`truenas.example.com`)
      middlewares:
        - default-headers
        - redirect-to-https
      tls: {}
      service: truenas
    minio:
      entryPoints:
        - https
      rule: Host(`minio.example.com`)
      middlewares:
        - default-headers
        - redirect-to-https
      tls: {}
      service: minio
    opnsense:
      entryPoints:
        - https
      rule: Host(`opnsense.example.com`)
      middlewares:
        - default-headers
        - redirect-to-https
      tls: {}
      service: opnsense
  services:
    proxmox:
      loadBalancer:
        servers:
          - url: 'https://192.168.100.10:8006'
        passHostHeader: true
    pihole:
      loadBalancer:
        servers:
          - url: 'http://192.168.100.2:80'
        passHostHeader: true
    syncthing:
      loadBalancer:
        servers:
          - url: 'https://192.168.100.40:8384'
        passHostHeader: true
    truenas:
      loadBalancer:
        servers:
          - url: 'https://192.168.100.40:444'
        passHostHeader: true
    minio:
      loadBalancer:
        servers:
          - url: 'https://192.168.100.40:9000/'
        passHostHeader: true
    opnsense:
      loadBalancer:
        servers:
          - url: 'https://192.168.100.1'
        passHostHeader: true
  middlewares:
    addprefix-pihole:
      addPrefix:
        prefix: /admin
    redirect-to-https:
      redirectScheme:
        scheme: https
        permanent: true
    redirectregex-pihole:
      redirectRegex:
        regex: '/admin/(.*)'
        replacement: /
    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https
    default-whitelist:
      ipAllowList:
        sourceRange:
          - 10.0.0.0/8
          - 192.168.0.0/16
          - 172.16.0.0/12
    secured:
      chain:
        middlewares:
          - default-whitelist
          - default-headers

It’s probably easier if you just share a single working and non-working service, just to stay focused.

Enable and check Traefik access log in JSON format during requests.

Did i enable logs correctly? In my docker-compose.yml / command-section:

      - '--accesslog=true'
      - '--accesslog.format=json'
      - '--accesslog.filepath=/logs/access.log'

I don't get any logs there.

If you did not bind-mount the directory, then they are written inside the container.

I gave up on this and setup an nginx proxy on the device hosting my services. I don't like that workaround but i don't find the issue with my traefik not being able to proxy my local services.

Thanks @bluepuma77 for your time!