Traefik on homeserver with reverse ssh tunnel to traefik on server

Traefik Traefik v2
,
#1

My setup:
I want to access my home server from the www using traefik. As my ISP does not offer a fixed IPv6 and to avoid other problems with port forwarding or similar I wanted to use a reverse ssh tunnel to my VPS which has a fixed IP.

For the reverse ssh tunnel i used the following docu:How To Run A Server At Home Without An IPv4 Address – WirelessMoves
Accessing the local server using : works fine.(for a specific service port but without traefik)

The ports (homeserver -> VPS) 80 -> 2280 and 443 -> 22443

Overview:
homeserver + traefik1 <-- (443 and 80) ssh tunnel (22443 and 2280) <-- VPS and traefik2 <-- www traffic

Now I want to use *.homeserver.my-domain.com to access services. On both servers (home and VPS) I want to use traefik on port 80 nad 443. Sadly I am not able to get that working.

Using my current setup (see configs below) I am able to access the homeserver traefik at http://localhost:8080/dashboard/
After opening an ssh tunnel for the port 8080 -> 28080 http://:28080/dashboard/ sadly does not work.

Also the traefik on my homserver seems not to be able to get an letsencrypt certificate. Overall I cant access traefik.homeserver.my-domain.domain.com. I tried all combinatons I could think of (examples: no certresolver on VPS side, uning tcp instead of http) nothing worked.

Any hints how to configure the two traefik for such a set-up
homeserver + traefik1 <-- (443 and 80) ssh tunnel (22443 and 2280) <-- VPS and traefik2 <-- www traffic

# VPS config
---
http:
  routers:
    homeserver-acme:
      entrypoints:
         - web
      rule: HostRegexp(`.*\.homeserver\.my-domain.com`) && PathPrefix(`/.well-known/acme-challenge/`)
      service: homeserver

    homeserver:
       entrypoints:
         - web
       rule: HostRegexp(`.*\.homeserver\.my-domain.com`)
       service: homeserver
    homeserver-secure:
      entrypoints:
        -  websecure
      rule: HostRegexp(`.*\.homeserver\.my-domain.com`)
      tls:
        certresolver: letsencrypt  # also not working without tls configured
      service: homeserver-secure


  services:
    homeserver:
      loadBalancer:
        servers:
          - url: "localhost:2280"
    homeserver-secure:
      loadBalancer:
        servers:
          - url: "localhost:22443"

# homeserver listens on 80 and 443 
version: "3.3"
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./data/acme.json:/acme/acme.json
      - ./configs/:/configs
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=web"
      - "traefik.http.routers.traefik.rule=Host(`traefik.homeserver.my-domain.com`) || PathPrefix(`/dashboard`)"
      - "traefik.http.routers.traefik.middlewares=https-redirect@file"
      - "traefik.http.routers.traefik-secure.entrypoints=websecure"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.homeserver.my-domain.com) || PathPrefix(`/dashboard`)"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.routers.traefik-secure.middlewares=secHeaders@file,traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=aaaaa:$$xxxxxxxxxxxxxxxxxx."

networks:
  proxy:
    external: true