Traefik v2 - is it possible to redirect to https based on host?

I am easily able to redirect all http traffic to https, using following args -- it creates a middleware named redirect-web-to-websecure:

--entrypoints.web.http.redirections.entryPoint.to=websecure
--entrypoints.web.http.redirections.entryPoint.scheme=https

But, I wish to achieve following:
*.example.com (external traffic) -> redirect http to https
*.nas.lan (internal traffic) -> redirect https to http (no redirection will also work)

I can achieve this using IngressRoute in a k3s cluster, but I wish to avoid doing this for all the apps/subdomains and would prefer to have a global solution. How can I do that?

Following chain (see image) gets created, with these two traefik arguments:

--entrypoints.web.http.redirections.entryPoint.to=websecure
--entrypoints.web.http.redirections.entryPoint.scheme=https

It does following:

  1. creates a router
  2. creates a middlewhare
  3. applies entrypoint -> router -> middlewhare -> noop-service globally

See the underlined (in red) rule in the router below, how can I replace it with my own regex?
Alternatively, how can I create a HTTP Router and attach it to a given Entrypoint?