Traefik with TCP Routing for Postgres Docker Container

Traefik Traefik v2 (latest)
, ,
1

I have been attempting to set up a TCP router for a docker container running Postgres 14. The only changes I've made from the original files are to host names and ip addresses, otherwise, everything is the same. We use self-signed certificates. I can confirm that all my https traffic works with this setup. The TCP router shows with no errors in the dashboard; however, I am unable to connect to the Postgres instance.

My docker-compose.yml:

version: "3.9"

services:
  reverse-proxy:
    image: traefik:v2.6.3
    container_name: traefik_reverse_proxy
    ports:
      - "80:80"
      - "443:443"
      - "5432:5432"   
    networks:
      - traefik-public

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml
      - ./configuration:/configuration/
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik-public"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.home.arpa`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$05$$I2L3DCaS7YkZotNcB9wrnedcGx29KTYQY4Yac2xDqh/iI0a/ed9m6"
      - "traefik.http.routers.dashboard.tls=true"

networks:
  traefik-public:
    external: true

traefik.yml:

api:
  dashboard: true
providers:
  docker:
    exposedByDefault: false
  file:
    directory: /configuration
    watch: true
log:
  level: INFO
# redirects all http traffic to https
entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"
  postgres:
    address: ":5432"

And Traefik_dynamic.yml:

tls:
  certificates:
    - certFile: /configuration/wildcard.dev.home.arpa.cer
      keyFile: /configuration/dev-docker.key
      stores:
        - default
# based on blog post: https://traefik.io/blog/traefik-2-0-6531ec5196c2/
tcp:
  routers:
    to-database:
      entryPoints:
      - "postgres"
      rule: "HostSNI(`*`)"
      service: database-service
  services:
    database-service:
      loadBalancer:
        servers:
        - address: "192.168.1.175:5432"

My Postgres container

version: '3.9'

services:
  postgres:
    image: postgres:14
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      PGDATA: /var/lib/postgresql/data
      DB: ${POSTGRES_DB}
    expose:
      - 5432
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - traefik-public
    labels:
       - "traefik.enable=true"
       - "traefik.tcp.routers.postgres.entrypoints=postgres"
       - "traefik.tcp.routers.postgres.rule=HostSNI(`*`)"
       - "traefik.tcp.routers.postgres.tls=false"
       - "traefik.tcp.routers.postgres.service=database-service"
       - "traefik.tcp.routers.postgres.loadBalancer.server.port=5432"

volumes:
  postgres_data:
  
networks:
  traefik-public:
     external: true

I'm sure I'm overlooking something, but I'm at a loss as what. Any ideas why I can't connect?