Unable to get HTTPS using Traefik as reverse proxy

My setup is easy. I have an application and, instead of accessing it directly by exposing its ports, I want to use Traefik. This is my docker-compose.yml file:

version: "3.8"

    image: traefik:v2.9.1
      - --entrypoints.web.address=:80
      - --entrypoints.web-secure.address=:443 
      - --providers.docker=true
      - --providers.file.directory=/config/
      - --providers.file.watch=true

      - "80:80"
      - "443:443"
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        read_only: true
      - type: bind
        source: ./config
        target: /config/

    image: nginx:1.23.1
      - ./update/nginx.conf:/etc/nginx/conf.d/default.conf
      - ./update/ssl:/certs/
      - "traefik.http.routers.my_app.rule=Host(`update.code.es`)"

and my nginx.conf file is just:

server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;

   server_name update.code.es;

   ssl_certificate /certs/update.code.es.crt;
   ssl_certificate_key /certs/update.code.es.key;

   access_log /access.log;
   error_log /error.log;

   return 200 "This is the TLS place\n";
server {
   listen 80;
   listen [::]:80;

   access_log /access.log;
   error_log /error.log;

   server_name update.code.es;
   return 200 "This is the NON-TLS place\n";

finally, the config folder contains the private key and the certificate of my update service and the certificates.ymlfile:

    - certFile: /config/marketplace.com.crt
      keyFile: /config/marketplace.com.key

If I launch my update app (exposing the ports, of course), I can access HTTP and HTTPS:

$ curl http://update.code.es
This is the NON-TLS place
$ curl https://update.code.es
This is the TLS place

If I launch the docker-compose as shown above, docker compose up I can still access HTTP but I get the following with HTTPS:

$ curl https://update.code.es
404 page not found

Although, I have been working the whole weekend on this, reading the documentation and checking examples, I haven't found the solution for this. I don't want Traefik to make any redirection to https, I don't need Let's Encrypt or any other credentials resolvers ... I just want Traefik to pass my https request to my update container as it is. So, the label:

 - "traefik.http.routers.my_app.rule=Host(`update.code.es`)"

should be enough. Most probably, I am not understanding at all how Traefik works. Please, somebody could help? Thanks.

Which container should decode your TLS connection? Traefik does TLS and your app only plain HTTP?

  1. enable TLS for entrypoint
  2. indicate loadbalancer port 80 via your app labels

Thank you very much for your answer bluepuma77. I'm still struggling with it. Reading my question again, I realize that I put a bad example. I just have a bunch of Docker containers listening at port 443. For them, I have signed certificates by a local CA, I am in an air gaped network. I just want Traefik to behave like a transparent proxy that forwards external requests to the appropriate container for example using a rule like "traefik.http.routers.my_app.rule=Host(update.code.es)".