Why does port detection fail for traefik for an `internal` network?

I am trying to control internet access in my containers and that I am doing with internal: true set for my traefik network. However, I noticed that port detection fails to work with the introduction of the internal config.

Here is a minimal reproducible example:

services:
  traefik:
    image: "traefik:v3.4"
    container_name: "traefik"
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.web.address=:80"
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - traefik

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
      - "traefik.http.routers.whoami.entrypoints=web"
    networks:
      - traefik

    expose:
      - 80

networks:
  traefik:
    name: traefik
    driver: bridge
    internal: true # Comment this and it works.
    attachable: false

My question is, what do I need to do to ensure that port detection works even on an internal network?

That's an interesting question. I didn't know about internal.

This makes it work:

      - traefik.http.services.whoami.loadbalancer.server.port=80

Note that ports will have no effect, as there is no bridge network defined. And all ports are available on a Docker network, anyway

If you think it's a bug, you can report it to the devs at Traefik Github.

I will create an issue on GitHub because I think this should still work.

On another note, I am curious about the ports declaration, shouldn't it work because I do explicitly specify the traefik bridge network?

I have created the bug report: Port detection does not work for networks marked as `internal` · Issue #11878 · traefik/traefik · GitHub