Using Traefik with TLS (acme plugin) on non HTTP port for HTTP traffic

Unlike the question “Traefik and Let's Encrypt on non default http port 80?“, I’m running Traefik (> 1.7) on the default http ports.

I want to configure an additional entrypoint for HTTP traffic of one service on 8448. So I’ve added this entrypoint to my traefik.toml:

defaultEntryPoints = ["http", "https"]
logLevel = "DEBUG"

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
  [entryPoints.synapse]
  address = ":8448"
    [entryPoints.synapse.tls]

[api]

[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedByDefault = false

My docker service is using this port via labels like:

labels:
  - traefik.enable=true
  - traefik.clients.frontend.rule=Host:matrix.example.com
  - traefik.clients.port=8008
  - traefik.clients.docker.network=proxy
  - traefik.federation.frontend.rule=Host:matrix.example.com
  - traefik.federation.port=8448
  - traefik.federation.docker.network=proxy
  - traefik.federation.frontend.entryPoints=synapse

Unfortunately Traefik does not expose this port at all, even though my docker container does do that. The logs don’t show any error, but it’s shown that the entry point is set up by Traefik.

Does anybody has an idea, what I’m doing wrong?

The setup works for other entry points as expected.

Source: StackOverflow