Help with hassio SSL and traefik

I’m wondering if someone has experience getting hassio working with SSL and traefik?

My current setup looks as follows;

• Ubuntu server with docker running multiple services based on https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/
• Traefik setup with services I want remote access to (traefik running from container on my ubuntu server) using lets encrypt certs
• OAUTH
• Custom domain (not duckdns) using cloudflare DNS
• Hassio running on a dedicated PI4

With this setup I am able to use traefik rules to expose my hassio instance externally which is great, but I am unsure how to enable SSL with home assistant and keep everything running. If I turn on SSL i get 502 bad gateway when trying to access home assistant which I assume is because traefik can’t see it. I already port forward 443 for traefik to that box so I wonder if thats going to cause issues connecting to hassio?

Also no idea really about the certs I should be using? I grabbed the ones you can generate from cloudflare, but guessing they might be no use for hassio?

If it helps, here is my traefik rules file;

[backends]
  [backends.hassio.servers.server1]
    url = "http://<LOCAL_IP>:8123"

[frontends]
  [frontends.hassio]
  backend = "hassio"
    [frontends.hassio.routes.hassio_1]
    rule = "Host:hass.<EXTERNAL_DOMAIN>.com"

[backends]
  [backends.backend-hassio]
    [backends.backend-hassio.servers]
      [backends.backend-hassio.servers.server-hassio-ext]
        url = "http://<LOCAL_IP>:8123"
        weight = 0
[frontends]
  [frontends.frontend-hassio]
    backend = "backend-hassio"
    passHostHeader = true
    [frontends.frontend-hassio.routes]
          [frontends.frontend-hassio.routes.route-hassio-ext]
        rule = "Host:hass.<EXTERNAL_DOMAIN>.com"
    [frontends.frontend-hassio.headers]
      SSLRedirect = true
      SSLHost = "hass.<EXTERNAL_DOMAIN>.com"
      SSLForceHost = true
      STSSeconds = 315360000
      STSIncludeSubdomains = true
      STSPreload = true
      forceSTSHeader = true
      frameDeny = true
      contentTypeNosniff = true
      browserXSSFilter = true
      customFrameOptionsValue="allow-from https:<EXTERNAL_DOMAIN>.com"
    [frontends.frontend-hassio.auth]
      headerField = "X-WebAuth-User"
      [frontends.frontend-hassio.auth.forward]
        address = "http://oauth:4181"
        trustForwardHeader = true
        authResponseHeaders = ["X-Forwarded-User"]

I am in the same situation did you ever get this working?

Hi, the question is a bit older, but no solution, or have you found a solution in the meantime?
I would like to configure HA-OS running in a VM using external traffic as https access. I don’t want to access the Internet or open any ports, which is probably necessary with the add-on duckdns to verify om let’s encrypt certificates.