How to give traefik access to HA with HA in network_mode: host on the same machine in docker?

I’m trying to set up HA and I’ve successfully done that, but I want it to be accessible externally, and use network mode host so it has more capability. I’ve got traefik running fine with all my other services, but this is the first time I’ve had to provide a service that isn’t on the same backend network I’ve created for traefik and every other service. I mostly followed smarthomebeginner’s guides for setting a lot of stuff up, but I tried following their section on adding external things to traefik, but it’s not working out well.
Here’s my traefik config.yml:

#Traefik 2 - Reverse Proxy
    container_name: traefik
    image: traefik:2.2.1
    restart: unless-stopped
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=false
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entrypoints.https.forwardedHeaders.trustedIPs=,,,,,,,,,,,,,
      - --entryPoints.traefik.address=:8080
      - --api=true
      - --log=true
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.swarmMode=false
      - # Load dynamic configuration from one or more .toml or .yml files in a directory.
#      - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
      - # Only works on top level files in the rules folder
#      - --certificatesResolvers.dns-cloudflare.acme.caServer= # LetsEncrypt Staging Server - uncomment when testing
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=,
      - m2_proxy
      - no-new-privileges:true
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
      - $DOCKERDIR/traefik2/rules:/rules
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $DOCKERDIR/traefik2/acme/acme.json:/acme.json
      - $DOCKERDIR/traefik2/traefik.log:/traefik.log
      - $DOCKERDIR/shared:/shared
      - "traefik.enable=true"
      # HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
      - "traefik.http.routers.traefik-rtr.tls=true"
#      - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
      - "[0].main=$DOMAINNAME"
      - "[0].sans=*.$DOMAINNAME"
      ## Services - API
      - "[email protected]"
      ## Middlewares
      - "[email protected]le"

Here’s my HA config.yml:

    container_name: home-assistant
    network_mode: host
      PUID: $PUID
      PGID: $PGID
      TZ: $TZ
      - $DOCKERCONFDIR/home-assistant:/config
      - 8123:8123
    restart: unless-stopped

Here’s a rule I tried to create for HA:

      entryPoints = ["https"]
      rule = "HostHeader(`[redacted].[redacted].com`)"
      service = "[redacted]-svc"
      middlewares = ["chain-no-auth"]
        certresolver = "dns-cloudflare"

      passHostHeader = true
        url = "https://[redacted]:8123/:8123"

And here’s the best error I can get from the above configs:

2022-09-04T03:17:10.693117793Z time="2022-09-04T03:17:10Z" level=debug msg="Serving default certificate for request: \"[redacted].[redacted].com\""

I feel like this has to be something simple, I’m just not knowledgeable enough and looking on these forums and google hasn’t provided me with a solution I know how to implement.