I’m 99% sure that can be done, but i have not tested that for ages.
The “issues” is, the entire logic right now is bound to the protocol environment variable. If this is “http” all urls are configured to be without ssl, if this is “https” everything is expected to be ssl bridged at traefik.
If we are lucky, you should simply be able to “fix” this by using the “plain” docker compose file, where traefik is using http, and then add - protocol=https to the api service and update agent_oidc_authorization_endpoint to use https ( not the others, those are internal ). I’m 99% sure that will work, if not, then we need to set a ton of extra environment variables to define when to use http and when to use https.