Reverse proxy behind subnet router

SUPPORT QUESTIONS
1

Tailscale version: latest
Your operating system & version: Ubuntu 20 (latest lts)

Apologies for not being specific on the above info. I am writing this with my mobile.

As the Topic mentions, i’ve a reverse proxy, Traefik behind a Tailscale subnet router. Traefik right now manages the certificates for all my services on different machines (VMs).
Right now, when connected from outside home network using my phone (iOS), i can ping my servers. However, I cannot access my services behind traefik HTTPS on the browser. Other HTTP (non ssl) services behind subnet router I can access.
Safari browsers error reads out:
“Cannot establish secure connection…”

Other info,

  1. Using PiHole as dns resolver which has traefik address and is added using split dns to tailscale magic dns.
  2. My PiHole is on a different VLAN than my servers. But tailscale and traefik are on same VLAN.
  3. I see 3 entries on PiHole when doing HTTPS calls using my iPhone. 2 of them resolves locallly but one has dns type HTTPS which is resolved by upstream dns. Don’t understand Why.
  4. I can ping using my iOS to those same servers using the same domain name for my service. I am using an app to ping on my phone.

Update: It intermittently works now. I see “Unable to establish secure connections” almost 50% of the time. And sometimes it works. I didn’t do any changes to above mentioned config.
I see lots of traefik errors:

http: TLS handshake error from <Tailscale subnet router local IP: some port>: tls: client offered only unsupported versions: [301]

Request has been aborted [<Tailscale subnet router local IP: some port> - /signalr/connect?transport=serverSentEvents&clientProtocol=2.1&apiKey=xxx&connectionToken=xxx>
Request has been aborted [<Tailscale subnet router local IP: some port> - /signalr/reconnect?transport=serverSentEvents&messageId=xxx&clientProtocol=2.1&apiKey=xxx>
Request has been aborted [<Tailscale subnet router local IP: some port> - /signalr/messages?access_token=XXX net/http: abort Handler" middlewareName=traefi>

499 Client Closed Request' caused by: context canceled

Do you have any tips for me to debug this?