Use Traefik 3 to proxy MariaDB

Question

I'm trying to deploy a MariaDB database using docker swarm, and expose it with security using traefik as reverse proxy. I already have done something similar with Postgres, but I haven't had any luck with MariaDB.

This is my Traefik docker-stack configuration:

  traefik:
    image: traefik:3.0.0-beta3
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - certs:/letsencrypt
    ports:
      - 80:80
      - 443:443
      - 1234:1234
    networks:
      - traefik
    command:
      # Tell Traefik to discover containers using the Docker Swarm API
      - --providers.swarm.network=traefik
      - --providers.swarm.exposedbydefault=false
      - --providers.swarm.watch=true
      # Enable the Trafik dashboard
      - --api.dashboard=false
      # Set up LetsEncrypt
      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
      - [email protected]
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      # Set up an insecure listener that redirects all traffic to TLS
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      # Set up the TLS configuration for our websecure listener
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certResolver=letsencrypt
      - --entrypoints.websecure.http.tls.domains[0].main=custom.domain
      - --entrypoints.websecure.http.tls.domains[0].sans=*.custom.domain
      # Set up the port 1234 for secure database connections
      - --entrypoints.dbsecure.address=:1234
      # Set up logging level
      - --log.level=ERROR
    environment:
      - [email protected]
      - CLOUDFLARE_DNS_API_TOKEN=super_secret_token
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname==my_node

This is my MariaDB docker-stack configuration:

  mariadb:
    image: mariadb:10.11
    ports:
      - 3306:3306
    command: --default-authentication-plugin=mysql_native_password
    volumes:
      - mariadb_data:/var/lib/mysql
    networks:
      - traefik
    environment:
      MYSQL_DATABASE: db
      MYSQL_USER: user
      MYSQL_PASSWORD: pass
      MARIADB_RANDOM_ROOT_PASSWORD: "true"
      MYSQL_TCP_PORT: 3306
      MYSQL_UNIX_PORT: 3306
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname==my_node
      labels:
        traefik.enable: "true"
        traefik.tcp.routers.mariadb.entrypoints: dbsecure
        traefik.tcp.routers.mariadb.rule: HostSNI(`mariadb.custom.domain`)
        traefik.tcp.routers.mariadb.tls.certresolver: letsencrypt
        traefik.tcp.services.mariadb.loadbalancer.server.port: 3306

I tried the port 3306 and I'm sure that MariaDB is running with no issue. But when I try connecting with mariadb.custom.domain and port 1234 which is already open, I don't get anything.

I already have a postgres running on the same port 1234 with Traefik, and is running with no issue at all. And when I try running the service of MariaDB on the same port with a new sub-domain, it doesn't work properly. I'm kind of lost as I was expecting it to work similarly as Postgres did.

Just to let you know, I already tried looking for the logs in MariaDB and Traefik (and no errors at all).