Running a private vaultwarden instance with Traefik

I currently run the latest version of vaultwarden as a docker container on my unraid server and use traefik reverse proxy and cloudflare tunnel to expose it to the web so that my bitwarden clients can constantly sync. After doing a bit of reading about the security issues with this, I wish to make vaultwarden only accessible from my internal network or through tailscale but am having issues with vaultwarden requiring HTTPS. I found the following guide for setting up letsencrypt certs with Caddy:

However I use traefik, can I still do the same thing with traefik? If so, can someone point me in the right direction to get this set up? Thanks

Actually, I’ve managed to set up SSL wildcard certs with DNS challenge in traefik now but I can’t work out how to point my vaultwarden subdomain to the traefik container since traefik sits on one of the ports of my unraid server. When i go to adguard home (my internal DNS server) to add a custom DNS record, I can only point the vaultwarden subdomain to the server IP, which leads to the unraid login page rather than traefik. How can i point the vaultwarden subdomain directly to traefik but only on my local network? For external access, I use a cloudflare tunnel that tunnels straight to my traefik container but I’m trying to avoid exposing vaultwarden to the web