running traefik with a private docker registry as containers on different domains with self signed certs

I'm trying to set up a private Docker registry behind reverse proxy (with Traefik v2).

1. I have a computer with two local domains in the internal network
2. The private docker registry could work without a password
3. I created self-signed certificates

Without traefik I can push and pull images to the domain "docker-registry.mydomain.de:443". If I include traefik I get certificate errors, bad gadway or a 404 error.

What am I doing wrong ?I have attached my code.

cat /srv/docker-compose/docker-compose.yml

version: '3.6'
services:

  docker-registry:
    image: registry:2
    #ports:
      ##- 5000:5000
    #  - 443:443
    environment:
       - REGISTRY_HTTP_SECRET="mysecret"
       - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data
       - REGISTRY_STORAGE_DELETE_ENABLED=true
       - REGISTRY_HTTP_ADDR=0.0.0.0:443
       - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.mydomain.de.pem
       - REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.mydomain.de-key.pem
    labels:
       - traefik.enable=true

       - traefik.http.routers.dr-http.entrypoints=http
       - traefik.http.routers.dr-http.rule=Host(`docker-registry.mydomain.de`)

       - traefik.http.routers.dr-http.middlewares=dr-https
       - traefik.http.middlewares.dr-https.redirectscheme.scheme=https

       - traefik.http.routers.dr.entrypoints=https
       - traefik.http.routers.dr.rule=Host(`docker-registry.mydomain.de`)
       - traefik.http.routers.dr.tls=true
       - traefik.http.services.dr.loadbalancer.server.port=443
       - traefik.docker.network=traefik-net
    volumes:
      - ./data:/data
      - ./certs:/certs
    networks:
      - traefik-net

networks:
  traefik-net:
    external: true

cat /srv/traefik/docker-compose.yml

version: '3.6'

services:
  reverse-proxy:
    image: traefik:latest
    networks:
      - traefik-net
    ports:
      - 8080:8080
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./conf:/etc/traefik
      - ./certs:/etc/ssl:ro
    labels:
      - traefik.enable=true

      - traefik.http.routers.traefik-http.entrypoints=http
      - traefik.http.routers.traefik-http.rule=Host(`traefik.mydomain.de`)

      - traefik.http.routers.traefik-http.middlewares=traefik-https
      - traefik.http.middlewares.traefik-https.redirectscheme.scheme=https

      - traefik.http.routers.traefik.entrypoints=https
      - traefik.http.routers.traefik.rule=Host(`traefik.mydomain.de`)
      - traefik.http.routers.traefik.tls=true

      - traefik.http.routers.traefik.service=api@internal

networks:
  traefik-net:
    external: true

cat /srv/traefik/conf/traefik.yml

insecureSkipVerify: true

api:
  dashboard: true
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    watch: true

cat /srv/traefik/conf/dynamic.yml

tls:
  certificates:
    - certFile: /tools/certs/_wildcard.pem
      keyFile: /tools/certs/_wildcard-key.pem
    - certFile: /tools/certs/traefik.mydomain.de.crt
      keyFile: /tools/certs/traefik.mydomain.de.key
    - certFile: /tools/certs/docker-registry.mydomain.de.pem
      keyFile: /tools/certs/docker-registry.mydomain.de.pem

all certifates are in the /srv/traefik/certs path. Certificates are generated by mkcert and openssl tool.