Trouble configuring mastodon behind Traefik

Using the mastodon module, I’m struggling to get Traefik configured to be able to access the application. Similar to Nextcloud, the Mastodon module configures an nginx virtualhost to do all the complex routing. For Nextcloud, I was able to add a listen address to nginx and then access that via Traefik:

  services.nginx.virtualHosts."nextcloud.domain.com".listen = [ { addr = "127.0.0.1"; port = 8180; } ];
.....
services.traefik.dynamicConfigOptions.http.routers.nextcloud = {
    rule = "Host(`nextcloud.domain.com`)";
    service = "nextcloud";
    middlewares = ["headers"];
    entrypoints = ["websecure"];
    tls = {
      certResolver = "le";
    };
  };
  services.traefik.dynamicConfigOptions.http.services.nextcloud = {
    loadBalancer = {
      servers = [
        {
          url = "http://localhost:8180";
        }
      ];
    };
  };

This works great! However, with Mastodon when I try the same method, I get the ERR_TOO_MANY_REDIRECTS error in the browser. Here is my Mastodon config:

{
  lib,
  ...
}:{
  services.mastodon = {
    configureNginx = true;
    enable = true;
    extraConfig = {
      SINGLE_USER_MODE = "true";
      WEB_DOMAIN = "domain.com";
    };
    localDomain = "m.domain.com";
    smtp.createLocally = false; # already have Postfix setup
    smtp.fromAddress = "";
    streamingProcesses = 3;
  };
  services.nginx.virtualHosts."m.domain.com" = {
    enableACME = lib.mkForce false;
    forceSSL = lib.mkForce false;
    listen = [
      {
        addr = "127.0.0.1";
        port = 8181;
      }
    ];
  };
  services.traefik.dynamicConfigOptions.http.routers.mastodon = {
    rule = "Host(`m.domain.com`)";
    service = "mastodon";
    middlewares = ["headers"];
    entrypoints = ["websecure"];
    tls = {
      certResolver = "le";
    };
  };
  services.traefik.dynamicConfigOptions.http.services.mastodon = {
    loadBalancer = {
      servers = [
        {
          url = "http://localhost:8181";
        }
      ];
    };
  };
}

Any ideas? Thanks!!

Small progress. By disabling the unixSocket option, I can now see the Mastodon logo image…but that’s it. There are a bunch of errors in the Firefox developer console like:

The resource from “https://m.domain.com/packs/js/locale/en-json-f77396d808799439eb90.chunk.js” was blocked due to MIME type (“”) mismatch (X-Content-Type-Options: nosniff).
None of the “sha256” hashes in the integrity attribute match the content of the subresource. The computed hash is “47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=”.

and errors in the server journal like:

Sep 26 10:27:36 homeserver puma[815851]: I, [2024-09-26T10:27:36.489808 #815851]  INFO -- : [c980ac71-e9aa-4c1c-8507-871ba13d2a26] method=GET path=/packs/media/icons/favicon-32x32-249409a6d9f300112c51af514d863112.png format=png controller=ApplicationController action=raise_not_found status=404 allocations=2687 duration=3.34 view=1.61 db=0.00

Here’s the new mastodon.nix:

{
  lib,
  ...
}:{
  services.mastodon = {
    configureNginx = true;
    enable = true;
    enableUnixSocket = false;
    extraConfig = {
      SINGLE_USER_MODE = "true";
      WEB_DOMAIN = "domain.com";
    };
    localDomain = "m.domain.com";
    smtp.createLocally = false; # already have Postfix setup
    smtp.fromAddress = "";
    streamingProcesses = 3;
    trustedProxy = "127.0.0.1";
  };
  services.nginx.virtualHosts."m.domain.com" = {
    enableACME = lib.mkForce false;
    forceSSL = lib.mkForce false;
  };
  services.traefik.dynamicConfigOptions.http.routers.mastodon = {
    rule = "Host(`m.domain.com`)";
    service = "mastodon";
    middlewares = ["headers"];
    entrypoints = ["websecure"];
    tls = {
      certResolver = "le";
    };
  };
  services.traefik.dynamicConfigOptions.http.services.mastodon = {
    loadBalancer = {
      servers = [
        {
          url = "http://localhost:55001";
        }
      ];
    };
  };
}

Any ideas? Thanks!