Securing server and minio using caddy via letsencrypt

Question

I'm trying to secure the server and minio db using caddy. Here is the docker-compose.yml for caddy, django and minio:

version: '3'
services:
  #-----------------------------------------------
  #   Web Services
  #-----------------------------------------------
  caddy:
    image: abiosoft/caddy:1.0.3
    env_file: .env
    environment:
      - ACME_AGREE=true
    volumes:
      - ./Caddyfile:/etc/Caddyfile
      - ./src/staticfiles:/var/www/django/static
      - ./certs/caddy:/etc/caddycerts
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    depends_on:
      - django

  django:
    build: .
    # NOTE: We use watchmedo to reload gunicorn nicely, Uvicorn + Gunicorn reloads don't work well
    command: bash -c "cd /app/src && watchmedo auto-restart -p '*.py' --recursive -- gunicorn asgi:application -w 2 -k uvicorn.workers.UvicornWorker -b :8000 -b :80 --capture-output --log-level debug"
    environment:
      - DATABASE_URL=postgres://${DB_USERNAME}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}
    env_file: .env
    volumes:
      - .:/app:delegated
      - /tmp/app-v2/django:/app_tmp
      - ./backups:/app/backups
    restart: unless-stopped
    ports:
      - 8000:8000
    depends_on:
      - db
      - rabbit
      - minio
    stdin_open: true
    tty: true
    logging:
      options:
        max-size: "20k"
        max-file: "10"


  #-----------------------------------------------
  # Minio local storage helper
  #-----------------------------------------------
  minio:
    image: minio/minio:RELEASE.2020-10-03T02-19-42Z
    command: server /export
    volumes:
      - ./var/minio:/export
    restart: unless-stopped
    ports:
      - $MINIO_PORT:9000
    env_file: .env
    healthcheck:
      test: ["CMD", "nc", "-z", "minio", "9000"]
      interval: 5s
      retries: 5
  createbuckets:
    image: minio/mc
    depends_on:
      minio:
        condition: service_healthy
    env_file: .env
    # volumes:
    #   This volume is shared with `minio`, so `z` to share it
    #   - ./var/minio:/export
    entrypoint: >
      /bin/sh -c "
      set -x;
      if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then
        until /usr/bin/mc config host add minio_docker http://my_azure_label.northeurope.cloudapp.azure.com:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do 
          echo '...waiting...' && sleep 5; 
        done;
        /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.';
        /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.';
        /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME;
      else
        echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.';
      fi;
      exit 0;
      "

In the .env file I have the following settings for domain, tls email and minio:

DOMAIN_NAME=http://my_azure_label.northeurope.cloudapp.azure.com:80
[email protected]
AWS_S3_ENDPOINT_URL=my_azure_label.northeurope.cloudapp.azure.com:9000/

Here is the Caddyfile:

:80 {
  # HTTPS options:
  # tls {$TLS_EMAIL}

  # Test HTTPS setup
  # tls {$TLS_EMAIL} {
  #   ca https://acme-staging-v02.api.letsencrypt.org/directory
  # }

  # Removing some headers for improved security:
  header / -Server

  # Serves static files, should be the same as `STATIC_ROOT` setting:
  root /var/www/django

  # Serving dynamic requests:
  proxy / django:8000 {
    except /static /media
    transparent
    websocket
  }

  # Allows to use `.gz` files when available:
  gzip

  # Logs:
  log stdout
  errors stdout
}

I'm also using custom domain, that's the reason for listening to 80 so that I can access it from my actual domain. Here are the configs:

www.subdomain.domain.com.   600 CNAME   
my_azure_label.northeurope.cloudapp.azure.com
 
subdomain.domain.com.   600 CNAME   
my_azure_label.northeurope.cloudapp.azure.com

With the above configuration, I can access the website from both azure domain label and my actual domain but without tls. I wanto to secure both the server and minio and what I tried was to set:

DOMAIN_NAME=http://my_azure_label.northeurope.cloudapp.azure.com:443
[email protected]
AWS_S3_ENDPOINT_URL=http://my_azure_label.northeurope.cloudapp.azure.com:9000/

And change in the Caddyfile 80 with 443, and uncommenting tls command.

When I run docker-compose I don't get the expected result, which is to have the server and minio accessible via https. None are with these changes.

What am I doing wrong?