DNAT for LAN hosts


I am trying to figure out how to DNAT HTTP(S) traffic coming from different networks on my router. For some reason I cannot get it working.

What I want to achieve:
I have several local networks with different IP ranges that host different services using subdomains. I want these services to run via a traefik reverse proxy so that they are using https with a trusted certificate I don't have to install custom certificates for.

The standard approach seems to be to force the DNS to resolve all (sub-)domains to a certain host, the reverse proxy. While this works great for HTTP, this breaks the usage of SSH, since all domains will be resolved to the reverse proxy and not the actual host.

So my idea is to not interfere with DNS, but instead just capture all HTTP traffic going torwards these hosts (which should be doable, since they sit in different networks) and redirect it to the reverse proxy using this rule. But for some reason I seem to miss the rule type necessary for doing this in Openwrt.

How about a redirect from the client to the IP of the server for http(s) then DNAT to traefik?
I am not sure if this can be accomplished directly in uci/luci, but it certainly is possible with iptables/nftables.