Convert NGINX host mapping example to Traefik host mapping w/ Kubernetes manifest

Question

The broader problem is that I have a Sonatype Nexus server running within a K3s cluster, and I am trying to serve/expose endpoints for Docker clients to pull images from. In Sonatype's documentation they have example host mapping strategies listed here as it pertains to docker registries --> https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry/docker-repository-reverse-proxy-strategies

I am trying to adapt the NGINX configuration that Sonatype outlines in the link above and titled Host Mapping Strategy. The Nexus pod is configured like so

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nexus
  namespace: nexus
  labels:
    app: nexus
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nexus
  template:
    metadata:
      labels:
        app: nexus
    spec:
      containers:
      - name: nexus
        image: sonatype/nexus3:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8081
        volumeMounts:
        - name: nexus-data
          mountPath: /nexus-data
      volumes:
      - name: nexus-data
        persistentVolumeClaim:
          claimName: nexus-claim

The service definition...

apiVersion: v1
kind: Service
metadata:
  name: nexus-service
  namespace: nexus
spec:
  selector:
    app: nexus
  ports:
  - port: 8081
    name: nexus-default-port
  type: ClusterIP

This is what I have tried so far for the Traefik IngressRoute

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nexus-ingressroute
  namespace: nexus
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`k3sdev-m.nexus.com`) && PathPrefix(`/v2`)
    kind: Rule
    services:
    - name: nexus-service
      port: 8081
    middlewares:
    - name: nexus-middleware-headers
    - name: nexus-middleware-regex
  - match: Host(`k3sdev-m.nexus.com`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: nexus-service
      port: 8081
  tls:
    secretName: host-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: nexus-middleware-headers
  namespace: nexus
spec:
  headers:
    customRequestHeaders:
      X-Forwarded-Proto: https
      X-Forwarded-For: |
        {{ default "" .X-Forwarded-For  }}
      X-Real-IP: |
        {{ default "" .X-Real-IP }}
      Host: |
        {{ default "" .Host }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: nexus-middleware-regex
  namespace: nexus
spec:
  replacePathRegex:
    regex: ^/v2/(.*)
    replacement: /v2/repository/docker-pull/$1
      #permanent: true

I have tried this with and w/out middleware, have made tweaks to the regex, added and omitted http headers with no good results. I either get 404 or a 500 which I attempted to trace but could find no logs that caught the error in Traefik or Nexus. All attempts where made using a docker client with the registry listed as unsecured since I am using self signed certs. I was performing docker pull k3sdev-m.nexus.com/python3:latest and I have Nexus setup for now to allow anonymous pulls until I can get this figured out. The registry I am trying to reach in Nexus is a proxy for docker hub.