Traefik 1.7x + Wordpress Woes (Full Logs Inside) [Traefik not working AT ALL on ONLY Wordpress container]

Hi. Traefik cannot query my Wordpress container in any way, shape or form. Tried for 6 hours, changing everything I know. Internally works fine at port 8000. All my other services work fine. Ideally, I'd like Wordpress to query directly to my root domain, so instead of wp.example.com it would just go to example.com

Relevant Docker-Compose portion:

  wordpress:
    container_name: wordpress
    depends_on:
      - mariadb
    image: wordpress:latest
    restart: always
    ports:
      - 8000:80
    environment:
      WORDPRESS_DB_HOST: mariadb:3306
      WORDPRESS_DB_USER: xxxxxx
      WORDPRESS_DB_PASSWORD: xxxxxx
      WORDPRESS_DB_NAME: wordpress
    volumes:
      - wordpress:/var/www/html
    links:
      - mariadb
    networks:
      - traefik_proxy
    labels:
      - "traefik.enable=true"
      - "traefik.backend=wordpress"
      - "traefik.frontend.rule=Host:wp.example.ai"
      - "traefik.port=80"
      - "traefik.docker.network=traefik_proxy"

Tried without port numbers (both in the ports: section and the traefik.port, tried port 8000, etc etc.. Nothing. Portainer (ports 9000:9000) can query to the root domain fine if changed. Wordpress can't at ALL and gives me a "too long to respond" error.

Cloudflare:

rules.toml:

#debug = true

logLevel = "DEBUG" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
InsecureSkipVerify = true
defaultEntryPoints = ["https", "http"]

# WEB interface of Traefik - it will show web page with overview of frontend and backend configurat$
[api]
  entryPoint = "traefik"
  dashboard = true
  address = ":8080"

# Force HTTPS
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[file]
  watch = true
  filename = "/etc/traefik/rules.toml"

# Let's encrypt configuration
[acme]
email = "xxxxxxxxxxxx" #any email id will work
storage="/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging=true
onDemand = true #create certificate when container is created
[acme.dnsChallenge]
  provider = "cloudflare"
  delayBeforeCheck = 300
[[acme.domains]]
   main = "*.xxxxxx.ai"
   sans = ["xxxxxxx.ai"]

# Connection to docker host system (docker.sock)
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "xxxxxxx.ai"
watch = true

# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false