Bitwarden on premise (Docker) behind HAProxy help needed

Hi there,
i am running several http services behind a haproxy on my openwrt-router. I also try to reach an on premise installation of the bitwarden docker image on my synology nas.

I tried the following config of haproxy:

# global parameters

global
maxconn 2048
ulimit-n 65535
uid 0
gid 0
daemon
nosplice
nbproc 2

# custom ssl options

ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM
tune.ssl.default-dh-param 2048

# definiton of frontends

frontend main-https

mode http
bind 192.168.0.1:444 ssl crt /etc/haproxy.pem ciphers EECDH+AESGCM:EDH+AESGCM force-tlsv12 no-sslv3
reqadd X-Forwarded-Proto:\ https
http-response set-header Strict-Transport-Security max-age=31536000
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-Content-Type-Options nosniff

# nextcloud caldav / carddav acls

acl caldav-endpoint path_beg /.well-known/caldav
http-request set-path /remote.php/dav if caldav-endpoint
use_backend nextcloud-http if caldav-endpoint
acl carddav-endpoint path_beg /.well-known/carddav
http-request set-path /remote.php/dav if carddav-endpoint
use_backend nextcloud-http if carddav-endpoint

# bitwarden domain acl

acl bitwardendomain hdr_dom(host) -i bitwarden.mydomain.dom
use_backend synology-bitwarden if bitwardendomain

default_backend nextcloud-http

# definiton of backends

# nextcloud cluster backend

backend nextcloud-http

mode http
balance first
server next1 192.168.0.11:80 check
server next2 192.168.0.12:80 check

# bitwarden backend (docker config redirects port 8080 to 80, all firewallrules on synology are set)

backend synology-bitwarden

mode http
server synology 192.168.0.13:8080 check

Issue

I reach the login page, but after i fill in my credentials and try to login, i get a error message after “An unexpected error occurred” after aprox. 10 seconds.

I can not find any relevant information within the router and haproxy logs or within the docker image.

If i access the docker image via http://192.168.0.13:8080, everything works like a charm, so it seems to be a haproxy issue.

Any helping hands here?

Regards,
A.