Vaultwarden not working with HAProxy after Updates


I recently updated my PFsense with HAProxy and my Vaultwarden Docker container. After updating both, I am getting a 503 Service Unavailable message. Prior to the update everything was working as intended. I was able to reach the server via the local IP(but not login due to no HTTPS) and from the domain. I believe I was running v.1.27 of Vaultwarden on docker. For HAProxy on my pfsense I upgraded to 2.9.1.

I tried reissuing the certificate and restarting all the services that are attached. Is there anything that changed in the recent versions on Vaultwarden that would break the previous configuration? I am attaching my HAProxy configuration below to see if anything looks off for the latest version of HAProxy

	maxconn			100
	log	syslog	debug
	stats socket /tmp/haproxy.socket level admin  expose-fd listeners
	uid			80
	gid			80
	nbthread			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend Synology
	bind			WAN:443 name WAN:443   ssl crt-list /var/etc/haproxy/Synology.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	timeout client		30000
	acl			vaultwarden	var(txn.txnhost) -m str -i
	acl			aclcrt_Synology	var(txn.txnhost) -m reg -i ^([^\.]*)\.domain\.dev(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend Synology_Vaultwarden_ipvANY  if  vaultwarden aclcrt_Synology
	use_backend Synology_Vaultwarden_ipvANY  if   aclcrt_Synology

backend Synology_Vaultwarden_ipvANY
	mode			http
	id			100
	log			global
	option			log-health-checks
	timeout connect		30000
	timeout server		30000
	retries			3
	load-server-state-from-file	global
server			Synology Docker_IP:5151 id 101 ssl  verify none

I would suggest to read the proxy examples Proxy examples · dani-garcia/vaultwarden Wiki · GitHub and compare

I have looked at it and tried to copy it and have not had any luck. The weird thing is that everything was working fine between my HAProxy and Vaultwarden before updating both. I am not sure if the issue is coming from the HAProxy side or the Vaultwarden side. Would you have any insight on where I should look to troubleshoot?

I fixed this issue. When I was running 23.09, I had my backed “Encrypt(SSL)” option checked and everything was working as expected. When I upgraded to 24.03, I had to UNCHECK “Encrypt(SSL)” and my services stopped showing the error.