==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.1
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version:  U18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello Zhang and iRedMail team.

I have been happily running iRedMail since version 0.96.  Right now I need to make changes to the infrastructure and because of this I am testing 1.3.1 on a separate fresh VM with Ubuntu 18.04.  The virtual machine is behind an external firewall (pFsense) with HAProxy in place.

I have a wildcard Let’s Encrypt certificate for the domain I am testing with.  The certificate on the mail server is iredmail self-signed.  HAProxy is handling requests on WAN port 443 and redirects them to port 443 on the iRedMail host without origin server certificate validation.

When I try to get to any webservice (Roundcube, SOGO, iRedAdmin) I get a page with valid certificate, so no SSL errors, however the page loads with 503 error (503 Service Unavailable No server is available to handle this request.)

I can access all webservices on HTTPS on internal IP address though, naturally, with certificate error.
I checked and I see that UFW is disabled.  I did not change a single line in the Nginx configuration files.  Nginx access log keeps inserting lines with "OPTIONS / HTTP/1.0 " 400 264 "_" "_" data.

What can be the problem?  Please offer any suggestion you may have.
Thanks in advance for your help