Zammad/apache2 behind HAproxy?

That’s my working config. Keep in mind that the ssl certificate ist provided by the zammad vm and not haproxy:

global
        maxconn         5000
        ulimit-n        16384
        log             127.0.0.1 local0
        uid             99
        gid             99
        daemon

defaults
  timeout client 30s
  timeout server 30s
  timeout connect 5s
  log global
  option tcplog

frontend www
  bind *:80
  mode tcp
  default_backend www

frontend www-ssl
  bind *:443
  mode tcp

  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }

  default_backend cloud

# Using SNI to take routing decision
backend cloud
  mode tcp
  acl support req_ssl_sni -i FQDN_of_my_zammad_instance

  use-server server1 if support

  option ssl-hello-chk
  server server1 internal_IP_of_my_zammad_instance:443

backend www
   mode http
   acl support hdr(host) -i FQDN_of_my_zammad_instance
   use-server server1 if support

   option forwardfor

   server server1 internal_IP_of_my_zammad_instance:80