By SSL Bridging I only mean re-encrypting on the trip to the real servers so adding ‘ssl verify none’ will make it SSL Bridging.
I’m glad ‘option accept-invalid-http-request’ fixed your problem, HAproxy follows RFC’s and drops non standard HTTP traffic by default unless you tell it not to, you could have verfied this was happening by using the stats page and a socat command to see errors:
echo "show errors" | socat unix-connect:/var/run/haproxy.stat stdio
More info here: https://makandracards.com/makandra/36727-get-haproxy-stats-informations-via-socat
In my experience, longer timeout’s can be needed also so you may wish to experiment with the ‘timeout client / server’ settings as well as other timeouts.
I’m not sure why you are getting sudden client disconnects either, it could be these are simply unused connections because in my experience the number of connections used per client fluctuates…