Stop doing everything at once.
- Don’t restrict access to Cloudflare IPs only, you can do that later, once you got it all figured out
- Don’t try from within the LAN to access the public-IP; depending on the NAT stack in pfsense, this may or may not work (NAT loopback)
- Try from a different connection (like 3G/4G smartphone with Wifi turned off) to open the website (port 80 and port 443)
Does pfsense run any webserver itself for its own interface? Does that run on port 80 or 443? Make sure that you are not trying to run 2 different things on the same ports.
Perhaps your backend server doesn’t like the OPTIONS check. Remove health checking and read the haproxy logs.
Simplify your configuration and start with small steps.