HAproxy TLS passthough

Hi
I was wondering if someone could shed some light on the issue im having,
Currently have 2 sites on my backend a wordpress and zimbra email server,
they both have the SSL on each server, the idea is to passthough to those servers

but on the log i keep seeing

SharedFrontend-merged Backend1_ipv4/ -1/-1/6 0 SC 1/1/0/0/0 0/0

Thank you

root@bunker:/var/log# cat /etc/haproxy/haproxy.cfg
global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
#	user haproxy
#	group haproxy
	daemon

	# Default SSL material locations
	#ca-base /etc/ssl/certs
	#crt-base /etc/ssl/private

	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        #ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        #ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        #ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend SharedFrontend-merged
        bind			*:443
	mode			tcp
	log			global
      timeout client		30000
      tcp-request inspect-delay	 5s
	acl			wordpress	req.ssl_sni -i wordpress.domain.co
	acl			zimbra	       req.ssl_sni -i mail.domain.co
        tcp-request content accept if { req.ssl_hello_type 1 }
       tcp-request connection set-src str(192.168.7.123) if { src 192.168.7.0/24 }
	use_backend Backend2_ipv4  if  zimbra
	use_backend Backend1_ipv4  if  wordpress



frontend HTTPTOHTTPS
	bind			*:80
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
         tcp-request connection set-src str(192.168.7.123) if { src 192.168.7.0/24 }
       acl			wordpress     var(txn.txnhost) -m str -i wordpress.domain.co
	acl			zimbra	      var(txn.txnhost) -m str -i mail.domain.co
        http-request set-var(txn.txnhost) hdr(host)
	http-request redirect scheme https  if  wordpress
	http-request redirect scheme https  if  zimbra


backend Backend2_ipv4
	mode			tcp
	id			10103
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	source ipv4@ usesrc clientip
	server			zimbra 192.168.7.245:443 id 10104 check inter 1000

backend Backend1_ipv4
	mode			tcp
	id			10101
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	source ipv4@ usesrc clientip
	server			wordpress 192.168.7.35:443 id 10102 check inter 1000

Unless the haproxy box is properly configured and the default gateway of those backend servers, this is probably wrong.

Try removing it.

Thank you for the reply,
Forgot to mention this config comes from my pfSense, which i wanted to migrate the HAproxy to a Ubuntu VM rather to have on pfSense, which was working with no issue
now it seems to work, but i thought that part would send the real IP to the backend?

Correct, you can only spoof source IPs if you are the default gateway.