If I understand correctly your server setup is in 2 parts. HTTP on one server and API on another?
I had a similar issue while hosting something like this. The problem is that when you are coming inbound to the proxy, the proxy it is unaware of how to reach your API locally unless it is also exposed along side the HTTP service in HAproxy.
If i remove that 3600 service from haproxy, put firewall nat redirect to host and port 3600 and include my host on my provider (ionos) everything work perfect.
Exemplo: my domain is test.com, my http server call backend server. https://auth.test.com:3600/auth
If i go on ionos and include subdomain ‘auth’. On DNS records show TYPE A with ‘auth’ and my public ip, after that everthing work.