Here is my config: no SSL (using port 80), with IIS (hence using port 8080)

global

    log 127.0.0.1 local0 notice

    maxconn 2048

    tune.ssl.default-dh-param 2048

    user haproxy

    group haproxy

defaults

    log     global

    mode    http

    option  httplog

    option  dontlognull

    option  http-server-close

    option  forwardfor

    option  redispatch

    retries 3

    timeout connect  5s

    timeout client  300s

    timeout server  300s

    timeout tunnel  3600s

    timeout http-keep-alive 1s

    timeout http-request 60s

    timeout queue 60s

    timeout tarpit 120s

frontend http-in

    bind *:80

    #Define hosts

    acl host_qlik hdr(host) -i qlik.mydomain.com

    use_backend qlik01 if host_qlik

    acl host_qlik_connection_upgrade hdr(Connection) -i upgrade

    use_backend qlik01 if host_qlik_connection_upgrade

    acl host_qlik_upgrade_websocket  hdr(Upgrade)     -i websocket

    use_backend qlik01 if host_qlik_upgrade_websocket

frontend windows-auth-in-4248

    bind *:4248

    option http-tunnel

    default_backend qlikauth

backend qlik01

    mode http

    balance leastconn

    #option forwardfor

    option http-server-close

    option forceclose

    no option httpclose

    #http-request set-header X-Forwarded-Port %[dst_port]

    #http-request add-header X-Forwarded-Proto https if { ssl_fc }

    option httpchk HEAD / HTTP/1.1\r\nHost:haproxy01

    server web01 THE_IP:8080 check inter 60s

backend qlikauth

    #mode http

    balance leastconn

    option forwardfor

    http-request set-header X-Forwarded-Port %[dst_port]

    http-request add-header X-Forwarded-Proto https if { ssl_fc }

    #option httpchk HEAD / HTTP/1.1\r\nHost:haproxy01

    server web01 THE_IP:4248

Good luck.