I tried implementing the suggested changes for HAproxy. Unfortunately they do not work, they appear to be for an older version of HAproxy. This is the error message I get:
The 'reqadd' directive is not supported anymore since HAProxy 2.1. Use 'http-request add-header' instead.
I assume you must have manually upgraded this install to bullseye at some point then? Did you change anything else?
You should still be able to get the systeminfo bundle over SSH (the blue words are auto-links to the relevant help topics). The other thing to check, if you can get to the login screen, is that there are no errors in your browser console. Open the console, and then try and login and check there are no errors reported in the console. You might see something about CSRF validation failed (most likely if you reached the login screen but nothing else is working)
Just found out a reverse proxy test page was added on 1.8.4 on /reverse_proxy_test.
It turns out that the port numbers are mismatched so do cookies suffix, which caused CSRF fail.
In my case it's a bit tricky due to the HTTP/3 support of nginx and my ISP's blocking of TCP 443. But in general, if you found that you could not login after upgrade, have a look on /reverse_proxy_test.
The other issue is that the login page should show correct error message for CSRF failure, no a misleading "incorrect password".