i recently setup headscale, which i was struggling to get working behind my haproxy instance. everything appeared to be working ok, but i wasn't be able to connect from any client.

after joining the discord and searching for the very generic error i was receiving (Could not connect: context deadline exceeded), i found a simple solution, which just involved a tweak to my haproxy config:

-acl host_headscale hdr(host) -i headscale.domain.com
+acl host_headscale hdr(host) -i headscale.domain.com headscale.domain.com:443
 use_backend web_headscale if host_headscale

so all i need to do was add in the :443 after my domain, since that is how it was being sent to haproxy, and everything worked great after that tweak.

edit:

an alternative and possibly more efficient syntax, which only checks the host part:

-acl host_headscale hdr(host) -i headscale.domain.com
+acl host_headscale hdr(host),host_only -i headscale.domain.com
 use_backend web_headscale if host_headscale