HAProxy version 2.6.6-1ppa1~focal with some questions

[info]

Hello,

Using HAProxy version 2.6.6-1ppa1~focal I am stuck with a solution

What is working:
Haproxy as load balancer for HTTP and HTTPS with NGINX as reversed proxy with 
certbot
certificates, it really make my websites loading much faster

What want as extra is, via the Virtual  IP address created by Keepalived, 
passing the port 5222
and 5223 for the XMPP protocol direct to the connected servers to let XMPP 
clients connect.

Now a telnet session to port 5222 or 5223 to the virtual adres does not give 
any response.
Doing the same direct to the IP addresses from te connected servers I get a 
accepted
Firewall rules are checked and working fine
Because port 5222 is already take by a other application Jicofo it is not 
possble to bind 5222

What can I do to get things working?

With friendly regards

Ronald

My NGINX config is:

server {
    listen 81;
    listen [::]:81;
    server_name chat.myserver.com;
    return 301 https://$host$request_uri;
}

server {
listen 5222 proxy_protocol default_server;
listen [::]:5222 proxy_protocol default_server ipv6only=off;
server_name jitsi.myserver.com;
set_real_ip_from 192.168.10.13;
real_ip_header proxy_protocol;
}

server {
listen 5223 proxy_protocol default_server;
listen [::]:5223 proxy_protocol default_server ipv6only=off;
server_name jitsi.myserver.com;
set_real_ip_from 192.168.10.13;
real_ip_header proxy_protocol;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name chat.myserver.com;

    # For the federation port
    listen 8448 ssl http2 default_server;
    listen [::]:8448 ssl http2 default_server;

    ssl_certificate /etc/letsencrypt/live/chat.myserver.com/fullchain.pem; # 
managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/chat.myserver.com/privkey.pem; # 
managed by
Certbot
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don´t use SSLv3 ref: POODLE

    root /var/www/html/element;
    index index.html;

    location ~ ^(/_matrix|/_synapse/client) {
        # note: do not add a path (even a single /) after the port in 
`proxy_pass`,
        # otherwise nginx will canonicalise the URI and cause signature 
verification
        # errors.
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Content-Security-Policy "frame-ancestors 'none'";

    # Nginx by default only allows file uploads up to 1M in size
    # Increase client_max_body_size to match max_upload_size defined in 
homeserver.yaml
    client_max_body_size 50M;

        }

    location / {
        try_files $uri $uri/ =404;
    }
}

My HAProxy.conf:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd 
listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See:
https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS
A-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-
POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA
-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_
SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    tcp
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend www
    bind 192.168.10.11:80
    default_backend web_servers

backend web_servers
    balance roundrobin
    server web-mas 192.168.10.13:81
    server web-sla 192.168.10.14:81

frontend clients
    listen 192.168.10.11:5222 #External IP
    default_backend xmpp_cluster

backend xmpp_cluster
    balance leastconn
    option independent-streams
    server xmpp1 192.168.10.13:5222 send-proxy-v2
    server xmpp2 192.168.10.14:5222 send-proxy-v2