what are you trying to do? do you want to be able to manage your pfsense box over the internet on 80/443 or do you want to forward those ports into a different device on your network?

I want to be able to access two different services, Huginn and NextCloud, the plan is to use HAProxy to redirect to different servers based on url. 

yep - changed the port of the webConfigurator, tried both NAT + Proxy and Pure NAT in NAT Reflection, disabled the web configurator redirect rule, and set up two rules to forward port 80 and 443 to the right server.

Even with out these set I would expect to see the port checker trying to access port 80 and it's not

This is what I am seeing in shields up, as you can see both port 80 and 443 are responding the same way as virgins blocked ports

The server is on and if I run sudo lsof -i -P -n | grep LISTEN

I can see 

docker-pr 174489 root 4u IPv4 14234721 0t0 TCP *:443 (LISTEN)
docker-pr 174502 root 4u IPv4 14234768 0t0 TCP *:80 (LISTEN)

So it looks like the ports are open and listening - although running telnet 192.168.1.35 80 comes up with connection refused, while if I telnet 3000 it works.

I'm going to down my docker containers and put Huginn on port 80 and see what that does.

I downed my docker containers, and stopped nextCloud from running on port 80 and 443, changed Huginn from 3000 to 80 and now the port checker is showing the port as open - still can't reach the page but that is a different problem. I think I'll recreate the NexCloud container knowing that's where the problem lies.

Thanks for your help.  I appreciate it.