Your dst-nat rule is “greedy” and redirects any connection to port 80 (regardless dst-address) to your LAN server. You have to make the rule more “picky”, one way of doing it is to add property “in-interface=vlan1”. It’s abvious that you threw away default config which is IMO a pitty, default makes a very sound base for minor tweaking (such as adding dst-nat).
BTW, the way you’re dealing with vlan on LAN side is wrong. Conceptually it should be done according to this tutorial and reading about bridge personalities beforehand would help. Your hAP ac doesn’t support the way described in tutorial by offloading to switch chip (which means higher CPU load and lower performance), to make it hardware-friendly it’s necessary to configure some things in switch chip submenu. But basic concepts are very similar (and your current setup goes against these concepts).