The webserver is accessible via external connections (just re-checked). Tried to get Hairpin NAT working ( http://wiki.mikrotik.com/wiki/Hairpin_NAT ), and that didn't work from internal. Swapped for a rule found here: http://forum.mikrotik.com/viewtopic.php ... 20#p271167 and that doesn't work either.

What do I want to look at or do next?

EDIT: Updated config dump
Edit2: Updated config dump

ros code

[admin@MikroTik] > export hide-sensitive compact 
# jan/11/2014 13:44:55 by RouterOS 5.26
# software id = HFLJ-B1QM
#
/interface ethernet
set 0 name=sfp1-gateway
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 name=ether10-WAN
/interface bridge
add admin-mac=D4:CA:6D:6F:6D:F3 auto-mac=no name=bridge-local protocol-mode=rstp
add l2mtu=1598 name=FiberOp-bridge protocol-mode=rstp
/interface vlan
add interface=ether10-WAN l2mtu=1594 name=FiberOp-VLAN vlan-id=35
/interface wireless security-profiles
add authentication-types=wpa2-psk eap-methods=passthrough management-protection=allowed mode=dynamic-keys name=THX1138-WPA2 supplicant-identity=""
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above country=canada disabled=no distance=indoors ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge security-profile=THX1138-WPA2 ssid=THX1138 wireless-protocol=802.11
/ip pool
add name=InternalPool ranges=192.168.0.105-192.168.0.200
/ip dhcp-server
add add-arp=yes address-pool=InternalPool disabled=no interface=FiberOp-bridge name=FiberOp-DHCP
/interface bridge port
add bridge=FiberOp-bridge interface=ether2
add bridge=FiberOp-bridge interface=ether3
add bridge=FiberOp-bridge interface=ether4
add bridge=FiberOp-bridge interface=ether5
add bridge=FiberOp-bridge interface=ether6-master-local
add bridge=FiberOp-bridge interface=wlan1
/ip address
add address=192.168.0.1/24 interface=FiberOp-bridge
/ip dhcp-client
add disabled=no interface=FiberOp-VLAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add chain=input comment="Accept Ping" protocol=icmp
add chain=input comment="Accept Established" connection-state=established
add chain=input comment="Accept Related" connection-state=related
add action=drop chain=input in-interface=sfp1-gateway
add action=drop chain=input in-interface=FiberOp-VLAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT HTTP" dst-address=192.168.0.100 dst-port=80 out-interface=FiberOp-bridge protocol=tcp src-address=192.168.0.0/24
add action=masquerade chain=srcnat out-interface=FiberOp-VLAN src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment="NAT HTTP" dst-port=80 in-interface=FiberOp-VLAN protocol=tcp to-addresses=192.168.0.100 to-ports=80
/ip neighbor discovery
set sfp1-gateway disabled=yes
set ether10-WAN disabled=yes
set wlan1 disabled=yes
set FiberOp-VLAN disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.0.0/24 port=8080
set ssh address=192.168.0.0/24
set winbox address=192.168.0.0/24
/system clock
set time-zone-name=America/Moncton
/system ntp client
set enabled=yes primary-ntp=142.4.200.228 secondary-ntp=198.245.49.187
/system ntp server
set enabled=yes
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local
/tool sniffer
set filter-direction=any

Rule order is important when making your masquerade rule. Try moving it to the top.

Next time when posting your config just post /export so we can see everything the way exactly the way the router is seeing it.

Rule order is important when making your masquerade rule. Try moving it to the top.

Which rule are we talking about moving up?

The hairpin nat rule.

I also do have my hairpin nat rule below my generic masquerade rule.
Only difference there is that I set src-address=<my local lan> at the generic masquerade rule.

The hairpin nat rule.

No matter how I stack them it still doesn't work. I tried using other out-interfaces as well, but nothing in my chain when applied on that rule seems to resolve the issue.

ros code

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=yes out-interface=sfp1-gateway
add action=masquerade chain=srcnat disabled=no dst-address=192.168.0.100 dst-port=80 out-interface=FiberOp-VLAN protocol=tcp src-address=192.168.0.0/24
add action=masquerade chain=srcnat disabled=no out-interface=FiberOp-VLAN src-address=192.168.0.0/24
add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=FiberOp-VLAN protocol=tcp to-addresses=192.168.0.100 to-ports=80

I anyhow advise you to remove all the unneeded 'default configuration' entries from your config.
And your out-interface for the Hairpin NAT rule should be your bridge, like you had before.

after moving the hairpin rule try to clear all previous connections in connections tab.

I anyhow advise you to remove all the unneeded 'default configuration' entries from your config.
And your out-interface for the Hairpin NAT rule should be your bridge, like you had before.

ros code

/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT HTTP" disabled=no dst-address=192.168.0.100 dst-port=80 out-interface=FiberOp-bridge protocol=tcp src-address=192.168.0.0/24
add action=masquerade chain=srcnat disabled=no out-interface=FiberOp-VLAN src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment="NAT HTTP" disabled=no dst-port=80 in-interface=FiberOp-VLAN protocol=tcp to-addresses=192.168.0.100 to-ports=80

after moving the hairpin rule try to clear all previous connections in connections tab.

Rebooted the router. Still encountering the same problem.

What interface is your computer connected to?

Can you connect to the server using the localnet ip? 192.168.0.100

What interface is your computer connected to?

Can you connect to the server using the localnet ip? 192.168.0.100

Tried from both the server itself and another computer over WiFi. Both work via IP, but not via host name.

I have posted my updated config, trimmed out as much as I could get away with. Does anyone have any suggestions about how I could troubleshoot this issue? Perhaps a walk-through about what traffic to look at while I attempt connections would be helpful?

Do you have a static public IP. If so, try to set it as the dst-address for your dst-nat rule and leave out the in-interface selector.

I don't have a static address, but that seems to work. Is there any way to automate updating that when my address is rotated?

That is doable with scripting.
Create a script that regularly check the WAN ip and compares it with the last known.
If changed, change the NAT rule.
Nevertheless I think there must be a possibility with using in-interface parameter.
I will test it within a couple of days.

Nevertheless I think there must be a possibility with using in-interface parameter.
I will test it within a couple of days.

Have you had the time to spare to take a peek at this problem?