Set up a virtual ip under Firewall → Virtual IP's.
Create a wild card server cert for your domain.
Needs IP Alias, an address with /32 as we only need a single IP address in this case
Services → HAProxy (assuming it's been installed)
Create a backend for each service you want to put behind the proxy. We only need to edit HAProxy Backend Server Pool. Example settings
name: name Forwardto: Address+Port Address: 10.10.10.70 Port: 9000 Encrypt(SSL): no SSL Checks: no
Under front ends, create one for HTTP-80. Settings should be:
External Address: Listen Address: The virtual IP you created Port: 80 Type: http / https(offloading) Under Default backend, and only under Actions: Action: http-request-redirect rule: scheme https Under Advanced Settings Use "forwardfor" option: Checked
Create another backend for HTTP-443
External Address: Listen Address: The virtual IP you created Port: 80 Type: http / https(offloading)
Under Default backend, access control lists and actions is where you specify the redirects
Create an Access Control List. For example:
name: portainer Expression: Host Starts With CS: no Not: no Value: portainer
Then under Actions:
Action: Use Backend Parameters: See below Condition ACL Names: portainer Use Backend: Portainer
Under advanced settings:
Use "forwardfor" option: Checked
Under SSL Offloading:
Certificate: Use the created wild card server cert Add ACL for certificate CommonName. (host header matches the "CN" of the certificate): Checked Add ACL for certificate Subject Alternative Names.: Checked
Enable HAProxy: Checked Maximum Connections: 500 Internal stats port : 444 Max SSL Diffie-Hellman size: 2048
Should be good to go. One day I may even explain things better, but for now, these settings work for me.