Set up a virtual ip under Firewall → Virtual IP's.
Create a wild card server cert for your domain.
Needs IP Alias, an address with /32 as we only need a single IP address in this case
Services → HAProxy (assuming it's been installed)
Create a backend for each service you want to put behind the proxy. We only need to edit HAProxy Backend Server Pool. Example settings
name: name
Forwardto: Address+Port
Address: 10.10.10.70
Port: 9000
Encrypt(SSL): no
SSL Checks: noUnder front ends, create one for HTTP-80. Settings should be:
External Address:
Listen Address: The virtual IP you created
Port: 80
Type: http / https(offloading)
Under Default backend, and only under Actions:
Action: http-request-redirect
rule: scheme https
Under Advanced Settings
Use "forwardfor" option: CheckedCreate another backend for HTTP-443
External Address:
Listen Address: The virtual IP you created
Port: 80
Type: http / https(offloading)Under Default backend, access control lists and actions is where you specify the redirects
Create an Access Control List. For example:
name: portainer
Expression: Host Starts With
CS: no
Not: no
Value: portainerThen under Actions:
Action: Use Backend
Parameters: See below
Condition ACL Names: portainer
Use Backend: PortainerUnder advanced settings:
Use "forwardfor" option: CheckedUnder SSL Offloading:
Certificate: Use the created wild card server cert
Add ACL for certificate CommonName. (host header matches the "CN" of the certificate): Checked
Add ACL for certificate Subject Alternative Names.: CheckedUnder Settings:
Enable HAProxy: Checked
Maximum Connections: 500
Internal stats port : 444
Max SSL Diffie-Hellman size: 2048Should be good to go. One day I may even explain things better, but for now, these settings work for me.