Daniel Bird

Infrastructure, support, systems, things built properly

← Back to Projects

Application Delivery & Load Balancing

A deployed load balancer handling traffic from mail servers and websites

As my homelab environment continued to grow, I needed a secure and scalable way to expose internal services such as Microsoft Exchange and self-hosted web applications to the internet over HTTPS.

While deploying Microsoft Exchange, I quickly discovered that secure service publishing, SSL certificate management, and reverse proxying were critical components required for production-style deployments.

Rather than exposing services directly to the internet, I wanted to implement a more secure and enterprise-style approach to application delivery. This led me to deploying Kemp LoadMaster as a reverse proxy, SSL termination point, and application delivery controller within my infrastructure.

Project Goals

Before deploying the environment, I established several key objectives:

  • Securely publish internal services over HTTPS
  • Implement SSL/TLS encryption for externally accessible applications
  • Centralise SSL certificate management
  • Improve security by avoiding direct exposure of backend services
  • Support Microsoft Exchange external services such as OWA and Autodiscover
  • Host and publish internally hosted ASP.NET Core websites securely

Research & Planning

Before implementing the solution, I spent time researching how enterprise environments securely expose internal services while maintaining separation between external traffic and backend infrastructure.

Areas of research included:

  • Reverse proxy architecture
  • Load balancing concepts
  • SSL/TLS encryption and certificate management
  • HTTPS service publishing
  • DNS and external service routing
  • Exchange external connectivity requirements

During this process, I learned how critical SSL certificates and secure traffic handling are for modern infrastructure, particularly when hosting externally accessible services such as email platforms and websites.

Initial Environment

The Kemp LoadMaster deployment was integrated into my wider self-hosted infrastructure environment consisting of:

  • pfSense firewall for routing, NAT, and security policies
  • VMware ESXi virtualisation platform
  • Microsoft Exchange mail services
  • ASP.NET Core (.NET 8) web applications
  • Internal DNS and segmented VLAN networking

Kemp LoadMaster was deployed as a centralised application delivery layer positioned between external internet traffic and internally hosted services.

HTTPS Publishing & SSL Certificate Management

One of the most important aspects of this project was learning how HTTPS encryption and SSL certificate management operate within enterprise environments.

I configured Kemp LoadMaster to act as the primary SSL termination point for externally accessible services, allowing encrypted HTTPS traffic to be securely handled before forwarding requests internally.

This involved:

  • Creating and managing SSL certificates
  • Configuring HTTPS listeners and virtual services
  • Publishing internal applications securely to the internet
  • Configuring reverse proxy rules and backend service routing
  • Managing DNS records and external service access

Through this process, I developed a much stronger understanding of:

  • SSL/TLS encryption
  • Certificate chains and trust relationships
  • HTTPS service publishing
  • Reverse proxy architecture
  • Enterprise application delivery concepts

Microsoft Exchange & Website Integration

A major requirement for this project was supporting Microsoft Exchange external services such as:

  • Outlook Web Access (OWA)
  • Autodiscover
  • Exchange Admin Center (EAC)
  • Secure Outlook client connectivity

In addition to Exchange, I also used Kemp LoadMaster to securely host and publish self-developed ASP.NET Core (.NET 8) websites over HTTPS.

This allowed multiple internally hosted services to share a secure and centralised entry point while improving both security and infrastructure management.

Troubleshooting & Learning Experiences

Throughout the deployment, I encountered several real-world challenges involving SSL certificates, DNS propagation, HTTPS configuration, and reverse proxy behaviour.

Troubleshooting these issues significantly improved my understanding of how modern infrastructure components interact together and how small configuration issues can impact externally accessible services.

Areas of troubleshooting included:

  • SSL certificate validation issues
  • DNS resolution and external routing
  • Reverse proxy configuration problems
  • HTTPS redirect and listener configuration
  • Backend service communication issues

Outcome

This project provided practical hands-on experience with enterprise-style application delivery, HTTPS publishing, SSL certificate management, and reverse proxy infrastructure within a fully self-hosted environment.

More importantly, it demonstrated how secure application delivery platforms integrate with networking, DNS, authentication, and backend services to provide secure external access to internal infrastructure.

Through this deployment, I significantly strengthened my knowledge of:

  • Reverse proxying and application delivery
  • SSL/TLS certificate management
  • HTTPS service publishing
  • DNS and external routing
  • Enterprise networking concepts
  • Infrastructure security and segmentation

This project became a core component within my enterprise-style homelab environment and now acts as the secure entry point for multiple internally hosted services and applications.