StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Configure a reverse proxy on Kemp LoadMaster

  • January 10, 2019
  • 8 min read
IT and Virtualization Consultant. Romain is specializing in Microsoft technologies such as Hyper-V, System Center, storage, networking, and MS Azure. He is a Microsoft MVP and MCSE in Server Infrastructure and Private Cloud.
IT and Virtualization Consultant. Romain is specializing in Microsoft technologies such as Hyper-V, System Center, storage, networking, and MS Azure. He is a Microsoft MVP and MCSE in Server Infrastructure and Private Cloud.

In previous topics, I shown how to deploy a standalone or a cluster of Kemp Load Master. Now your load balancer is ready, we can configure some virtual services (VS) to provide access to your web applications through Kemp.

A lot of templates are available to configure nearly automatically services such as Exchange, Sharepoint or Remote Desktop Service. In this topic, I’ll show how to configure a reverse proxy manually to provide access to several web applications through a single IP address / port.

How it works?

Most of the time, web applications are accessible through port 80 (HTTP) or 443 (HTTPS). If these applications must be accessible from the Internet, you have to consume one public IP address per web applications or change the default HTTP(S) port and play with NAT.

The other way is to use a reverse proxy. Through a single IP address / Port we are able to provide access to dozens of web applications. To redirect the user to the right application behind a single IP address/port, we use a content switching based on the HTTP name of the application. The following schema describes this behaviour:

The above schema describes a user who is trying to reach (HTTPS). This DNS entry is bound to the IP address which is the IP of the virtual service (VS) configured in Kemp. Content switching is configured in this VS. Some content rules are configured to redirect user to the right applications. These content rules look into the field host of the HTTP header and redirect to the web application (Sub VS) where this content rule is bound. Let’s see how it works in Kemp.

Content rules

Connect to the Kemp Load Master and navigate to Content rules.

Kemp LoadMaster - Content Rules

Then create a rule as the following screenshot. This rule tries to match the string in the header field ( I specified a string but you can use RegEx as well.

Kemp LoadMaster - Create Rule

Create one rule for each web applications accessible through the Kemp LoadMaster.

Virtual services

Navigate to Virtual Services | View / Modify Services. Then click on Add New.

Kemp LoadMaster - View/Modify Services

Provide an IP address, a port and a service name.

Kemp LoadMaster - Provide an IP address

Because my services behind this VS are HTTPS, I assign a certificate and I enable the option Reencrypt to present this certificate to clients instead of the web app certificate.

Kemp LoadMaster - SSL Properties

In Real Servers, I click on Add SubVS to be able to manage several web apps. Create one subVS for each web apps.

Kemp LoadMaster - Add Sub VS

Then in advanced properties, click on enable content switching.

Kemp LoadMaster - Enable Content Switching

Now if you go back to SubVS, you’ll see a column rules. Click on None to bind a content rule.

Kemp LoadMaster - Sub VS - Column Rules

Select the content rule you want and click on back.

Kemp LoadMaster - SubVS - Content Rule - Back

Once you have bound a content rule to each SubVS, click on Modify on a SubVS.

Kemp LoadMaster - SubVS - Modify

Provide a SUbVS Name and click on Set Nickname.

Kemp LoadMaster - SubVS - Name

Then in Real Servers, click on Add New.

Kemp LoadMaster - Real Servers

Provide the name or the IP address of the server that host the web application. If the web application is HA and hosted by several web servers, you can add a real server for each of them.

Kemp LoadMaster - Real Servers - Parameters

Once you have finished to configure SubVS and real server, the Virtual Service should be up:

Kemp LoadMaster - Virtual Service


DNS configuration

Now that SubVS is set, you have to configure your DNS. In the zone I created the following entries:

Reverseproxy: Type A bound to the virtual service IP address

Myservice1: Type CNAME bound to ReverseProxy

Myservice2: Type CNAME bound to Reverse Proxy

Kemp LoadMaster - DNS Configuration

Now I try in a web browser to reach my service (the certificate error is due to the domain name. The CN of my wildcard is while the domain specify below is

Kemp LoadMaster - MyService - Browser

Related materials:

Found Romain’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!