If anyone is interested in the steps, I would be happy to share the process. I have N+1 Windows 2016 machines running the following:

  1. IIS 10
  2. DFS w/ correct replication AD integrated w/ redundancy
  3. Central Certificate Store (Shared from master)
  4. Web files (Shared from Master)
  5. IIS Config (Shared from Master)
  6. HAProxy running on failover pair of firewalls w/ shared config across devices
  7. TLS is not offloaded so secure to end point
  8. Certs generated by Let’s Encrypt for the Portal

I will be building out a small web “farm” in the same manner. This scenario works well as you can scale simply by adding more hosts and applying the master configuration. There is no need to change anything in regards to the server in the portal once the master is set up. Customers can configure services and if you are using host headers and require TLS, customer sites will come up as soon as DNS is working and files are uploaded. You can run hundreds of sites off the same public IP and at the same time enforce TLS across all sites. The HAProxy redirects post 80 to 443 so customers are forced to activate the TSL certs. IIS 10 also automatically supports HTTP 2.0 and TLS 1.3 so you get some performance benefits.

Hit me up if you want more details.


Answered question