the_missing_kemp_setup_guide.md

1: Install the Kemp Load Balancer

1. DOWNLOAD from https://kemptechnologies.com/free-vlm-register/
2. INSTALL The OVF Image (either in ESXI or in VMWare Workstation)
3. EDIT Network Adapter Settings
   1. Ensure the two NIC's have a unique and static MAC address
4. LOGIN To the web interface
5. ACTIVATE "Free" license

2: Load Balancer Initial Setup

1. LOGIN to the web interface of the load balancer Mervin's Local Network = https://192.168.1.28/
2. CREATE Virtual Service (Virtual IP Address VIP) to serve as the destination through which traffic and services will communicate through Mervin's Local Network = 192.168.1.215
3. ADD New Sub Virtual Service (Real Services > Add SubVS)
   1. NAME the SubVS (Set Nickname)
   2. ADD a Real Service with the respective service information (IP and port)

3: Setup your Domain Name

Cloudflare is recommended as it handle 1) wildcard domain, and 2) SSL for all the domains associated with your network routing.

1. ACQUIRE Domain
2. Route it (NS) to CloudFlare

4: Cloudflare Setup

1. ADD Destination IP address as your ISP's IP Address (your house)
2. ENSURE Proxy setting is checked, to hide your private ISP address.

5: SSL Certificates (Install)

Part 1 - in Cloudflare

1. Go to SSL > Edge Certificates
2. CHECK "Always use HHTPS"
3. Go to SSL > Overview
   1. CHECK "Full (Strict)"
4. Go to SSL > Origin Server
   1. Click "Create Certificate"
   2. Click "Use my private key and CSR"
   3. PASTE the CSR generated from Kemp
5. SAVE the "Origin Certificate" text content as a .pem file type on your workstation (this is your Public key)

Part 2 - in Kemp

1. Generate a CSR
   1. Go to Certificates & Security > Generate CSR
   2. Enter your desired information
   3. Enter the domain name under "Common Name" Example: hackwell.tk
   4. Enter an asterisk for the subdomain name in the SAN/UCC name field Example: *.hackwell.tk
   5. SAVE the content generated in the "Private Key" area as a .key file type on your workstation.
2. SET The SSL Certificate
   1. Go to Certificates & Security > SSL Certificates
   2. Click "Import"
   3. Upload Public key into the "Certificate file" field
   4. Upload Private key into the "Key file" field
   5. Name the certificate CloudflareOrigin.
3. UPLOAD Root Certificate
   1. Download Root Cloudflare PEM file from this location
   2. Upload into the "Add Intermediate" page of kemp (Certificates & Security > SSL Certs)
   3. Name the certificate CloudflareRoot.
4. ENFORCE Use of SSL in VIP Service
   1. Go to Virtual Services > View/Modify Services
   2. Click SSL Properties
   3. Assign the "CloudflareOrigin" cert under the Self Signed section, by selecting the certificate, and moving it to the right hand column.
   4. Click "Set Certificate"
   5. Check the box for "Reencypt"
5. Done with SSL now.

6: Port Forward 443

1. ROUTE Incoming traffic to your router to your internal VIP address through port 443

7: Setup Content Switching

Part 1 - ADD Subdomain and Routing

1. ADD a new subdomain to Cloudflare, and set the destination to be your ISP's IP Address

Part 2 - Set the Content Rule in Kemp

1. Go to Rules & Checking
2. Name the rule the name of the service you are routing to locally such as Plex
3. Set the Header field to be host
4. Set the Match String field to be ^plex.hackwell.tk
5. Check the box for Ignore Case

Part 3 - Associate Rule with Service

1. Go to Virtual Services > View/Modify Service
2. Under "Advanced Properties", enable Content Switching
3. Under "SubVS's" click the rule button for the service you wish to link a rule to
4. Select the rule, and press save.