diff --git a/roles/dch-proxy/tasks/main.yml b/roles/dch-proxy/tasks/main.yml
index 5bd1417..d2e135c 100644
--- a/roles/dch-proxy/tasks/main.yml
+++ b/roles/dch-proxy/tasks/main.yml
@@ -32,3 +32,10 @@
     dest=/etc/haproxy/70-backend-openvpn.cfg
     mode=0644
   notify: reload haproxy
+
+- name: ensure websites haproxy backend is configured
+  template:
+    src=backend-websites.haproxy.cfg.j2
+    dest=/etc/haproxy/70-backend-websites.cfg
+    mode=0644
+  notify: reload haproxy
diff --git a/roles/dch-proxy/templates/backend-websites.haproxy.cfg.j2 b/roles/dch-proxy/templates/backend-websites.haproxy.cfg.j2
new file mode 100644
index 0000000..2d2023f
--- /dev/null
+++ b/roles/dch-proxy/templates/backend-websites.haproxy.cfg.j2
@@ -0,0 +1,7 @@
+backend web
+	server web0 web0.pyrocufflink.blue:80 check
+
+
+backend web-tls
+	mode tcp
+	server web web0.pyrocufflink.blue:443 check
diff --git a/roles/dch-proxy/templates/frontend-main.haproxy.cfg.j2 b/roles/dch-proxy/templates/frontend-main.haproxy.cfg.j2
index bb43f39..6137a0b 100644
--- a/roles/dch-proxy/templates/frontend-main.haproxy.cfg.j2
+++ b/roles/dch-proxy/templates/frontend-main.haproxy.cfg.j2
@@ -5,7 +5,7 @@ frontend main
     use_backend gitea if { hdr(host) -i git.pyrocufflink.net }
     use_backend jenkins if { hdr(host) -i jenkins.pyrocufflink.blue }
     use_backend jenkins if { hdr(host) -i jenkins.pyrocufflink.net }
-    default_backend myala
+    default_backend web
 
 
 frontend main-tls
@@ -20,5 +20,5 @@ frontend main-tls
     use_backend gitea-tls if { req_ssl_sni -i git.pyrocufflink.net }
     use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.blue }
     use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.net }
-    use_backend myala-tls if { req_ssl_sni -i darkchestofwonders.us }
+    use_backend web-tls if { req_ssl_sni -i darkchestofwonders.us }
     default_backend openvpn