*** Couldn't get this to work with Visual Studio 2008, see bottom. 

Install the Web Server Role

• Check ASP.NET 
• Check II6 Metabase Compatibility role service
• Check all Security role services

Install SourceSafe

• If SourceSafe isn't already installed and configured, go ahead and do it.  Make sure everything is working properly in the LAN.
• When opening the database through the administration tool, use the UNC path (\\server\sourcesafe) instead of the local path.  This is necessary when configuring the SourceSafe server for HTTP.

Create a Self-Signed Security Certificate

• Open IIS -> Your Webserver -> Server Certificates
• Actions -> Create Self-Signed Certificate...

Bind HTTPS to your Website

• IIS -> Right-click your website -> Edit Bindings...
• Add HTTPS with your self-signed certificate

Require SSL on your Website

• IIS -> Select your website -> SSL Settings
• Require SSL -> Require 128-bit SSL -> Apply

Download and Install the IIS 7 WebDAV Extensions

• In 64-bit or 32-bit flavors.

Configure SourceSafe for Internet HTTP

• SourceSafe Admin Tool -> Connect to database using UNC path, not local path.
• Server -> Configure...
• Check Enable SourceSafe Internet
• Check Require SSL
• Check Enable SourceSafe Internet for this Database (ensure the DNS name is correct).
• Click Yes to the prompt, Visual SourceSafe needs the WebDAV and ASP.NET Web Service Extensions...

Turn on Directory Browsing for SourceSafe Website

• IIS -> Your WebServer -> Your Website -> SourceSafe -> Directory Browsing -> Enable.

Install Source Safe on your client with HTTP Server Component

• During installation, just install all the components by checking all the checkboxes.

Add Certificate to Server Machine

• Right-click Internet Explorer, Run As Administrator.
• Browse to your secure Source Safe site, and a warning should appear.  Click yes to continue to the site anyway.
• Click the Red X Certificate Error in the address bar.
• Click Install Certificate...
• Select your own store... choose Trust Root Authorities... Local Computer.

Add Certificate to Client Machines

• Repeat the steps above for clients.

Configure Visual Studio on Clients

• Tools -> Options -> Source Control -> Plug-in Selection -> Microsoft Visual SourceSafe (Internet)
• Plug-in Settings -> Advanced... -> Always use SSL to connect to the server

Open a Solution

• Visual Studio -> File -> Open -> Project
• In Favorite Links on the left hand side choose Microsoft Visual Source Safe -> Add SourceSafe Database.
• Enter your address:  something.yourdomain.com
  Enter your folder:  \\something.yourdomain.com\sourcesafe\database_name

Final Thoughts

Configuring Source Safe over the Internet is a real pain the ass.  After all that, I couldn't get it to work with Visual Studio 2008.  It errors out saying the database was created with an older version of Visual Studio.  I think I'll VPN in and be done with it.  This article was a good reference.