[GH-ISSUE #1272] [Feature Request] SSL Proxy on non-standard-ports #29666

Closed
opened 2026-06-13 09:44:15 -05:00 by GiteaMirror · 2 comments
Owner

Originally created by @LukasSchulz on GitHub (Aug 13, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/1272

I am currently in the process of migrating my infrastructure to pangolin.

One problem I am facing right now is that I am unable to encrypt the traffic using SSL ports other than the standard port 443.
Matrix/synapse for example needs SSL on port 8448 docs.

As of now I am able to create a RAW TCP Ressource and proxying that to the service publicly, but SSL seems to be only available on the standard ports.

Maybe I overlooked something, is it currently possible to achieve this, if so, how (or maybe there is a workaround for now)?

Originally created by @LukasSchulz on GitHub (Aug 13, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/1272 I am currently in the process of migrating my infrastructure to pangolin. One problem I am facing right now is that I am unable to encrypt the traffic using SSL ports other than the standard port `443`. Matrix/synapse for example needs SSL on port `8448` [docs](https://element-hq.github.io/synapse/latest/reverse_proxy.html). As of now I am able to create a RAW TCP Ressource and proxying that to the service publicly, but SSL seems to be only available on the standard ports. Maybe I overlooked something, is it currently possible to achieve this, if so, how (or maybe there is a workaround for now)?
Author
Owner

@oschwartz10612 commented on GitHub (Aug 15, 2025):

Yeah this is currently not possible as we put all HTTP behind 443. Are you sure you need 8448 and cant have it look at a subdomain on a 443 server?

If not the current work around would be to generate the SSL serverside downstream of pangolin I think. You could throw up anouther Traefik instance and have it manage the cert for you. Not super ideal I know 😬.

<!-- gh-comment-id:3192163056 --> @oschwartz10612 commented on GitHub (Aug 15, 2025): Yeah this is currently not possible as we put all HTTP behind 443. Are you sure you need 8448 and cant have it look at a subdomain on a 443 server? If not the current work around would be to generate the SSL serverside downstream of pangolin I think. You could throw up anouther Traefik instance and have it manage the cert for you. Not super ideal I know :grimacing:.
Author
Owner

@oschwartz10612 commented on GitHub (Aug 16, 2025):

Going to move this to a feature request in the discussions

<!-- gh-comment-id:3193405328 --> @oschwartz10612 commented on GitHub (Aug 16, 2025): Going to move this to a feature request in the discussions
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#29666