[Feature Request] SSL Proxy on non-standard-ports #582

Closed
opened 2025-11-13 12:05:01 -06:00 by GiteaMirror · 2 comments
Owner

Originally created by @LukasSchulz on GitHub (Aug 13, 2025).

I am currently in the process of migrating my infrastructure to pangolin.

One problem I am facing right now is that I am unable to encrypt the traffic using SSL ports other than the standard port 443.
Matrix/synapse for example needs SSL on port 8448 docs.

As of now I am able to create a RAW TCP Ressource and proxying that to the service publicly, but SSL seems to be only available on the standard ports.

Maybe I overlooked something, is it currently possible to achieve this, if so, how (or maybe there is a workaround for now)?

Originally created by @LukasSchulz on GitHub (Aug 13, 2025). I am currently in the process of migrating my infrastructure to pangolin. One problem I am facing right now is that I am unable to encrypt the traffic using SSL ports other than the standard port `443`. Matrix/synapse for example needs SSL on port `8448` [docs](https://element-hq.github.io/synapse/latest/reverse_proxy.html). As of now I am able to create a RAW TCP Ressource and proxying that to the service publicly, but SSL seems to be only available on the standard ports. Maybe I overlooked something, is it currently possible to achieve this, if so, how (or maybe there is a workaround for now)?
Author
Owner

@oschwartz10612 commented on GitHub (Aug 15, 2025):

Yeah this is currently not possible as we put all HTTP behind 443. Are you sure you need 8448 and cant have it look at a subdomain on a 443 server?

If not the current work around would be to generate the SSL serverside downstream of pangolin I think. You could throw up anouther Traefik instance and have it manage the cert for you. Not super ideal I know 😬.

@oschwartz10612 commented on GitHub (Aug 15, 2025): Yeah this is currently not possible as we put all HTTP behind 443. Are you sure you need 8448 and cant have it look at a subdomain on a 443 server? If not the current work around would be to generate the SSL serverside downstream of pangolin I think. You could throw up anouther Traefik instance and have it manage the cert for you. Not super ideal I know :grimacing:.
Author
Owner

@oschwartz10612 commented on GitHub (Aug 16, 2025):

Going to move this to a feature request in the discussions

@oschwartz10612 commented on GitHub (Aug 16, 2025): Going to move this to a feature request in the discussions
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#582