Bind SSL to Custom Port in Apache

You may already know how to bind SSL to port 443 on your apache webserver in Ubuntu 20.04,

But in case you don’t know, here is a clue.

The not so complicated approach is to create a new VirtualHost record that the Apache server will load when restarted.

You could create a new file in the /etc/apache2/sites-enabled/ folder named something like your-domain-name.tld.conf

sudo nano /etc/apache2/sites-enabled/my-domain-name.com.conf

And in that file you would have something similar to

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName my-domain-name.com
ServerAlias *
DocumentRoot /var/www/html
SSLEngine On
SSLCertificateFile /path-to-certificate/fullchain.pem
SSLCertificateKeyFile /path-to-certificate-key/privkey.pem
</VirtualHost>
</IfModule>

Of course, your domain name would be different than mine. Also ensure that you already have a valid certificate and key file from the service that you purchased the SSL certificate from. You can also get SSL certificates for free by following the instructions from Certbot.

Also take note that the DocumentRoot parameter points to the website folder where your html files are located. Usually it is the location of the main index.html for your website.

If you then restarted your apache server

sudo service apache2 restart

And visited https://your-domain-name.com in the browser, then you’d have a https connection to your website showing the padlock in the address bar.

All very good so far, you already knew that.

But why you are here, is because you don’t want to bind SSL to the default port 443, but some other port, for example, 12345. Maybe you already tried it, and it doesn’t work, and you don’t know why.

You have double checked your VirtualHost record looks something like this.

<IfModule mod_ssl.c>
<VirtualHost *:12345>
ServerName my-domain-name.com
ServerAlias *
DocumentRoot /var/www/html
SSLEngine On
SSLCertificateFile /path-to-certificate/fullchain.pem
SSLCertificateKeyFile /path-to-certificate-key/privkey.pem
</VirtualHost>
</IfModule>

But why doesn’t it work yet?

It is because the apache server doesn’t open the port 12345 until you specifically tell it to listen on the port 12345.

Open the file \etc\apache2\ports.conf and add a new line for Listen 12345 between the ssl_module tags.

eg,

Listen 80

<IfModule ssl_module>
Listen 443
Listen 12345
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>

and then restart the apache server

sudo service apache2 restart

And now visit

https://your-domain-name.com:12345

in the browser and you will see that it should work, provided that you don’t also have a firewall blocking port 12345 somewhere on the journey between your browser and the apache server.

To verify that apache is in fact listening on port 12345, or whichever other port you desired, use the ss command.

sudo ss -tulpn | grep :12345

You should see a response outlining the process pid and username.

Thanks for reading my article, always remember to Clap, Comment and Share and I will write more.

Sean

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store