How to run nginx SSL on non-standard port

In order to support typing "https://myexample.com" in your browser, and having it handled by the nginx config listening on port 9443, you will need an additional nginx config that still listens on port 443, since that is the IP port to which the browser connects.

Thus:

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name myexample.com www.myexample.com;
  ssl_certificate /etc/letsencrypt/live/myexample.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/myexample.com/privkey.pem;

  # Redirect the browser to our port 9443 config
  return 301 $scheme://myexample.com:9443$request_uri;
}

server {
  listen 9443 ssl;
  listen [::]:9443 ssl;

  server_name myexample.com www.myexample.com;
  ssl_certificate /etc/letsencrypt/live/myexample.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/myexample.com/privkey.pem;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

  #Configures the publicly served root directory
  #Configures the index file to be served
  root /var/www/myexample.com;
  index index.html index.htm;
}

Notice that the same certificate/key is needed for both sections, since the certificate is usually tied to the DNS hostname, but not necessarily the port.

Hope this helps!


When you type https://example.com, the standard for the https:// scheme is to connect to port 443. In your case, you have moved your server so that it now listens on port 9443. You get the connection refused message because of this - nothing is listening on port 443.

You will need to arrange to have something listen on port 443 that redirects connections to port 9443 or use a port as part of the URL.