Port 8443 — Alternative HTTPS

Port 8443 is the unofficial alternative to HTTPS port 443 — the same relationship that port 8080 has to HTTP port 80. It's used when an application needs HTTPS but can't bind to port 443 because: (1) the process lacks root privileges required for ports below 1024 on Linux, (2) another service already holds port 443, or (3) the application runs as a non-privileged service on a shared system.

Unlike port 8080 (which is pervasive across web frameworks), port 8443 is more specific — it appears most commonly in Java application servers, enterprise web UIs, NAS admin panels, and container management tools. When you see https://localhost:8443, expect a self-signed certificate warning — almost every application on this port uses a self-signed cert by default.

Alternative HTTPS: localhost:8443

Expect a self-signed certificate warning — click Advanced → Proceed to continue | Standard HTTPS: port 443

What Uses Port 8443

Software	Why 8443?	URL Pattern
Apache Tomcat	Java servlet container — 8443 is Tomcat's default HTTPS connector alongside HTTP on 8080	https://localhost:8443
Portainer CE	Docker management UI — 8443 for HTTPS, 9000 for HTTP	https://localhost:9443 (newer) or 8443 (older)
UniFi Network Application	HTTPS for the self-hosted UniFi controller	https://localhost:8443
Synology NAS DSM	HTTPS admin panel when HTTPS port configured to 8443	https://[nas-ip]:8443
Jenkins	CI/CD server HTTPS when configured as non-root service	https://localhost:8443
VMware vSphere / ESXi	Management HTTPS alternate port in some configurations	https://[esxi-host]:8443
WildFly / JBoss	Java EE application server HTTPS management console	https://localhost:8443
Proxmox VE	Hypervisor web management (standard port is 8006, but 8443 in some configs)	https://[host]:8443

Self-Signed Certificate Warning

Applications on port 8443 almost universally serve a self-signed TLS certificate — one they generated themselves, not signed by a trusted Certificate Authority. Your browser doesn't trust self-signed certificates by default and shows a security warning. This is expected behavior for local admin UIs, not an actual security threat on your own network.

To proceed past the warning: click Advanced (or "Show details") then Proceed to localhost (unsafe) in Chrome, or Accept the Risk and Continue in Firefox. The connection is still encrypted — the warning is about certificate authority trust, not about the encryption itself.

Apache Tomcat — Port 8443 Configuration

Tomcat's default HTTPS connector uses port 8443 alongside HTTP on 8080. In conf/server.xml:

<!-- Uncomment and configure this connector for HTTPS on 8443 -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                     type="RSA" />
    </SSLHostConfig>
</Connector>

UniFi Network Application

The self-hosted UniFi Network Application (for managing Ubiquiti APs without a Dream Machine) runs HTTPS on port 8443. Access at https://localhost:8443 — accept the self-signed cert warning. Newer versions of UniFi are migrating to different ports; check your version's documentation.

# Docker install
docker run -d --name unifi \
  -p 8443:8443 \
  -p 3478:3478/udp \
  -p 10001:10001/udp \
  -v unifi_data:/config \
  lscr.io/linuxserver/unifi-network-application

Nginx Reverse Proxy to Move 8443 → 443

If you want to access a service on 8443 at a clean https:// URL on port 443, proxy it through Nginx with a real certificate:

server {
    listen 443 ssl;
    server_name myapp.local;
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass https://localhost:8443;
        proxy_ssl_verify off;  # Because backend uses self-signed cert
    }
}

Troubleshooting

Problem	Fix
Browser blocks self-signed cert entirely	In Chrome: type `thisisunsafe` anywhere on the warning page (bypasses it)
Port 8443 refused — nothing listening	The service is configured but not running, or HTTPS isn't enabled in its config
UniFi controller "Adoption failed"	AP must be able to reach the controller at port 8080 (inform) and 8443 — check firewall rules
Find what's using 8443	`sudo lsof -i :8443` (Linux/Mac) \| `netstat -ano \| findstr :8443` (Windows)