Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is possible to change https port on captive portal

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 2 Posters 452 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dimsum
      last edited by

      Hello,

      I have try to change https captive portal default port is 8003 in file

      /var/etc/nginx-captiveportal-CaptivePortal-SSL.conf (CaptivePortal Is my portal name)

      I have changed to xxxx number and when I reboot pfesense my port is rollback to 8003

      Any ideas please advise.

      Thanks!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @dimsum
        last edited by Gertjan

        @dimsum

        Can you tell why you want to change that port number ?
        This port number is a big "don't care" as the portal user never need to know about it.

        I'll post back here with 'instructions' later on, as I check first if it is even possible by editing just 'one file'.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • D
          dimsum
          last edited by

          I need to forward them to cloudflare tunnel I have try 8443 port is working but when I try 8003 it doesn't work. I assumed to change to another port that cloudflare are support with.

          Any ideas please let me know.

          Thanks.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @dimsum
            last edited by

            @dimsum

            A captive portal connection through a (cloudflare ) tunnel ?

            If a cloud-flare tunnel is like a VPN tunnel, then there is no issue what so ever.
            Policy route the captive portal interface over - not WAN - but another WAN type interface like a VPN tunnel, that can be done - as I do it ones ine a while when I discover that my portal users are doing things with 'my connection' (like downloading "Disney movies").
            All this has nothing to do with 'what ports' are used. My OpenVPN tunnel tunnels everything and doesn't care about what IP or port is used.

            Edit this file : /etc/inc/captiveportal.inc.
            Search for the 6 (six) occurrences of "800". It's PHP, so like 'Basic', you'll understand what happens and what is done.
            Change all the "800" for (example) "500".
            Please don't call help if you discover all kind of side effects. If this "800" value is hard-coded some where else, things will totally break, or worse, work, but you've created a security issue without being avware of it.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • D
              dimsum
              last edited by

              Hello,

              Generally, https on pf is a self-signed certificate I have got warn message when access the portal. So I need to pass-through the request to tunnel to use proxy on cloudflare and they accept some port on it e.g. 443, 8443, 2053, 2083...

              I'm using cloudflare zero trust I could access 443, 8443 to pf on cf zero trust

              When I request to login I got freewifi.abc.com:8003 and the request is not complete so I want to try to change this port to 2053.

              Maybe I'm wrong so please advise.

              Thanks!

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @dimsum
                last edited by Gertjan

                @dimsum said in Is possible to change https port on captive portal:

                https on pf is a self-signed certificate I have got warn message when access the portal.

                https login is somewhat mandatory these days, as browsers are getting picky on classic http web server / site content.
                Also : a https web server can't be ** an IP URL like https://192.168.10.1:8003/...... but must be something like "https://freewifi.abc.com:8003/

                The good news : trusted certificates are free : use the acme pfSense package.
                The 'bad' news : you need to own (rent) a domain name like "abc.com" and (check this before you sign up) the registrar needs to be compatible with "acme.sh" - see the check list here.

                As soon as you 'own' abc.com, you can set up the acme.sh pfSense package to get you a "portal.abc.com" certificate that you have to use for the captive portal web server. From this moment every web browser (captive portal visitor) out will be happy with the certificate from your captive portal : no more warnings messages.

                I don't know what "cloudflare zero trus" is, but you can't use that to replace the captive portal's web server, as this web server needs to identify the visiting user, and instruct 'pf', the pfsense firewall, to grant access through the captive portal upon successful identification.

                ** actually, it can. Some non-free certificate authorities can sign your certificate, and you can add IPs and host names into the certificate. These certificates won't be free, like the ones from Letsencrypt.
                But why would you ? It's better to use something like "https://freewifi.abc.com" as "https://192.168.10.1" as a captive portal URL.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • D
                  dimsum
                  last edited by

                  Many thanks!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.