SSL on a certain port?


Using the Oracle Cloud VPS (Ubuntu 22.04) + Docker + Certbot.

My domain is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

I have installed memos app using docker. This app is accessible through port 5230 (default one during the installation process). I've managed to install an LE SSL certificate using Certbot ( and it works fine.

What I can't achieve is to have the SSL also when I access the app, so

Is it even possible? Please aware, that I'm a rookie in managing VPS's servers and SSH commands, so it is possible that I've made a mistake somewhere.

To sum up:

Thank you in advance for any help. I've checked the similar sounding topics, but nothing rings a bell unfortunately. Should I uninstall the app and install it on a different port?

Depends. Note that usually you can't combine plain HTTP with secure HTTPS on the same port. Most software just simply does not support that. Usually two separate ports are used.

Also, if you're directly connecting to a specific port, you're also (usually) directly connecting to that piece of software. So on HTTPS port 443 you've got Apache listening. And Apache has the certificate currently installed. But on port 5230 you have the "memos app" (whatever that may be) responding. So you should also install the certificate into that app.

Other commonly used scenarios is to use something called a "reverse proxy" (Apache can do that) so you're using application A (the reverse proxy) to connect to a different application B (e.g. the 'memos app').

Or, if the 'memos app' does not support TLS at all, you could use a separate application to do all the TLS termination in front of the 'memos app' if you don't want to use Apache as a reverse proxy.


But on port 5230 you have the "memos app" (whatever that may be) responding. So you should also install the certificate into that app.

Does it mean that I should install another certificate and "set" it to a certain port (5230 in this case)? The subdomain will be only used for this app, nothing else will be here.

No, certificates are not 'aware' of any ports, you can use the same certificate. You just need to install it at the right location too.


Ok, need to google that info as I know too little to do it on my own :wink: Thank you for the hint.

1 Like

You probably want to concentrate your search efforts on that thing you called "memos app".

Or, better, concentrate on running a reverse proxy on Apache, as it seems your Apache isn't doing anything useful for that hostname anyway.


It's a simple app available via docker (, it's even has an SSL section in the installation manual, but I don't see why it would work differently to the thing that I did.

It's talking about nginx, but you have an Apache webserver running on port 443, so that's different.

Did you use the guide at Install with Docker<!-- --> - memos? Because that's using nginx as a reverse proxy..


I've installed the memos app using docker-run, not docker-composer.

Maybe that tiny bit of information says everything to other people, but for me, it doesn't provide any information I'm afraid.


Thank you for your help anyways.

1 Like

You might get more help by explaining how you actually installed 'memos app' and how it relates to your Apache.


As I mentioned, my knowledge in SSH/VPS/Apache is very poor. I did the following steps:

  1. Installed Docker on my Oracle VPS with Ubuntu
  2. Installed memosapp via Docker, using the following code:
docker run -d \
  --init \
  --name memos \
  --publish 5230:5230 \
  --volume ~/.memos/:/var/opt/memos \
  1. Installed SSL Certificate using Certbot for the domain that I wish to use:

And Apache?


If you are asking for the version, it's Apache/2.4.52 (Ubuntu)

No, I'm wondering where it came from, what it's doing, if you're familiar with it. As you could use it as a reverse proxy for your memo software.


I tried to do some reverse proxy using chat gpt, but it still does not work :smiley:

We can help you but I'd want to advise (and ask) you to try to be more elaborative in your answers. For example, if you say "it still doesn't work", the first thing that springs into my mind is "what didn't work? what did you have before and what did you change? Why doesn't it work? Any errors? Incorrect behaviour?"

All those kind of things you could have thought of yourself and immediately provided in your post. By just answering "it still doesn't work" you're putting all the effort on the volunteers of this Community, while it, IMO, should be the other way around. You do not require specialised knowledge to answer basic, generic debugging questions as "what did you have before and how did you change it".


Apologies, you are right. It's just because I'm jumping between hundreds of sources regarding this topic.

What I've meant when said "it still doesn't work" = still cannot access the memos app via ssl, it is only available through http (not https as is my goal).

I've tried to do reverse proxy with Apache using the help of ChatGPT.

Step 1. sudo a2enmod proxy proxy_http proxy_ssl ssl
The result answer from the VPS:

Module proxy already enabled
Considering dependency proxy for proxy_http:
Module proxy already enabled
Module proxy_http already enabled
ERROR: Module proxy_ssl does not exist!
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled

Step 2. Tried to configure the virtual host by creating a new configuration file

sudo nano /etc/apache2/sites-available/

and set inside the file

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/
    SSLCertificateKeyFile /etc/letsencrypt/live/
    ProxyPass / http://MY-SERVER-IP:5230/
    ProxyPassReverse / http://MY-SERVER-IP:5230/

Step 3. Creating a symbolic link to the configuration file:

sudo a2ensite

Step 4. Restart Apache for the changes to take effect:

sudo systemctl restart apache2

All those actions bring absolutely no change to the inital state. App available on is still not available through https.

You should not expect that URL, directly on port 5230, to change. If you're connecting directly to 5230, Apache is not involved. And if Apache is not involved, but you're changing something only in Apache, than you shouldn't also expect anything to change on port 5230.

Could you please share the output of the command:

apache2ctl -t DUMP_VHOSTS

Or on some systems you'd need to use

apachectl -t DUMP_VHOSTS