There are times when I have to deploy a web application that is so short lived it's inefficient to do anything else than just deploy it without containerization or Nginx rules that will be immediately removed. But... I still want that clean domain name without a port number.
So to make that ugly https://webapp.athielen.com:8443 to https://webapp.athielen.com, let's do some iptable editing.
# Lets add rules to allow the four ports we're playing with (8443, 8080, 443, 80)
sudo iptables -I INPUT 1 -p tcp --dport 8443 -j ACCEPT
sudo iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT
sudo iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
# Let's set the ports to route to the correct port
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443
# Save our newly added iptable rules
sh -c "iptables-save > /etc/iptables.rules"
# Persistent iptables on restart by install correct program
apt-get install iptables-persistent
# For good measure, double check the iptables to see the rules are there
iptables -L -n
Little too complex for 2020?
Now if you're one of the cool kids (metaphorically speaking) that use newer distributions of linux that are commonly used in production setups (i.e. CentOS 7+, RHEL 7+, Fedora 18+, etc), this is trivial with the adoption of firewalld, a front-end for iptables. With firewalld comes firewall-cmd, a nice little cli tool that handles iptable configuration for us.
So the above commands turn into this:
# add ports
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=443/tcp --permanent
# forward ports
sudo firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=127.0.0.1:toport=8080 --permanent
sudo firewall-cmd --add-forward-port=port=443:proto=tcp:toaddr=127.0.0.1:toport=8443 --permanent
# source new modifications
sudo firewall-cmd --reload