diff --git a/Dockerfile b/Dockerfile
index 7f34cd1..45e31af 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -40,7 +40,7 @@ USER appuser
 
 ENV TZ=Asia/Jakarta
 
-EXPOSE 2200 80 443
+EXPOSE 2200 80 8443
 
 LABEL org.opencontainers.image.title="Tunnel Please" \
       org.opencontainers.image.description="SSH-based tunnel server"
diff --git a/README.md b/README.md
index 69bd86e..e1b8e26 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,7 @@ The following environment variables can be configured in the `.env` file:
 |----------|-------------|---------|----------|
 | `DOMAIN` | Domain name for subdomain routing | `localhost` | No |
 | `PORT` | SSH server port | `2200` | No |
+| `HTTPS_PORT` | HTTPS server port | `8443` | No |
 | `TLS_ENABLED` | Enable TLS/HTTPS | `false` | No |
 | `TLS_REDIRECT` | Redirect HTTP to HTTPS | `false` | No |
 | `ACME_EMAIL` | Email for Let's Encrypt registration | `admin@<DOMAIN>` | No |
diff --git a/server/https.go b/server/https.go
index 2964d4f..fc08424 100644
--- a/server/https.go
+++ b/server/https.go
@@ -14,13 +14,14 @@ import (
 
 func NewHTTPSServer() error {
 	domain := utils.Getenv("DOMAIN", "localhost")
+	httpsPort := utils.Getenv("HTTPS_PORT", "8443")
 
 	tlsConfig, err := NewTLSConfig(domain)
 	if err != nil {
 		return fmt.Errorf("failed to initialize TLS config: %w", err)
 	}
 
-	ln, err := tls.Listen("tcp", ":443", tlsConfig)
+	ln, err := tls.Listen("tcp", ":"+httpsPort, tlsConfig)
 	if err != nil {
 		return err
 	}