diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json
index 61f0f5ad..655f788d 100644
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -86,13 +86,14 @@
             "statsevents": { "type": "integer", "default": 2592000, "description": "Amount of time in seconds that server statistics are kept in the database." }
           }
         },
-        "port": { "type": "integer", "minimum": 1, "maximum": 65535, "default": 443 },
+        "port": { "type": "integer", "minimum": 1, "maximum": 65535, "default": 443, "description": "Ths port of the main HTTPS server." },
         "portBind": { "type": "string", "description": "When set, bind the HTTPS main port to a specific network address." },
-        "aliasPort": { "type": "integer", "minimum": 1, "maximum": 65535, "default": null },
-        "redirPort": { "type": "integer", "minimum": 1, "maximum": 65535, "default": 80 },
+        "aliasPort": { "type": "integer", "minimum": 1, "maximum": 65535, "default": null, "description": "The actual main port as seen externally on the Internet, this setting is often used when a reverse-proxy is used." },
+        "redirPort": { "type": "integer", "minimum": 0, "maximum": 65535, "default": 80, "description": "This is a HTTP web server port that mostly redirects users to the HTTPS port but does provide some other servces, 0 will turn this port off." },
         "redirPortBind": { "type": "string", "description": "When set, bind the HTTP redirection port to a specific network address." },
-        "redirAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 },
-        "relayPort": { "type": "integer", "minimum": 1, "maximum": 65535, "default": null, "description": "When set, a web relay web server is bound to this port and will allow user access to remote web sites." },
+        "redirAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535, "description": "The actual redirection port as seen externally on the Internet, this setting is often used when a reverse-proxy is used." },
+        "relayPort": { "type": "integer", "minimum": 0, "maximum": 65535, "default": 0, "description": "When set, a web relay web server is bound to this port and will allow user access to remote web sites." },
+        "relayAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535, "default": null, "description": "The actual relay port as seen externally on the Internet, this setting is often used when a reverse-proxy is used." },
         "relayDNS": { "type": "string", "default": null, "description": "When set, relayPort valie is ignored. Set this to a DNS name the points to this server. When the server is accessed using the DNS name, the main web server port is used as a web relay port."  },
         "agentPort": { "type": "integer", "minimum": 1, "maximum": 65535, "description": "When set, enabled a new HTTPS server port that only accepts agent connections." },
         "agentPortBind": { "type": "string", "description": "When set, binds the agent port to a specific network interface." },
diff --git a/sample-config-advanced.json b/sample-config-advanced.json
index 238a3e97..caf6769e 100644
--- a/sample-config-advanced.json
+++ b/sample-config-advanced.json
@@ -30,6 +30,7 @@
     "_redirPortBind": "127.0.0.1",
     "_redirAliasPort": 80,
     "_relayPort": 453,
+    "_relayAliasPort": 463,
     "_relayDNS": "relay.myserver.mydomain.com",
     "_agentPort": 1234,
     "_agentPortBind": "127.0.0.1",
diff --git a/webrelayserver.js b/webrelayserver.js
index 15d7334c..25355740 100644
--- a/webrelayserver.js
+++ b/webrelayserver.js
@@ -239,18 +239,18 @@ module.exports.CreateWebRelayServer = function (parent, db, args, certificates,
         if (port == 0 || port == 65535) { return; }
         if (obj.tlsServer != null) {
             if (args.lanonly == true) {
-                obj.tcpServer = obj.tlsServer.listen(port, addr, function () { console.log('MeshCentral HTTPS relay server running on port ' + port + ((args.aliasport != null) ? (', alias port ' + args.aliasport) : '') + '.'); });
+                obj.tcpServer = obj.tlsServer.listen(port, addr, function () { console.log('MeshCentral HTTPS relay server running on port ' + port + ((typeof args.relayaliasport == 'number') ? (', alias port ' + args.relayaliasport) : '') + '.'); });
             } else {
-                obj.tcpServer = obj.tlsServer.listen(port, addr, function () { console.log('MeshCentral HTTPS relay server running on ' + certificates.CommonName + ':' + port + ((args.aliasport != null) ? (', alias port ' + args.aliasport) : '') + '.'); });
+                obj.tcpServer = obj.tlsServer.listen(port, addr, function () { console.log('MeshCentral HTTPS relay server running on ' + certificates.CommonName + ':' + port + ((typeof args.relayaliasport == 'number') ? (', alias port ' + args.relayaliasport) : '') + '.'); });
                 obj.parent.updateServerState('servername', certificates.CommonName);
             }
             if (obj.parent.authlog) { obj.parent.authLog('https', 'Web relay server listening on ' + ((addr != null) ? addr : '0.0.0.0') + ' port ' + port + '.'); }
             obj.parent.updateServerState('https-relay-port', port);
-            if (args.aliasport != null) { obj.parent.updateServerState('https-relay-aliasport', args.aliasport); }
+            if (typeof args.relayaliasport == 'number') { obj.parent.updateServerState('https-relay-aliasport', args.relayaliasport); }
         } else {
-            obj.tcpServer = obj.app.listen(port, addr, function () { console.log('MeshCentral HTTP relay server running on port ' + port + ((args.aliasport != null) ? (', alias port ' + args.aliasport) : '') + '.'); });
+            obj.tcpServer = obj.app.listen(port, addr, function () { console.log('MeshCentral HTTP relay server running on port ' + port + ((typeof args.relayaliasport == 'number') ? (', alias port ' + args.relayaliasport) : '') + '.'); });
             obj.parent.updateServerState('http-relay-port', port);
-            if (args.aliasport != null) { obj.parent.updateServerState('http-relay-aliasport', args.aliasport); }
+            if (typeof args.relayaliasport == 'number') { obj.parent.updateServerState('http-relay-aliasport', args.relayaliasport); }
         }
         obj.port = port;
     }
diff --git a/webserver.js b/webserver.js
index a54b6ace..a80e1c89 100644
--- a/webserver.js
+++ b/webserver.js
@@ -2864,7 +2864,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                     webstate: encodeURIComponent(webstate).replace(/'/g, '%27'),
                     amtscanoptions: amtscanoptions,
                     pluginHandler: (parent.pluginHandler == null) ? 'null' : parent.pluginHandler.prepExports(),
-                    webRelayPort: ((typeof args.relaydns == 'string') ? args.port : ((parent.webrelayserver != null) ? parent.webrelayserver.port : 0)),
+                    webRelayPort: ((typeof args.relaydns == 'string') ? args.port : ((parent.webrelayserver != null) ? ((typeof args.relayaliasport == 'number') ? args.relayaliasport : parent.webrelayserver.port) : 0)),
                     webRelayDns: ((typeof args.relaydns == 'string') ? args.relaydns : '')
                 }, dbGetFunc.req, domain), user);
             }
@@ -7128,16 +7128,22 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
         obj.args.port = port;
         if (obj.tlsServer != null) {
             if (obj.args.lanonly == true) {
-                obj.tcpServer = obj.tlsServer.listen(port, addr, function () { console.log('MeshCentral HTTPS server running on port ' + port + ((args.aliasport != null) ? (', alias port ' + args.aliasport) : '') + '.'); });
+                obj.tcpServer = obj.tlsServer.listen(port, addr, function () { console.log('MeshCentral HTTPS server running on port ' + port + ((typeof args.aliasport == 'number') ? (', alias port ' + args.aliasport) : '') + '.'); });
             } else {
-                obj.tcpServer = obj.tlsServer.listen(port, addr, function () { console.log('MeshCentral HTTPS server running on ' + certificates.CommonName + ':' + port + ((args.aliasport != null) ? (', alias port ' + args.aliasport) : '') + '.'); });
+                obj.tcpServer = obj.tlsServer.listen(port, addr, function () {
+                    console.log('MeshCentral HTTPS server running on ' + certificates.CommonName + ':' + port + ((typeof args.aliasport == 'number') ? (', alias port ' + args.aliasport) : '') + '.');
+                    if (typeof args.relaydns == 'string') { console.log('MeshCentral HTTPS relay server running on ' + args.relaydns + ':' + port + ((typeof args.aliasport == 'number') ? (', alias port ' + args.aliasport) : '') + '.'); }
+                });
                 obj.parent.updateServerState('servername', certificates.CommonName);
             }
             if (obj.parent.authlog) { obj.parent.authLog('https', 'Server listening on ' + ((addr != null) ? addr : '0.0.0.0') + ' port ' + port + '.'); }
             obj.parent.updateServerState('https-port', port);
             if (args.aliasport != null) { obj.parent.updateServerState('https-aliasport', args.aliasport); }
         } else {
-            obj.tcpServer = obj.app.listen(port, addr, function () { console.log('MeshCentral HTTP server running on port ' + port + ((args.aliasport != null) ? (', alias port ' + args.aliasport) : '') + '.'); });
+            obj.tcpServer = obj.app.listen(port, addr, function () {
+                console.log('MeshCentral HTTP server running on port ' + port + ((typeof args.aliasport == 'number') ? (', alias port ' + args.aliasport) : '') + '.');
+                if (typeof args.relaydns == 'string') { console.log('MeshCentral HTTP relay server running on ' + args.relaydns + ':' + port + ((typeof args.aliasport == 'number') ? (', alias port ' + args.aliasport) : '') + '.'); }
+            });
             obj.parent.updateServerState('http-port', port);
             if (args.aliasport != null) { obj.parent.updateServerState('http-aliasport', args.aliasport); }
         }