Removing :8443 from Jamf Pro URL

New Contributor II

I’ve searched this already and I know there are answers on here, but nothing really that fits our exact scenario.

Currently our Jamf Pro url is which for our organisation has been fine. We now have some MacBooks deployed in a clients site, which does not allow traffic out of port 8443 which means they cannot check in and we can’t push policies.

We have set up a second minimal server in our DMZ but only after realised that the machines in our remote site can’t send traffic out of port 8443.

I would like to change our jamf url to use port 443, which would make our Jamf Pro url We already have a wildcard ssl cert for configured on both the main server and the DMZ server.

I know this can be done by configuring virtual hosts on the tomcat server, also can be done using authbind. But I can’t seem to find detailed instructions on how to change this. If you have any that would be a god send

We have 21 MacOS devices enrolled, they were all enrolled via DEP and have MDM profiles installed, I really do not want to have to reenrol these devices as they are all deployed. Would changing the url in this manner require reenrolling each device? I have read that the JSS url in the mdm profile cannot be changed and requires the mdm profile to be reinstalled, is this really the case? And if so can this be done via a policy?

Both servers are running on centOS 7. Any help would be greatly appreciated.

TL:DR: I want to remove the port number from our JSS url. But do not want to have to reenrol any devices and not sure which method to use change from 8443 to 443.


Valued Contributor

@anayat.chowdhury What about redirecting port 443 to 8443? That way you only need to change the Macs on the site of the client. There is a thread about this: Linux JSS, Change port from 8443 to 443.

To change the clients you just change the jss_url value in /Library/Preferences/com.jamfsoftware.jamf.plist

Valued Contributor

I think if you change the URL, you'll need to re-enroll those devices. You might be able to do some port forwarding on both sides to forward 8443 to like 8787 or something out of the client site, then anything coming in to the server on port 8787 can be forwarded back to 8443. That gets pretty messy.
FWIW Re-enrolling 21 devices is not that big of a deal.