Boringproxy on a cPanel site - skip LetsEncrypt

I have a working cPanel VPS and so I already have SSL certificates and working web sites on ports 80 and 443. I want to put the boringproxy server on this site and use it to make tunnels to win pc or linux NAS (Synology) behind several mobile hotspots. Because they are hotspots they have CGNAT.
When I install the code on /home/username/public_html and run boringproxy it says ports 80 and 443 are not found and that also the LetsEncypt section fails after I provide the admin domain. That domain exists by setting up in the cPanel menus for subdomains. I can view the subdomain in a browser. Therefore I do not get to have a token or a login option stage. Having a flag to skip the port checks and the LetsEncrypt perhaps will make it work for me?

If you’re already using ports 80/443 for something else, you’ll need to use -http-port and -https-port to set the ports used by boringproxy. You might also want to use -behind-proxy. Run with boringproxy server -h to see all options.

boringproxy isn’t really designed to be used behind other reverse proxies. I’ve added various bits to help people accomplish this, but it’s always been a second class citizen. You might have some luck looking through old GitHub issues:

There are several related to this. Try searching for “nginx” for example.

I have no other reverse proxies. Just normal web pages on 80 and 443.

What software are you using to serve the pages?

boringproxy requires TLS to work. So you either need to let it handle TLS itself (which I recommend) or you need to properly set it up behind another reverse proxy that handles TLS.

Server Version: Apache/2.4.54 (cPanel) OpenSSL/1.1.1o mod_bwlimited/1.4
Server MPM: prefork
Server Built: Jun 14 2022 12:32:29

OK I ran
./boringproxy server -http-port 8001 -https-port 8002 -admin-domain bpserver.xxxx.yyy -behind-proxy -allow-http
This created a token which I found in the json file. Used that
http://bpserver.xxxx.yyy:8001/login?access_token=(the one in json file)
and I get a login page but the url is now http://bpserver.xxxx.yyy:8001/tunnels
I do not see the Tunnels page from your video.
So its progress.

I think this is related to this issue here:

Any time you’re accessing boringproxy, it needs to be an HTTPS URL. Those HTTP URLs in your example won’t work. It should be possible to have the TLS terminated by another server (Apache in your case), but there has to be HTTPS somewhere.

Note that I currently don’t think supporting HTTP for the admin domain makes any sense, but I’m open to hearing alternatives viewpoints.