SSH to the host and run the command below. This will NAT traffic on port 443 to 8006. You can change these numbers for different ports if needed.
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8006
This will not persist after a reboot. You can install iptables-persistent to keep the rule.
apt install iptables-persistent
If you already have iptables-persistent installed or you made the rule after installing it you can run iptables-save to save the new rules.
iptables-save > /etc/iptables/rules.v4
This rule will only redirect 443 to 8006 which is already using HTTPS. It will not encrypt or redirect port 80 HTTP traffic. You'll need to use a reverse proxy or something similar to do that. Most browsers default to HTTPS these days so I'm not worried about HTTP.
Here's a breakdown of the command if you're interested.
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8006
| -t | table (--table) for this rule. The command uses the nat table. |
| -A | Append (--append) the rule to the PREROUTING chain. |
| -p | Protocol (--protocol) for the rule. The command uses tcp. |
| -dport | destination port for the rule. The (incoming packet's) destination is 443. |
| -j | jump - action to take if the rule matches. This rule is a REDIRECT. Redirect needs to be in caps but that doesn't make it louder. |
| --to-ports | Part of prerouting/nat. Specify what port(s) the traffic should be redirected to. This rule sends the traffic to port 8006 on the target (proxmox host). |